Vulnerabilities > Synology > High

DATE CVE VULNERABILITY TITLE RISK
2024-09-26 CVE-2022-49038 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Synology Drive Client
Inclusion of functionality from untrusted control sphere vulnerability in OpenSSL DLL component in Synology Drive Client before 3.3.0-15082 allows local users to execute arbitrary code via unspecified vectors.
local
low complexity
synology CWE-829
7.8
7.8
2024-09-26 CVE-2023-52946 Classic Buffer Overflow vulnerability in Synology Drive Client
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in vss service component in Synology Drive Client before 3.5.0-16084 allows remote attackers to overwrite trivial buffers and crash the client via unspecified vectors.
network
low complexity
synology CWE-120
8.2
8.2
2024-03-28 CVE-2024-29228 Unspecified vulnerability in Synology Surveillance Station
Missing authorization vulnerability in GetStmUrlPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors.
network
low complexity
synology
7.7
7.7
2024-03-28 CVE-2024-29229 Unspecified vulnerability in Synology Surveillance Station
Missing authorization vulnerability in GetLiveViewPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors.
network
low complexity
synology
7.7
7.7
2024-03-28 CVE-2024-29230 Unspecified vulnerability in Synology Surveillance Station
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in SnapShot.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors.
network
low complexity
synology
8.8
8.8
2024-03-28 CVE-2024-29231 Unspecified vulnerability in Synology Surveillance Station
Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors.
network
low complexity
synology
8.8
8.8
2024-03-28 CVE-2024-29232 Unspecified vulnerability in Synology Surveillance Station
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Alert.Enum webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.
network
low complexity
synology
8.8
8.8
2024-03-28 CVE-2024-29233 Unspecified vulnerability in Synology Surveillance Station
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Emap.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors.
network
low complexity
synology
8.8
8.8
2024-03-28 CVE-2024-29234 Unspecified vulnerability in Synology Surveillance Station
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Group.Save webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.
network
low complexity
synology
8.8
8.8
2024-03-28 CVE-2024-29235 Unspecified vulnerability in Synology Surveillance Station
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in IOModule.EnumLog webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.
network
low complexity
synology
8.8
8.8