Vulnerabilities > Synology > Surveillance Station > 8.2.3.5828
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-28 | CVE-2024-29236 | Unspecified vulnerability in Synology Surveillance Station Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in AudioPattern.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. | 8.8 |
| 2024-03-28 | CVE-2024-29237 | Unspecified vulnerability in Synology Surveillance Station Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in ActionRule.Delete webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. | 8.8 |
| 2024-03-28 | CVE-2024-29238 | Unspecified vulnerability in Synology Surveillance Station Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. | 8.8 |
| 2024-03-28 | CVE-2024-29239 | Unspecified vulnerability in Synology Surveillance Station Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Recording.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. | 8.8 |
| 2024-03-28 | CVE-2024-29240 | Unspecified vulnerability in Synology Surveillance Station Missing authorization vulnerability in LayoutSave webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors. | 6.5 |
| 2024-03-28 | CVE-2024-29241 | Unspecified vulnerability in Synology Surveillance Station Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors. | 8.8 |
| 2024-03-28 | CVE-2024-29227 | Unspecified vulnerability in Synology Surveillance Station Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Layout.LayoutSave webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. | 8.8 |