Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synology vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-29229
Missing authorization vulnerability in GetLiveViewPath webapi component in Synology Surveillance Station prior to 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors.
NA
CVE-2024-29230
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in SnapShot.CountByCategory webapi component in Synology Surveillance Station prior to 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands ...
NA
CVE-2024-29231
Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station prior to 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors.
NA
CVE-2024-29232
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Alert.Enum webapi component in Synology Surveillance Station prior to 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecifie...
NA
CVE-2024-29233
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Emap.Delete webapi component in Synology Surveillance Station prior to 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecifi...
NA
CVE-2024-29234
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Group.Save webapi component in Synology Surveillance Station prior to 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecifie...
NA
CVE-2024-29235
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in IOModule.EnumLog webapi component in Synology Surveillance Station prior to 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unsp...
NA
CVE-2024-29236
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in AudioPattern.Delete webapi component in Synology Surveillance Station prior to 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via u...
NA
CVE-2024-29237
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in ActionRule.Delete webapi component in Synology Surveillance Station prior to 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via uns...
NA
CVE-2024-29238
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log.CountByCategory webapi component in Synology Surveillance Station prior to 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via u...
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »