60 matches found
CVE-2024-29239
Improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in Recording.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information...
CVE-2024-29238
Improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in Log.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing non-sensitive information and...
CVE-2024-29235
Improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in IOModule.EnumLog webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and...
CVE-2024-29235
Improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in IOModule.EnumLog webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and...
CVE-2024-29232
Improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in Alert.Enum webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and conduct...
CVE-2024-29241
The CVE-2024-29241 issue affects Synology Surveillance Station’s System webapi component. A missing authorization vulnerability permits remote authenticated users to access non-sensitive information, and to write sensitive DSM configurations or trigger reboot/shutdown of the NAS via unspecified v...
CVE-2024-29239
Summary (CVE-2024-29239) : A SQL injection vulnerability exists in the Recording.CountByCategory webapi component of Synology Surveillance Station prior to 9.2.0-11289 and 9.2.0-9289. The issue stems from improper neutralization of special elements in SQL commands, enabling remote authenticated u...
CVE-2024-29236
Improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in AudioPattern.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing non-sensitive information and...
CVE-2024-29236
Synology Surveillance Station is affected by CVE-2024-29236 due to an SQL injection vulnerability in the AudioPattern.Delete webapi component. The flaw arises from improper neutralization of special elements used in SQL commands, enabling remote authenticated users to read the database and cause ...
CVE-2024-29227
Synology Surveillance Station is affected by an SQL injection in the Layout.LayoutSave webapi component. The issue, present in versions prior to 9.2.0-9289 and prior to 9.2.0-11289, can be exploited by remote authenticated users to read database contents (non-sensitive data) and may enable a limi...
Synology Surveillance Station 安全漏洞
Synology Surveillance Station is an application from Synology, a Chinese company. It provides intelligent monitoring and video management tools to protect your valuable assets. A security vulnerability previously existed in Synology Surveillance Station version 9.2.0-11289, which stemmed from an...
Synology Surveillance Station 安全漏洞
Synology Surveillance Station is an application from Synology, a Chinese company. It provides intelligent monitoring and video management tools to protect your valuable assets. A security vulnerability previously existed in Synology Surveillance Station version 9.2.0-11289, which stemmed from an...
PT-2024-22826 · Synology · Synology Surveillance Station
Name of the Vulnerable Software and Affected Versions: Synology Surveillance Station versions prior to 9.2.0-9289 Synology Surveillance Station versions prior to 9.2.0-11289 Description: The issue is related to an SQL Injection vulnerability in the SnapShot.CountByCategory webapi component. This...
PT-2024-22828 · Synology · Synology Surveillance Station
Name of the Vulnerable Software and Affected Versions: Synology Surveillance Station versions prior to 9.2.0-11289 Synology Surveillance Station versions prior to 9.2.0-9289 Description: The issue is related to improper neutralization of special elements used in an SQL command, also known as 'SQL...
CVE-2022-27621
Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in webapi component in Synology USB Copy before 2.2.0-1086 allows remote authenticated users to read or write arbitrary files via unspecified vectors...
Path traversal
Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to download arbitrary files via unspecified vectors...
Path traversal
Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in webapi component in Synology Storage Analyzer before 2.1.0-0390 allows remote authenticated users to delete arbitrary files via unspecified vectors...
Path traversal
Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in webapi component in Synology SSO Server before 2.2.3-0331 allows remote authenticated users to read arbitrary files via unspecified vectors...
CVE-2022-27616
Improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability in webapi component in Synology DiskStation Manager DSM before 7.0.1-42218-3 allows remote authenticated users to execute arbitrary commands via unspecified vectors...
PT-2022-18526 · Synology · Synology Sso Server
Name of the Vulnerable Software and Affected Versions: Synology SSO Server versions prior to 2.2.3-0331 Description: The issue is related to a Path Traversal vulnerability in the webapi component, allowing remote authenticated users to read arbitrary files via unspecified vectors. Recommendations...