Synology Security Advisories SA-24:18 and SA-24:19 on Revolved Vulnerabilities

Synology, Inc. had published 2 security advisories concerning revolved vulnerabilities in BeePhotos and Synology Photos.

Synology-SA-24:18 BeePhotos (PWN2OWN 2024)

Publish Time: 2024-10-25 13:51:53 UTC+8
Last Updated: 2024-10-25 13:53:34 UTC+8
Severity: Critical
Status: Resolved

Abstract
A vulnerability allows remote attackers to execute arbitrary code.
The vulnerability reported by PWN2OWN 2024 (ZDI-CAN-25623) has been addressed.

Affected Products

Product	Severity	Fixed release availability
BeePhotos for BeeStation OS 1.1	Critical	Upgrade to 1.1.0-10053 or above
BeePhotos for BeeStation OS 1.0	Critical	Upgrade to 1.0.2-10026 or above

Mitigation: None

Detail: Reserved

Revision

Revision	Date	Description
1	2024-10-25	Initial public release

Synology-SA-24:19 Synology Photos (PWN2OWN 2024)

Publish Time: 2024-10-25 13:55:04 UTC+8
Last Updated: 2024-10-25 13:55:04 UTC+8
Severity: Critical
Status: Resolved

Abstract
A vulnerability allows remote attackers to execute arbitrary code.
The vulnerability reported by PWN2OWN 2024 (ZDI-CAN-25623) has been addressed.

Affected Products