Vulnerabilities > Synology
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-26 | CVE-2023-52950 | Missing Encryption of Sensitive Data vulnerability in Synology Active Backup for Business Agent Missing encryption of sensitive data vulnerability in login component in Synology Active Backup for Business Agent before 2.7.0-3221 allows adjacent man-in-the-middle attackers to obtain user credential via unspecified vectors. | 5.3 |
| 2024-03-28 | CVE-2024-29228 | Unspecified vulnerability in Synology Surveillance Station Missing authorization vulnerability in GetStmUrlPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors. | 7.7 |
| 2024-03-28 | CVE-2024-29229 | Unspecified vulnerability in Synology Surveillance Station Missing authorization vulnerability in GetLiveViewPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors. | 7.7 |
| 2024-03-28 | CVE-2024-29230 | Unspecified vulnerability in Synology Surveillance Station Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in SnapShot.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. | 8.8 |
| 2024-03-28 | CVE-2024-29231 | Unspecified vulnerability in Synology Surveillance Station Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors. | 8.8 |
| 2024-03-28 | CVE-2024-29232 | Unspecified vulnerability in Synology Surveillance Station Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Alert.Enum webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. | 8.8 |
| 2024-03-28 | CVE-2024-29233 | Unspecified vulnerability in Synology Surveillance Station Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Emap.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. | 8.8 |
| 2024-03-28 | CVE-2024-29234 | Unspecified vulnerability in Synology Surveillance Station Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Group.Save webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. | 8.8 |
| 2024-03-28 | CVE-2024-29235 | Unspecified vulnerability in Synology Surveillance Station Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in IOModule.EnumLog webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. | 8.8 |
| 2024-03-28 | CVE-2024-29236 | Unspecified vulnerability in Synology Surveillance Station Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in AudioPattern.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. | 8.8 |