Synology Surveillance Station 8.2.2-5766

CPE Details

Synology Surveillance Station 8.2.2-5766
synology
surveillance_station
8.2.2-5766
2019-06-10
13h23 +00:00
2019-06-10
13h23 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:synology:surveillance_station:8.2.2-5766:*:*:*:*:*:*:*

Informations

Vendor

synology

Product

surveillance_station

Version

8.2.2-5766

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-29241 2024-03-28 06h28 +00:00 Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain non-sensitive information and write sensitive configurations in DSM via unspecified vectors.
9.9
Critical
CVE-2024-29240 2024-03-28 06h28 +00:00 Missing authorization vulnerability in LayoutSave webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to conduct limited denial-of-service attacks via unspecified vectors.
4.3
Medium
CVE-2024-29239 2024-03-28 06h28 +00:00 Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Recording.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.
5.4
Medium
CVE-2024-29238 2024-03-28 06h28 +00:00 Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.
5.4
Medium
CVE-2024-29237 2024-03-28 06h27 +00:00 Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in ActionRule.Delete webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.
5.4
Medium
CVE-2024-29236 2024-03-28 06h27 +00:00 Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in AudioPattern.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.
5.4
Medium
CVE-2024-29235 2024-03-28 06h26 +00:00 Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in IOModule.EnumLog webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.
5.4
Medium
CVE-2024-29234 2024-03-28 06h26 +00:00 Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Group.Save webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.
5.4
Medium
CVE-2024-29233 2024-03-28 06h25 +00:00 Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Emap.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.
5.4
Medium
CVE-2024-29232 2024-03-28 06h24 +00:00 Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Alert.Enum webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.
5.4
Medium
CVE-2024-29231 2024-03-28 06h23 +00:00 Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.
5.4
Medium
CVE-2024-29230 2024-03-28 06h22 +00:00 Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in SnapShot.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.
5.4
Medium
CVE-2024-29229 2024-03-28 06h19 +00:00 Missing authorization vulnerability in GetLiveViewPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors.
7.7
High
CVE-2024-29228 2024-03-28 06h13 +00:00 Missing authorization vulnerability in GetStmUrlPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors.
7.7
High
CVE-2024-29227 2024-03-28 06h08 +00:00 Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Layout.LayoutSave webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.
5.4
Medium
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.