Synology

Surveillance Station

19 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2024-29233

  • EPSS 0.25%
  • Veröffentlicht 28.03.2024 07:16:06
  • Zuletzt bearbeitet 04.08.2025 19:08:42

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Emap.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database c...

5.4

CVE-2024-29232

  • EPSS 0.25%
  • Veröffentlicht 28.03.2024 07:16:05
  • Zuletzt bearbeitet 04.08.2025 19:08:46

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Alert.Enum webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database co...

5.4

CVE-2024-29231

  • EPSS 0.37%
  • Veröffentlicht 28.03.2024 07:16:04
  • Zuletzt bearbeitet 04.08.2025 19:09:15

Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain non-sensitive information and conduct limited denia...

5.4

CVE-2024-29230

  • EPSS 0.25%
  • Veröffentlicht 28.03.2024 07:16:03
  • Zuletzt bearbeitet 04.08.2025 19:09:18

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in SnapShot.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to re...

7.7

CVE-2024-29229

  • EPSS 0.19%
  • Veröffentlicht 28.03.2024 07:16:02
  • Zuletzt bearbeitet 14.01.2025 20:12:23

Missing authorization vulnerability in GetLiveViewPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors.

7.7

CVE-2024-29228

  • EPSS 0.19%
  • Veröffentlicht 28.03.2024 07:16:00
  • Zuletzt bearbeitet 14.01.2025 20:11:42

Missing authorization vulnerability in GetStmUrlPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors.

5.4

CVE-2024-29227

  • EPSS 0.25%
  • Veröffentlicht 28.03.2024 07:15:59
  • Zuletzt bearbeitet 04.08.2025 19:09:20

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Layout.LayoutSave webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read data...

5.4

CVE-2017-16767

  • EPSS 0.19%
  • Veröffentlicht 27.02.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 03:16:56

Cross-site scripting (XSS) vulnerability in User Profile in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to inject arbitrary web script or HTML via the userDesc parameter.

6.5

CVE-2017-16770

  • EPSS 0.22%
  • Veröffentlicht 27.02.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 03:16:56

File and directory information exposure vulnerability in SYNO.SurveillanceStation.PersonalSettings.Photo in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to obtain other user's sensitive files via the filename para...