Lucene search
K

170 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 7:19 a.m.5 views

CVE-2024-8160

Erik de Jong, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API ftptest.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files from/to the Axis device. This flaw can only be exploited after authenticati...

3.8CVSS4.7AI score0.00614EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:17 a.m.5 views

CVE-2024-8772

51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API managedoverlayimages.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited...

4.3CVSS6.7AI score0.00418EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:10 a.m.3 views

CVE-2023-21404

AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific source code. The static RSA key is not used in any other secure communication nor can it be used to compromise the device or any customer data...

5.3CVSS6.9AI score0.00283EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:49 a.m.9 views

CVE-2023-21415

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlaydel.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has...

8.1CVSS6.7AI score0.0059EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:49 a.m.9 views

CVE-2023-21418

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact...

7.1CVSS6.8AI score0.00668EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:49 a.m.8 views

CVE-2023-21417

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API manageoverlayimage.cgi was vulnerable to path traversal attacks that allows for file/folder deletion. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service...

7.1CVSS6.7AI score0.00668EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/08 12:0 a.m.2 views

AXIS OS 安全漏洞

AXIS OS is an edge device operating system from Axis Sweden. AXIS OS has a security vulnerability that stems from insufficient input validation, which could allow an attacker to upload a file to affect the functionality of the device's web interface...

4.3CVSS6.8AI score0.00323EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/03/06 5:57 a.m.9 views

CVE-2024-47259

Girishunawane, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files to the Axis device with the purpose to exhaust system resources. Ax...

3.5CVSS7.5AI score0.00542EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/06 5:51 a.m.4 views

CVE-2024-47260

51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API mediaclip.cgi did not have a sufficient input validation allowing for uploading more audio clips then designed resulting in the Axis device running out of memory. Axis has released patched AXIS OS versions for the...

6.5CVSS7AI score0.00365EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/06 5:50 a.m.8 views

CVE-2024-47262

Dzmitry Lukyanenka, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API param.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the web interface of the Axis device. Other API endpoints or services not making use of param.cgi are not...

5.3CVSS7AI score0.00334EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/06 5:45 a.m.12 views

CVE-2025-0359

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the ACAP Application framework that allowed applications to access restricted D-Bus methods within the framework. Axis has released patched AXIS OS versions for the highlighted flaw. Please...

8.5CVSS6.9AI score0.00132EPSS
Exploits0References1
NVD
NVD
added 2025/03/04 6:15 a.m.15 views

CVE-2025-0359

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the ACAP Application framework that allowed applications to access restricted D-Bus methods within the framework. Axis has released patched AXIS OS versions for the highlighted flaw. Please...

8.5CVSS0.00132EPSS
Exploits0References1
OSV
OSV
added 2025/03/04 6:15 a.m.5 views

CVE-2024-47259

Girishunawane, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files to the Axis device with the purpose to exhaust system resources. Ax...

7.1CVSS5.8AI score0.00542EPSS
Exploits0References1
NVD
NVD
added 2025/03/04 6:15 a.m.11 views

CVE-2024-47262

Dzmitry Lukyanenka, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API param.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the web interface of the Axis device. Other API endpoints or services not making use of param.cgi are not...

5.3CVSS0.00334EPSS
Exploits0References1
NVD
NVD
added 2025/03/04 6:15 a.m.10 views

CVE-2024-47260

51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API mediaclip.cgi did not have a sufficient input validation allowing for uploading more audio clips then designed resulting in the Axis device running out of memory. Axis has released patched AXIS OS versions for the...

6.5CVSS0.00365EPSS
Exploits0References1
NVD
NVD
added 2025/03/04 6:15 a.m.11 views

CVE-2024-47259

Girishunawane, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files to the Axis device with the purpose to exhaust system resources. Ax...

7.1CVSS0.00542EPSS
Exploits0References1
CVE
CVE
added 2025/03/04 5:21 a.m.62 views

CVE-2025-0359

CVE-2025-0359 concerns Axis OS/ACAP: a flaw in the ACAP Application framework allowed applications to access restricted D-Bus methods. The issue stems from insufficient access control in the framework, exposing sensitive IPC interfaces. Axis has released patched AXIS OS versions; refer to Axis se...

8.5CVSS8.4AI score0.00132EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2025/03/04 5:19 a.m.99 views

CVE-2024-47262

CVE-2024-47262 describes a race condition in Axis VAPIX API param.cgi that can block access to the web interface of Axis devices running AXIS OS. Affected component: VAPIX param.cgi; affected product family: Axis with AXIS OS (specific versions not enumerated in the provided documents). Root caus...

5.3CVSS6.8AI score0.00334EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/04 5:19 a.m.7 views

CVE-2024-47262

Dzmitry Lukyanenka, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API param.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the web interface of the Axis device. Other API endpoints or services not making use of param.cgi are not...

5.3CVSS5.3AI score0.00334EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/04 5:17 a.m.7 views

CVE-2024-47260

51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API mediaclip.cgi did not have a sufficient input validation allowing for uploading more audio clips then designed resulting in the Axis device running out of memory. Axis has released patched AXIS OS versions for the...

6.5CVSS0.00365EPSS
Exploits0References1
Rows per page
Query Builder