Lucene search
K

177 matches found

CVE
CVE
added 2024/11/26 7:27 a.m.102 views

CVE-2024-8160

Summary (CVE-2024-8160) : The vulnerability affects Axis OS (AXIS OS) versions prior to the patched release. The flaw resides in the VAPIX API’s ftptest.cgi due to insufficient input validation, enabling a possible command injection that could allow transferring files to/from the Axis device. Exp...

3.8CVSS7.3AI score0.00614EPSS
Exploits0References1Affected Software3
CVE
CVE
added 2024/11/26 7:24 a.m.92 views

CVE-2024-8772

The CVE-2024-8772 issue affects AXIS OS (AXIS devices) via the VAPIX API endpoint managedoverlayimages.cgi. The vulnerability is a race condition that can be exploited to block access to the overlay configuration page in the web interface, and it requires authentication with an operator- or admin...

4.3CVSS6.7AI score0.00418EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/26 7:24 a.m.10 views

CVE-2024-8772

51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API managedoverlayimages.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited...

4.3CVSS6.9AI score0.00418EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/26 7:24 a.m.28 views

CVE-2024-8772

51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API managedoverlayimages.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited...

4.3CVSS0.00418EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/26 7:21 a.m.25 views

CVE-2024-47257

Florent Thiéry has found that selected Axis devices were vulnerable to handling certain ethernet frames which could lead to the Axis device becoming unavailable in the network. Axis has released patched AXIS OS versions for the highlighted flaw for products that are still under AXIS OS software...

7.5CVSS0.00494EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/26 12:0 a.m.5 views

AXIS OS 安全漏洞

AXIS OS is an edge device operating system from Axis Sweden. A security vulnerability exists in AXIS OS versions 10.9 through 12.0 that stems from insufficient input validation and could lead to command injection...

3.8CVSS6.9AI score0.00614EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/26 12:0 a.m.6 views

AXIS OS 安全漏洞

AXIS OS is an edge device operating system from Axis Sweden. AXIS OS suffers from a security vulnerability that stems from the vulnerability of some Axis devices to attacks when processing certain Ethernet frames, which could result in Axis devices being unavailable in the network...

7.5CVSS6.6AI score0.00494EPSS
Exploits0References1
NVD
NVD
added 2024/09/10 6:15 a.m.12 views

CVE-2024-7784

During internal Axis Security Development Model ASDM threat-modelling, a flaw was found in the protection for device tampering commonly known as Secure Boot in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis' knowledge, there are no known exploits of the...

6.1CVSS0.00238EPSS
Exploits0References1
NVD
NVD
added 2024/09/10 6:15 a.m.13 views

CVE-2024-6979

Amin Aliakbari, member of the AXIS OS Bug Bounty Program, has found a broken access control which would lead to less-privileged operator- and/or viewer accounts having more privileges than designed. The risk of exploitation is very low as it requires complex steps to execute, including knowing of...

7.5CVSS0.0029EPSS
Exploits1References1
OSV
OSV
added 2024/09/10 6:15 a.m.4 views

CVE-2024-6979

Amin Aliakbari, member of the AXIS OS Bug Bounty Program, has found a broken access control which would lead to less-privileged operator- and/or viewer accounts having more privileges than designed. The risk of exploitation is very low as it requires complex steps to execute, including knowing of...

7.5CVSS5.8AI score0.0029EPSS
Exploits1References1
NVD
NVD
added 2024/09/10 5:15 a.m.23 views

CVE-2024-6509

Marinus Pfund, member of the AXIS OS Bug Bounty Program, has found the VAPIX API alwaysmulti.cgi was vulnerable for file globbing which could lead to resource exhaustion of the Axis device. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security...

6.5CVSS0.00391EPSS
Exploits0References1
NVD
NVD
added 2024/09/10 5:15 a.m.15 views

CVE-2024-6173

51l3nc3, member of the AXIS OS Bug Bounty Program, has found that a Guard Tour VAPIX API parameter allowed the use of arbitrary values allowing for an attacker to block access to the guard tour configuration page in the web interface of the Axis device. Axis has released patched AXIS OS versions...

6.5CVSS0.00391EPSS
Exploits0References1
NVD
NVD
added 2024/09/10 5:15 a.m.22 views

CVE-2024-0067

Marinus Pfund, member of the AXIS OS Bug Bounty Program, has found the VAPIX API ledlimit.cgi was vulnerable for path traversal attacks allowing to list folder/file names on the local file system of the Axis device. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer...

4.3CVSS0.0038EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/10 5:7 a.m.16 views

CVE-2024-6979

Amin Aliakbari, member of the AXIS OS Bug Bounty Program, has found a broken access control which would lead to less-privileged operator- and/or viewer accounts having more privileges than designed. The risk of exploitation is very low as it requires complex steps to execute, including knowing of...

6.8CVSS0.0029EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/09/10 5:7 a.m.11 views

CVE-2024-6979

Amin Aliakbari, member of the AXIS OS Bug Bounty Program, has found a broken access control which would lead to less-privileged operator- and/or viewer accounts having more privileges than designed. The risk of exploitation is very low as it requires complex steps to execute, including knowing of...

6.8CVSS6.9AI score0.0029EPSS
Exploits1References1
CVE
CVE
added 2024/09/10 5:7 a.m.47 views

CVE-2024-6979

CVE-2024-6979 affects Axis OS, where a broken access control could allow less-privileged operator- and/or viewer-accounts to gain higher privileges. The issue is described as requiring complex steps and social engineering to trigger administrator configurations, with exploitation risk considered ...

7.5CVSS6.9AI score0.0029EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/09/10 5:3 a.m.76 views

CVE-2024-6173

CVE-2024-6173 concerns Axis OS: a Guard Tour VAPIX API parameter allows arbitrary values, enabling an attacker to block access to the guard tour configuration page in the Axis web interface. Reported by AXIS OS Bug Bounty participant, the flaw’s impact is described as blocking access (availabilit...

6.5CVSS6.5AI score0.00391EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/10 5:3 a.m.28 views

CVE-2024-6173

51l3nc3, member of the AXIS OS Bug Bounty Program, has found that a Guard Tour VAPIX API parameter allowed the use of arbitrary values allowing for an attacker to block access to the guard tour configuration page in the web interface of the Axis device. Axis has released patched AXIS OS versions...

6.5CVSS0.00391EPSS
Exploits0References1
CVE
CVE
added 2024/09/10 4:58 a.m.76 views

CVE-2024-6509

AXIS OS CVE-2024-6509 affects the VAPIX API endpoint alwaysmulti.cgi. The issue is a file globbing vulnerability that could lead to resource exhaustion on Axis devices. Affected product: AXIS OS (versions 6.50–11.11 cited by CNNVD/PT security sources). Root cause: improper handling of file globbi...

6.5CVSS6.5AI score0.00391EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/10 4:58 a.m.23 views

CVE-2024-6509

Marinus Pfund, member of the AXIS OS Bug Bounty Program, has found the VAPIX API alwaysmulti.cgi was vulnerable for file globbing which could lead to resource exhaustion of the Axis device. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security...

6.5CVSS0.00391EPSS
Exploits0References1
Rows per page
Query Builder