96 matches found
CVE-2024-0067
Marinus Pfund, member of the AXIS OS Bug Bounty Program, has found the VAPIX API ledlimit.cgi was vulnerable for path traversal attacks allowing to list folder/file names on the local file system of the Axis device. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer...
CVE-2024-0067
Marinus Pfund, member of the AXIS OS Bug Bounty Program, has found the VAPIX API ledlimit.cgi was vulnerable for path traversal attacks allowing to list folder/file names on the local file system of the Axis device. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer...
CVE-2024-0066
Johan Fagerström, member of the AXIS OS Bug Bounty Program, has found that a O3C feature may expose sensitive traffic between the client Axis device and O3C server. If O3C is not being used this flaw does not apply. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer...
CVE-2024-0066
CVE-2024-0066 concerns AXIS OS where the O3C feature may expose sensitive traffic between an Axis client device and the O3C server. Concrete details found in connected sources indicate AXIS OS versions affected include 5.51 through 11.9 (CNNVD). The flaw only applies when O3C is in use; if O3C is...
CVE-2023-21416
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi was vulnerable to a Denial-of-Service attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited...
Design/Logic Flaw
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi was vulnerable to a Denial-of-Service attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited...
CVE-2023-21416
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi was vulnerable to a Denial-of-Service attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited...
CVE-2023-21416
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi was vulnerable to a Denial-of-Service attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited...
CVE-2023-21413
GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution during the installation of ACAP applications on the Axis device. The application handling service in AXIS OS was vulnerable to command injection allowing an attacker to run arbitrary code. Axis has release...
CVE-2023-21413 Remote code execution vulnerability during the installation of ACAP applications on the Axis device
GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution during the installation of ACAP applications on the Axis device. The application handling service in AXIS OS was vulnerable to command injection allowing an attacker to run arbitrary code. Axis has release...
CVE-2023-21413 Remote code execution vulnerability during the installation of ACAP applications on the Axis device
GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution during the installation of ACAP applications on the Axis device. The application handling service in AXIS OS was vulnerable to command injection allowing an attacker to run arbitrary code. Axis has release...
CVE-2021-31989
A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application. The memory dump may potentially contain credentials of connected Axis devices...
Design/Logic Flaw
A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application. The memory dump may potentially contain credentials of connected Axis devices...
CVE-2021-31989
The CVE-2021-31989 entry affects AXIS Device Manager: a user with host permissions can, under certain conditions, extract a memory dump from the built-in Windows Task Manager, potentially exposing credentials of connected Axis devices. Documented across multiple sources (Axis tech note, Red Hat a...
AXIS Device Manger 安全漏洞
AXIS Device Manger is an on-premise tool from AXIS Sweden that provides a simple, cost-effective and secure way to perform device management. A security vulnerability exists in AXIS Device Manger. The vulnerability stems from the fact that a user with host privileges to log in to the AXIS Device...
PT-2021-19618 · Axis · Axis Device Manager
Name of the Vulnerable Software and Affected Versions: AXIS Device Manager affected versions not specified Description: A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manage...