Skip to main content

Video Station

17 CVEs product

Monthly

CVE-2024-14025 MEDIUM This Month

An SQL injection vulnerability has been reported to affect Video Station. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to execute unauthorized code or commands.

SQLi Video Station
NVD VulDB
CVSS 3.1
6.7
EPSS
0.0%
CVE-2024-14024 MEDIUM This Month

An improper certificate validation vulnerability has been reported to affect Video Station. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to compromise the security of the system.

Information Disclosure Video Station
NVD VulDB
CVSS 3.1
6.7
EPSS
0.0%
CVE-2024-56804 HIGH PATCH This Week

An SQL injection vulnerability has been reported to affect Video Station. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Video Station 5.8.4 and later

SQLi Video Station
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-41288 HIGH This Week

An OS command injection vulnerability has been reported to affect Video Station. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Video Station
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-41287 MEDIUM This Month

A SQL injection vulnerability has been reported to affect Video Station. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Video Station
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-34977 MEDIUM This Month

A cross-site scripting (XSS) vulnerability has been reported to affect Video Station. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Video Station
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-34976 HIGH This Week

A SQL injection vulnerability has been reported to affect Video Station. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Video Station
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-34975 HIGH This Week

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Command Injection Video Station
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-28812 HIGH This Week

A command injection vulnerability has been reported to affect certain versions of Video Station. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Command Injection Video Station
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-33181 CRITICAL Act Now

Server-Side Request Forgery (SSRF) vulnerability in webapi component in Synology Video Station before 2.4.10-1632 allows remote authenticated users to send arbitrary request to intranet resources via. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology SSRF Video Station
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2019-7184 MEDIUM This Month

This cross-site scripting (XSS) vulnerability in Video Station allows remote attackers to inject and execute scripts on the administrator’s management console. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Qnap Video Station
NVD
CVSS 3.1
4.8
EPSS
1.5%
CVE-2017-13071 CRITICAL Act Now

QNAP has already patched this vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qnap Command Injection Video Station
NVD
CVSS 3.0
9.8
EPSS
0.9%
CVE-2017-9556 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Video Metadata Editor in Synology Video Station before 2.3.0-1435 allows remote authenticated attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology Video Station
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2015-9105 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Synology Video Station 1.2 before 1.2-0455, 1.5 before 1.5-0772, and 1.6 before 1.6-0847 allow remote authenticated attackers to inject. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology Video Station
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2015-6912 CRITICAL POC THREAT Emergency

Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary shell commands via shell metacharacters in the subtitle_codepage parameter to subtitle.cgi. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 29.7%.

Command Injection Synology Video Station
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
29.7%
Threat
4.4
CVE-2015-6911 HIGH POC This Week

SQL injection vulnerability in Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary SQL commands via the id parameter to watchstatus.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Synology SQLi Video Station
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
1.6%
CVE-2015-6910 HIGH POC This Week

SQL injection vulnerability in Synology Video Station before 1.5-0757 allows remote attackers to execute arbitrary SQL commands via the id parameter to audiotrack.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Synology SQLi Video Station
NVD
CVSS 2.0
7.5
EPSS
0.6%
EPSS 0% CVSS 6.7
MEDIUM This Month

An SQL injection vulnerability has been reported to affect Video Station. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to execute unauthorized code or commands.

SQLi Video Station
NVD VulDB
EPSS 0% CVSS 6.7
MEDIUM This Month

An improper certificate validation vulnerability has been reported to affect Video Station. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to compromise the security of the system.

Information Disclosure Video Station
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

An SQL injection vulnerability has been reported to affect Video Station. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Video Station 5.8.4 and later

SQLi Video Station
NVD
EPSS 0% CVSS 8.8
HIGH This Week

An OS command injection vulnerability has been reported to affect Video Station. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Video Station
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

A SQL injection vulnerability has been reported to affect Video Station. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Video Station
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

A cross-site scripting (XSS) vulnerability has been reported to affect Video Station. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Video Station
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A SQL injection vulnerability has been reported to affect Video Station. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Video Station
NVD
EPSS 1% CVSS 8.8
HIGH This Week

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Command Injection Video Station
NVD
EPSS 2% CVSS 8.8
HIGH This Week

A command injection vulnerability has been reported to affect certain versions of Video Station. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Command Injection Video Station
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

Server-Side Request Forgery (SSRF) vulnerability in webapi component in Synology Video Station before 2.4.10-1632 allows remote authenticated users to send arbitrary request to intranet resources via. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology SSRF Video Station
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

This cross-site scripting (XSS) vulnerability in Video Station allows remote attackers to inject and execute scripts on the administrator’s management console. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Qnap Video Station
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

QNAP has already patched this vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qnap Command Injection Video Station
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Video Metadata Editor in Synology Video Station before 2.3.0-1435 allows remote authenticated attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology Video Station
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Synology Video Station 1.2 before 1.2-0455, 1.5 before 1.5-0772, and 1.6 before 1.6-0847 allow remote authenticated attackers to inject. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology Video Station
NVD
EPSS 30% 4.4 CVSS 10.0
CRITICAL POC THREAT Emergency

Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary shell commands via shell metacharacters in the subtitle_codepage parameter to subtitle.cgi. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 29.7%.

Command Injection Synology Video Station
NVD Exploit-DB
EPSS 2% CVSS 7.5
HIGH POC This Week

SQL injection vulnerability in Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary SQL commands via the id parameter to watchstatus.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Synology SQLi Video Station
NVD Exploit-DB
EPSS 1% CVSS 7.5
HIGH POC This Week

SQL injection vulnerability in Synology Video Station before 1.5-0757 allows remote attackers to execute arbitrary SQL commands via the id parameter to audiotrack.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Synology SQLi Video Station
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy