CVEDB API

Vulnerabilities

Vulnerable Software

Synology: >> Diskstation Manager Security Vulnerabilities

CVE-2024-29233

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Emap.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors.

CVSS Score

5.4

EPSS Score

0.003

Published

2024-03-28

CVE-2024-29234

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Group.Save webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.

CVSS Score

5.4

EPSS Score

0.003

Published

2024-03-28

CVE-2024-29232

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Alert.Enum webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.

CVSS Score

5.4

EPSS Score

0.003

Published

2024-03-28

CVE-2024-29231

Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors.

CVSS Score

5.4

EPSS Score

0.002

Published

2024-03-28

CVE-2024-29230

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in SnapShot.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors.

CVSS Score

5.4

EPSS Score

0.003

Published

2024-03-28

CVE-2024-29229

Missing authorization vulnerability in GetLiveViewPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors.

CVSS Score

7.7

EPSS Score

0.002

Published

2024-03-28

CVE-2024-29228

Missing authorization vulnerability in GetStmUrlPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors.

CVSS Score

7.7

EPSS Score

0.002

Published

2024-03-28

CVE-2024-29227

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Layout.LayoutSave webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors.

CVSS Score

5.4

EPSS Score

0.003

Published

2024-03-28

CVE-2024-0854

URL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7, 7.1.1-42962-7 and 7.2.1-69057-2 allows remote authenticated users to conduct phishing attacks via unspecified vectors.

CVSS Score

5.4

EPSS Score

0.002

Published

2024-01-24

CVE-2023-2729

Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors.

CVSS Score

5.9

EPSS Score

0.003

Published

2023-06-13

Prev Next

Page 2

Vulnerabilities

Vulnerable Software

Synology: >> Diskstation Manager Security Vulnerabilities

Products

Pricing

Contact Us