CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-29233
https://notcve.org/view.php?id=CVE-2024-29233
28 Mar 2024 — Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Emap.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ('Inyección SQL') en Emap. El componente webapi Emap.Delet en Synology Surveillance Station anterior a 9.2.0-9289 y 9.2.0-11289 permit... • https://www.synology.com/en-global/security/advisory/Synology_SA_24_04 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-29232
https://notcve.org/view.php?id=CVE-2024-29232
28 Mar 2024 — Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Alert.Enum webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. La neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ("Inyección SQL") en el componente webapi Alert.Enum en Synology Surveillance Station anterior a 9.2.0-11289 y 9.2.0-9289 permite a ... • https://www.synology.com/en-global/security/advisory/Synology_SA_24_04 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-29231
https://notcve.org/view.php?id=CVE-2024-29231
28 Mar 2024 — Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors. La validación incorrecta de la vulnerabilidad del índice de matriz en el componente webapi UserPrivilege.Enum en Synology Surveillance Station anterior a 9.2.0-9289 y 9.2.0-11289 permite a los usuarios autenticados remotamente eludir las restricciones de seguridad a ... • https://www.synology.com/en-global/security/advisory/Synology_SA_24_04 • CWE-129: Improper Validation of Array Index •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-29230
https://notcve.org/view.php?id=CVE-2024-29230
28 Mar 2024 — Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in SnapShot.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. La neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ("Inyección SQL") en el componente webapi SnapShot.CountByCategory en Synology Surveillance Station anterior a 9.2.0-9... • https://www.synology.com/en-global/security/advisory/Synology_SA_24_04 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-29229
https://notcve.org/view.php?id=CVE-2024-29229
28 Mar 2024 — Missing authorization vulnerability in GetLiveViewPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors. Vulnerabilidad de autorización faltante en el componente webapi GetLiveViewPath en Synology Surveillance Station anterior a 9.2.0-9289 y 9.2.0-11289 permite a usuarios autenticados remotamente obtener información confidencial a través de vectores no especificados. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_04 • CWE-862: Missing Authorization •
CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-29228
https://notcve.org/view.php?id=CVE-2024-29228
28 Mar 2024 — Missing authorization vulnerability in GetStmUrlPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors. Vulnerabilidad de autorización faltante en el componente webapi GetStmUrlPath en Synology Surveillance Station anterior a 9.2.0-9289 y 9.2.0-11289 permite a usuarios autenticados remotamente obtener información confidencial a través de vectores no especificados. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_04 • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-29227
https://notcve.org/view.php?id=CVE-2024-29227
28 Mar 2024 — Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Layout.LayoutSave webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. La neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ("Inyección SQL") en Layout.LayoutSave webapi component in Synology Surveillance Station anterior a 9.2.0-9289 y 9.2.0-11289 ... • https://www.synology.com/en-global/security/advisory/Synology_SA_24_04 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2021-38687 – Stack Overflow Vulnerability in Surveillance Station
https://notcve.org/view.php?id=CVE-2021-38687
29 Dec 2021 — A stack buffer overflow vulnerability has been reported to affect QNAP NAS running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of Surveillance Station: QTS 5.0.0 (64 bit): Surveillance Station 5.2.0.4.2 ( 2021/10/26 ) and later QTS 5.0.0 (32 bit): Surveillance Station 5.2.0.3.2 ( 2021/10/26 ) and later QTS 4.3.6 (64 bit): Surveillance Station 5.1.5.4.6 ( 2021/10/26 ) and later QTS 4.3.6 ... • https://www.qnap.com/en/security-advisory/qsa-21-46 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-28797 – Stack Buffer Overflow in Surveillance Station
https://notcve.org/view.php?id=CVE-2021-28797
14 Apr 2021 — A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS) Surveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS) Se ha reportado una vulnerabilidad de desbordamiento... • https://www.qnap.com/en/security-advisory/qsa-21-07 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 3%CPEs: 3EXPL: 1CVE-2020-2501 – Stack Buffer Overflow in Surveillance Station
https://notcve.org/view.php?id=CVE-2020-2501
17 Feb 2021 — A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS) Surveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS) Se ha reportado una vulnerabilidad de desbordamiento... • https://github.com/Alonzozzz/alonzzzo • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •