Vulnerabilities > Synology > Surveillance Station > High

DATE CVE VULNERABILITY TITLE RISK
2024-03-28 CVE-2024-29238 Unspecified vulnerability in Synology Surveillance Station
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors.
network
low complexity
synology
8.8
8.8
2024-03-28 CVE-2024-29239 Unspecified vulnerability in Synology Surveillance Station
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Recording.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.
network
low complexity
synology
8.8
8.8
2024-03-28 CVE-2024-29241 Unspecified vulnerability in Synology Surveillance Station
Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors.
network
low complexity
synology
8.8
8.8
2024-03-28 CVE-2024-29227 Unspecified vulnerability in Synology Surveillance Station
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Layout.LayoutSave webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors.
network
low complexity
synology
8.8
8.8