CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-29233
https://notcve.org/view.php?id=CVE-2024-29233
28 Mar 2024 — Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Emap.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ('Inyección SQL') en Emap. El componente webapi Emap.Delet en Synology Surveillance Station anterior a 9.2.0-9289 y 9.2.0-11289 permit... • https://www.synology.com/en-global/security/advisory/Synology_SA_24_04 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-29232
https://notcve.org/view.php?id=CVE-2024-29232
28 Mar 2024 — Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Alert.Enum webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. La neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ("Inyección SQL") en el componente webapi Alert.Enum en Synology Surveillance Station anterior a 9.2.0-11289 y 9.2.0-9289 permite a ... • https://www.synology.com/en-global/security/advisory/Synology_SA_24_04 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-29231
https://notcve.org/view.php?id=CVE-2024-29231
28 Mar 2024 — Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors. La validación incorrecta de la vulnerabilidad del índice de matriz en el componente webapi UserPrivilege.Enum en Synology Surveillance Station anterior a 9.2.0-9289 y 9.2.0-11289 permite a los usuarios autenticados remotamente eludir las restricciones de seguridad a ... • https://www.synology.com/en-global/security/advisory/Synology_SA_24_04 • CWE-129: Improper Validation of Array Index •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-29230
https://notcve.org/view.php?id=CVE-2024-29230
28 Mar 2024 — Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in SnapShot.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. La neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ("Inyección SQL") en el componente webapi SnapShot.CountByCategory en Synology Surveillance Station anterior a 9.2.0-9... • https://www.synology.com/en-global/security/advisory/Synology_SA_24_04 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-29229
https://notcve.org/view.php?id=CVE-2024-29229
28 Mar 2024 — Missing authorization vulnerability in GetLiveViewPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors. Vulnerabilidad de autorización faltante en el componente webapi GetLiveViewPath en Synology Surveillance Station anterior a 9.2.0-9289 y 9.2.0-11289 permite a usuarios autenticados remotamente obtener información confidencial a través de vectores no especificados. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_04 • CWE-862: Missing Authorization •
CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-29228
https://notcve.org/view.php?id=CVE-2024-29228
28 Mar 2024 — Missing authorization vulnerability in GetStmUrlPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors. Vulnerabilidad de autorización faltante en el componente webapi GetStmUrlPath en Synology Surveillance Station anterior a 9.2.0-9289 y 9.2.0-11289 permite a usuarios autenticados remotamente obtener información confidencial a través de vectores no especificados. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_04 • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-29227
https://notcve.org/view.php?id=CVE-2024-29227
28 Mar 2024 — Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Layout.LayoutSave webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. La neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ("Inyección SQL") en Layout.LayoutSave webapi component in Synology Surveillance Station anterior a 9.2.0-9289 y 9.2.0-11289 ... • https://www.synology.com/en-global/security/advisory/Synology_SA_24_04 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16767
https://notcve.org/view.php?id=CVE-2017-16767
27 Feb 2018 — Cross-site scripting (XSS) vulnerability in User Profile in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to inject arbitrary web script or HTML via the userDesc parameter. Vulnerabilidad de Cross-Site Scripting (XSS) en User Profile en Synology Surveillance Station en versiones anteriores a la 8.1.2-5469 permite que atacantes remotos autenticados inyecten scripts web o HTML arbitrarios mediante el parámetro userDesc. • https://www.synology.com/en-global/support/security/Synology_SA_17_77 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16770
https://notcve.org/view.php?id=CVE-2017-16770
27 Feb 2018 — File and directory information exposure vulnerability in SYNO.SurveillanceStation.PersonalSettings.Photo in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to obtain other user's sensitive files via the filename parameter. Vulnerabilidad de exposición de información de archivos y directorios en SYNO.SurveillanceStation.PersonalSettings.Photo en Synology Surveillance Station, en versiones anteriores a la 8.1.2-5469, permite que usuarios autenticados remotos obtengan los arch... • https://www.synology.com/en-global/support/security/Synology_SA_17_77 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •