Vulnerabilities > Synology > Surveillance Station
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-28 | CVE-2024-29238 | Unspecified vulnerability in Synology Surveillance Station Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. | 8.8 |
| 2024-03-28 | CVE-2024-29239 | Unspecified vulnerability in Synology Surveillance Station Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Recording.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. | 8.8 |
| 2024-03-28 | CVE-2024-29240 | Unspecified vulnerability in Synology Surveillance Station Missing authorization vulnerability in LayoutSave webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors. | 6.5 |
| 2024-03-28 | CVE-2024-29241 | Unspecified vulnerability in Synology Surveillance Station Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors. | 8.8 |
| 2024-03-28 | CVE-2024-29227 | Unspecified vulnerability in Synology Surveillance Station Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Layout.LayoutSave webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. | 8.8 |
| 2018-02-27 | CVE-2017-16770 | Information Exposure vulnerability in Synology Surveillance Station File and directory information exposure vulnerability in SYNO.SurveillanceStation.PersonalSettings.Photo in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to obtain other user's sensitive files via the filename parameter. | 6.5 |
| 2018-02-27 | CVE-2017-16767 | Cross-site Scripting vulnerability in Synology Surveillance Station Cross-site scripting (XSS) vulnerability in User Profile in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to inject arbitrary web script or HTML via the userDesc parameter. | 5.4 |