Lucene search
K

96 matches found

Positive Technologies
Positive Technologies
added 2025/06/02 12:0 a.m.6 views

PT-2025-23477 · Axis · Axis Device

Name of the Vulnerable Software and Affected Versions: Axis device affected versions not specified Description: A Guard Tour VAPIX API parameter allowed the use of arbitrary values and can be incorrectly called, allowing an attacker to block access to the guard tour configuration page in the web...

4.3CVSS6.2AI score0.00322EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/06/02 12:0 a.m.5 views

AXIS OS 安全漏洞

AXIS OS is an edge device operating system from Axis Sweden. A security vulnerability exists in AXIS OS versions 12.0 through 12.3, which stems from improper privilege management and could result in elevated privileges...

8.8CVSS6.8AI score0.00219EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 9:12 a.m.4 views

CVE-2024-0066

Johan Fagerström, member of the AXIS OS Bug Bounty Program, has found that a O3C feature may expose sensitive traffic between the client Axis device and O3C server. If O3C is not being used this flaw does not apply. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer...

5.3CVSS6.6AI score0.00205EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:19 a.m.5 views

CVE-2024-8160

Erik de Jong, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API ftptest.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files from/to the Axis device. This flaw can only be exploited after authenticati...

3.8CVSS4.7AI score0.00614EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:50 a.m.7 views

CVE-2023-21413

GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution during the installation of ACAP applications on the Axis device. The application handling service in AXIS OS was vulnerable to command injection allowing an attacker to run arbitrary code. Axis has release...

9.1CVSS8.2AI score0.01247EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/10 6:44 a.m.10 views

CVE-2024-47261

51l3nc3, a member of the AXIS OS Bug Bounty Program, has found that the VAPIX API uploadoverlayimage.cgi did not have sufficient input validation to allow an attacker to upload files to block access to create image overlays in the web interface of the Axis device...

4.3CVSS6.9AI score0.00323EPSS
Exploits0
OSV
OSV
added 2025/04/08 6:15 a.m.4 views

CVE-2024-47261

51l3nc3, a member of the AXIS OS Bug Bounty Program, has found that the VAPIX API uploadoverlayimage.cgi did not have sufficient input validation to allow an attacker to upload files to block access to create image overlays in the web interface of the Axis device...

4.3CVSS5.8AI score0.00323EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/08 5:33 a.m.26 views

CVE-2024-47261

51l3nc3, a member of the AXIS OS Bug Bounty Program, has found that the VAPIX API uploadoverlayimage.cgi did not have sufficient input validation to allow an attacker to upload files to block access to create image overlays in the web interface of the Axis device...

4.3CVSS0.00323EPSS
Exploits0References1
CVE
CVE
added 2025/04/08 5:33 a.m.102 views

CVE-2024-47261

The CVE-2024-47261 entry describes a vulnerability in Axis OS devices where the VAPIX API endpoint uploadoverlayimage.cgi lacks sufficient input validation. This allows an attacker to upload files that can block access to create image overlays in the device’s web interface. Affected product scope...

4.3CVSS7.1AI score0.00323EPSS
Exploits0References1Affected Software3
Vulnrichment
Vulnrichment
added 2025/04/08 5:33 a.m.9 views

CVE-2024-47261

51l3nc3, a member of the AXIS OS Bug Bounty Program, has found that the VAPIX API uploadoverlayimage.cgi did not have sufficient input validation to allow an attacker to upload files to block access to create image overlays in the web interface of the Axis device...

4.3CVSS7.1AI score0.00323EPSS
Exploits0References1
NVD
NVD
added 2025/03/04 6:15 a.m.12 views

CVE-2024-47262

Dzmitry Lukyanenka, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API param.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the web interface of the Axis device. Other API endpoints or services not making use of param.cgi are not...

5.3CVSS0.00334EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/04 5:19 a.m.14 views

CVE-2024-47262

Dzmitry Lukyanenka, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API param.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the web interface of the Axis device. Other API endpoints or services not making use of param.cgi are not...

5.3CVSS0.00334EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/04 5:17 a.m.4 views

CVE-2024-47260

51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API mediaclip.cgi did not have a sufficient input validation allowing for uploading more audio clips then designed resulting in the Axis device running out of memory. Axis has released patched AXIS OS versions for the...

6.5CVSS6.5AI score0.00365EPSS
Exploits0References1
NVD
NVD
added 2024/11/26 8:15 a.m.20 views

CVE-2024-8160

Erik de Jong, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API ftptest.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files from/to the Axis device. This flaw can only be exploited after authenticati...

3.8CVSS0.00614EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/26 7:24 a.m.29 views

CVE-2024-8772

51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API managedoverlayimages.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited...

4.3CVSS0.00418EPSS
Exploits0References1
NVD
NVD
added 2024/09/10 5:15 a.m.23 views

CVE-2024-6509

Marinus Pfund, member of the AXIS OS Bug Bounty Program, has found the VAPIX API alwaysmulti.cgi was vulnerable for file globbing which could lead to resource exhaustion of the Axis device. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security...

6.5CVSS0.00391EPSS
Exploits0References1
NVD
NVD
added 2024/09/10 5:15 a.m.17 views

CVE-2024-6173

51l3nc3, member of the AXIS OS Bug Bounty Program, has found that a Guard Tour VAPIX API parameter allowed the use of arbitrary values allowing for an attacker to block access to the guard tour configuration page in the web interface of the Axis device. Axis has released patched AXIS OS versions...

6.5CVSS0.00391EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/10 5:3 a.m.12 views

CVE-2024-6173

51l3nc3, member of the AXIS OS Bug Bounty Program, has found that a Guard Tour VAPIX API parameter allowed the use of arbitrary values allowing for an attacker to block access to the guard tour configuration page in the web interface of the Axis device. Axis has released patched AXIS OS versions...

6.5CVSS7.1AI score0.00391EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/10 4:58 a.m.14 views

CVE-2024-6509

Marinus Pfund, member of the AXIS OS Bug Bounty Program, has found the VAPIX API alwaysmulti.cgi was vulnerable for file globbing which could lead to resource exhaustion of the Axis device. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security...

6.5CVSS7AI score0.00391EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/10 4:54 a.m.26 views

CVE-2024-0067

Marinus Pfund, member of the AXIS OS Bug Bounty Program, has found the VAPIX API ledlimit.cgi was vulnerable for path traversal attacks allowing to list folder/file names on the local file system of the Axis device. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer...

4.3CVSS0.0038EPSS
Exploits0References1
Rows per page
Query Builder