Lucene search
K

96 matches found

Cvelist
Cvelist
added 2024/09/10 4:54 a.m.26 views

CVE-2024-0067

Marinus Pfund, member of the AXIS OS Bug Bounty Program, has found the VAPIX API ledlimit.cgi was vulnerable for path traversal attacks allowing to list folder/file names on the local file system of the Axis device. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer...

4.3CVSS0.0038EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/10 4:54 a.m.12 views

CVE-2024-0067

Marinus Pfund, member of the AXIS OS Bug Bounty Program, has found the VAPIX API ledlimit.cgi was vulnerable for path traversal attacks allowing to list folder/file names on the local file system of the Axis device. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer...

4.3CVSS6.9AI score0.0038EPSS
Exploits0References1
NVD
NVD
added 2024/06/18 6:15 a.m.35 views

CVE-2024-0066

Johan Fagerström, member of the AXIS OS Bug Bounty Program, has found that a O3C feature may expose sensitive traffic between the client Axis device and O3C server. If O3C is not being used this flaw does not apply. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer...

5.3CVSS0.00205EPSS
Exploits0References1
CVE
CVE
added 2024/06/18 6:10 a.m.61 views

CVE-2024-0066

CVE-2024-0066 concerns AXIS OS where the O3C feature may expose sensitive traffic between an Axis client device and the O3C server. Concrete details found in connected sources indicate AXIS OS versions affected include 5.51 through 11.9 (CNNVD). The flaw only applies when O3C is in use; if O3C is...

5.3CVSS5.3AI score0.00205EPSS
Exploits0References1
OSV
OSV
added 2023/11/21 7:15 a.m.5 views

CVE-2023-21416

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi was vulnerable to a Denial-of-Service attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited...

6.5CVSS5.8AI score0.00668EPSS
Exploits0References1
Prion
Prion
added 2023/11/21 7:15 a.m.25 views

Design/Logic Flaw

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi was vulnerable to a Denial-of-Service attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited...

4CVSS7AI score0.00668EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2023/11/21 6:49 a.m.12 views

CVE-2023-21416

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi was vulnerable to a Denial-of-Service attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited...

7.1CVSS6.6AI score0.00668EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/11/21 6:49 a.m.27 views

CVE-2023-21416

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi was vulnerable to a Denial-of-Service attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited...

7.1CVSS7.1AI score0.00668EPSS
Exploits0References1
NVD
NVD
added 2023/10/16 7:15 a.m.16 views

CVE-2023-21413

GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution during the installation of ACAP applications on the Axis device. The application handling service in AXIS OS was vulnerable to command injection allowing an attacker to run arbitrary code. Axis has release...

9.1CVSS9.8AI score0.01247EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/10/16 6:8 a.m.17 views

CVE-2023-21413 Remote code execution vulnerability during the installation of ACAP applications on the Axis device

GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution during the installation of ACAP applications on the Axis device. The application handling service in AXIS OS was vulnerable to command injection allowing an attacker to run arbitrary code. Axis has release...

9.1CVSS8.9AI score0.01247EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/10/16 6:8 a.m.18 views

CVE-2023-21413 Remote code execution vulnerability during the installation of ACAP applications on the Axis device

GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution during the installation of ACAP applications on the Axis device. The application handling service in AXIS OS was vulnerable to command injection allowing an attacker to run arbitrary code. Axis has release...

9.1CVSS10AI score0.01247EPSS
Exploits0References1
OSV
OSV
added 2021/08/25 7:15 p.m.4 views

CVE-2021-31989

A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application. The memory dump may potentially contain credentials of connected Axis devices...

5.3CVSS5.8AI score0.00397EPSS
Exploits0References1
Prion
Prion
added 2021/08/25 7:15 p.m.19 views

Design/Logic Flaw

A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application. The memory dump may potentially contain credentials of connected Axis devices...

3.5CVSS5.2AI score0.00397EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/08/25 6:29 p.m.51 views

CVE-2021-31989

The CVE-2021-31989 entry affects AXIS Device Manager: a user with host permissions can, under certain conditions, extract a memory dump from the built-in Windows Task Manager, potentially exposing credentials of connected Axis devices. Documented across multiple sources (Axis tech note, Red Hat a...

5.3CVSS5.2AI score0.00397EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/08/25 12:0 a.m.6 views

AXIS Device Manger 安全漏洞

AXIS Device Manger is an on-premise tool from AXIS Sweden that provides a simple, cost-effective and secure way to perform device management. A security vulnerability exists in AXIS Device Manger. The vulnerability stems from the fact that a user with host privileges to log in to the AXIS Device...

5.3CVSS5.8AI score0.00397EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/08/25 12:0 a.m.5 views

PT-2021-19618 · Axis · Axis Device Manager

Name of the Vulnerable Software and Affected Versions: AXIS Device Manager affected versions not specified Description: A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manage...

5.3CVSS6.8AI score0.00397EPSS
Exploits0References4
Rows per page
Query Builder