Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synology vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-29228
Missing authorization vulnerability in GetStmUrlPath webapi component in Synology Surveillance Station prior to 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors.
NA
CVE-2024-29229
Missing authorization vulnerability in GetLiveViewPath webapi component in Synology Surveillance Station prior to 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors.
NA
CVE-2024-29230
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in SnapShot.CountByCategory webapi component in Synology Surveillance Station prior to 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands ...
NA
CVE-2024-29231
Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station prior to 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors.
NA
CVE-2024-29232
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Alert.Enum webapi component in Synology Surveillance Station prior to 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecifie...
NA
CVE-2024-29233
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Emap.Delete webapi component in Synology Surveillance Station prior to 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecifi...
NA
CVE-2024-29234
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Group.Save webapi component in Synology Surveillance Station prior to 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecifie...
NA
CVE-2024-29235
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in IOModule.EnumLog webapi component in Synology Surveillance Station prior to 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unsp...
NA
CVE-2024-29236
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in AudioPattern.Delete webapi component in Synology Surveillance Station prior to 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via u...
NA
CVE-2024-29237
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in ActionRule.Delete webapi component in Synology Surveillance Station prior to 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via uns...
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »