Vulnerabilities > Synology > Surveillance Station
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-28 | CVE-2024-29228 | Unspecified vulnerability in Synology Surveillance Station Missing authorization vulnerability in GetStmUrlPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors. | 7.7 |
| 2024-03-28 | CVE-2024-29229 | Unspecified vulnerability in Synology Surveillance Station Missing authorization vulnerability in GetLiveViewPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors. | 7.7 |
| 2024-03-28 | CVE-2024-29230 | Unspecified vulnerability in Synology Surveillance Station Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in SnapShot.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. | 8.8 |
| 2024-03-28 | CVE-2024-29231 | Unspecified vulnerability in Synology Surveillance Station Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors. | 8.8 |
| 2024-03-28 | CVE-2024-29232 | Unspecified vulnerability in Synology Surveillance Station Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Alert.Enum webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. | 8.8 |
| 2024-03-28 | CVE-2024-29233 | Unspecified vulnerability in Synology Surveillance Station Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Emap.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. | 8.8 |
| 2024-03-28 | CVE-2024-29234 | Unspecified vulnerability in Synology Surveillance Station Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Group.Save webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. | 8.8 |
| 2024-03-28 | CVE-2024-29235 | Unspecified vulnerability in Synology Surveillance Station Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in IOModule.EnumLog webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. | 8.8 |
| 2024-03-28 | CVE-2024-29236 | Unspecified vulnerability in Synology Surveillance Station Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in AudioPattern.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. | 8.8 |
| 2024-03-28 | CVE-2024-29237 | Unspecified vulnerability in Synology Surveillance Station Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in ActionRule.Delete webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. | 8.8 |