Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synology vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-29228
Missing authorization vulnerability in GetStmUrlPath webapi component in Synology Surveillance Station prior to 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors.
NA
CVE-2024-29229
Missing authorization vulnerability in GetLiveViewPath webapi component in Synology Surveillance Station prior to 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors.
NA
CVE-2024-29230
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in SnapShot.CountByCategory webapi component in Synology Surveillance Station prior to 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands ...
NA
CVE-2024-29231
Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station prior to 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors.
NA
CVE-2024-29232
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Alert.Enum webapi component in Synology Surveillance Station prior to 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecifie...
NA
CVE-2024-29233
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Emap.Delete webapi component in Synology Surveillance Station prior to 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecifi...
NA
CVE-2024-29234
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Group.Save webapi component in Synology Surveillance Station prior to 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecifie...
NA
CVE-2024-29235
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in IOModule.EnumLog webapi component in Synology Surveillance Station prior to 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unsp...
NA
CVE-2024-29236
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in AudioPattern.Delete webapi component in Synology Surveillance Station prior to 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via u...
NA
CVE-2024-29237
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in ActionRule.Delete webapi component in Synology Surveillance Station prior to 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via uns...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-26978
CVE-2024-26982
wireless
CVE-2023-6949
CVE-2024-26980
CVE-2024-32766
CVE-2024-26939
cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »