223 matches found
CVE-2024-29237
Improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in ActionRule.Delete webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and...
CVE-2024-29235
Improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in IOModule.EnumLog webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and...
CVE-2024-29235
Improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in IOModule.EnumLog webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and...
CVE-2024-29233
Improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in Emap.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing non-sensitive information and conduct...
CVE-2024-29234
Improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in Group.Save webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and conduct...
CVE-2024-29232
Improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in Alert.Enum webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and conduct...
CVE-2024-29231
Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors...
CVE-2024-29228
Missing authorization vulnerability in GetStmUrlPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors...
CVE-2024-29227
Improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in Layout.LayoutSave webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing non-sensitive information and...
CVE-2024-29241
The CVE-2024-29241 issue affects Synology Surveillance Station’s System webapi component. A missing authorization vulnerability permits remote authenticated users to access non-sensitive information, and to write sensitive DSM configurations or trigger reboot/shutdown of the NAS via unspecified v...
CVE-2024-29241
Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain non-sensitive information, write sensitive configurations in DSM, and reboot or shutdown NAS via unspecified vectors...
CVE-2024-29240
Synology Surveillance Station contains a missing authorization vulnerability in the LayoutSave webapi component that can be triggered by remote authenticated users to cause a limited denial-of-service. Affected versions are prior to 9.2.0-11289 and prior to 9.2.0-9289. Remediation: update to 9.2....
CVE-2024-29239
Summary (CVE-2024-29239) : A SQL injection vulnerability exists in the Recording.CountByCategory webapi component of Synology Surveillance Station prior to 9.2.0-11289 and 9.2.0-9289. The issue stems from improper neutralization of special elements in SQL commands, enabling remote authenticated u...
CVE-2024-29237
CVE-2024-29237 describes an SQL injection vulnerability in the ActionRule.Delete webapi component of Synology Surveillance Station. The issue affects versions prior to 9.2.0-11289 and 9.2.0-9289. When exploited by a remote authenticated attacker, it could allow reading data from the database cont...
CVE-2024-29237
Improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in ActionRule.Delete webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and...
CVE-2024-29236
Improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in AudioPattern.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing non-sensitive information and...
CVE-2024-29236
Synology Surveillance Station is affected by CVE-2024-29236 due to an SQL injection vulnerability in the AudioPattern.Delete webapi component. The flaw arises from improper neutralization of special elements used in SQL commands, enabling remote authenticated users to read the database and cause ...
CVE-2024-29234
Improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in Group.Save webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and conduct...
CVE-2024-29232
Improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in Alert.Enum webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and conduct...
CVE-2024-29231
Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors...