CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

89 matches found

Tenable Nessus•added 2024/02/12 12:0 a.m.•28 views

Axis Communications Multiple Products Remote Code Execution (CVE-2023-5677)

Brandon Rothel from QED Secure Solutions has found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impac...

8.8CVSS7.7AI score0.0056EPSS

Exploits0References2

NVD•added 2024/02/05 6:15 a.m.•19 views

CVE-2023-5677

Brandon Rothel from QED Secure Solutions and Sam Hanson of Dragos have found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged...

8.8CVSS7AI score0.0056EPSS

Exploits0References2

Prion•added 2024/02/05 6:15 a.m.•21 views

Input validation

6.5CVSS7.1AI score0.0056EPSS

Exploits0References1Affected Software11

Prion•added 2024/02/05 6:15 a.m.•26 views

Input validation

Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API createoverlay.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service...

6.5CVSS7.1AI score0.00684EPSS

Exploits0References1Affected Software3

Vulnrichment•added 2024/02/05 5:20 a.m.•1 views

CVE-2023-5800 Insufficient input validation in VAPIX API create_overlay.cgi

5.4CVSS7.1AI score0.00684EPSS

Exploits0References1

Cvelist•added 2024/02/05 5:20 a.m.•18 views

CVE-2023-5800 Insufficient input validation in VAPIX API create_overlay.cgi

5.4CVSS8.9AI score0.00684EPSS

Exploits0References1

Vulnrichment•added 2024/02/05 5:20 a.m.•2 views

CVE-2023-5677

6.3CVSS7AI score0.0056EPSS

Exploits0References1

CVE•added 2024/02/05 5:20 a.m.•74 views

CVE-2023-5677

CVE-2023-5677 concerns an input validation weakness in Axis’s VAPIX API tcptest.cgi that allows remote code execution after authentication with an operator- or administrator-privileged service account. Affected: Axis AXIS OS and related products (e.g., Axis OS/Webcam contexts referenced in connec...

8.8CVSS7.4AI score0.0056EPSS

Exploits0References2Affected Software1

Cvelist•added 2024/02/05 5:20 a.m.•21 views

CVE-2023-5677

6.3CVSS8.9AI score0.0056EPSS

Exploits0References1

CNNVD•added 2024/02/05 12:0 a.m.•2 views

AXIS OS Code Injection Vulnerability

AXIS Os is an edge device operating system from the Swedish company Axis. A security vulnerability exists in AXIS OS versions 6.50 through 11.7 that stems from the VAPIX API createoverlay.cgi not having sufficient input validation, allowing for possible remote code execution...

8.8CVSS8AI score0.00684EPSS

Exploits0References2

Positive Technologies•added 2024/02/04 12:0 a.m.•4 views

PT-2024-14825 · Axis Communications · Axis Os

Name of the Vulnerable Software and Affected Versions: AXIS OS versions affected versions not specified Description: The VAPIX API tcptest.cgi did not have sufficient input validation, allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an...

8.8CVSS8.7AI score0.0056EPSS

Exploits0References7

NVD•added 2023/11/21 7:15 a.m.•10 views

CVE-2023-21417

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API manageoverlayimage.cgi was vulnerable to path traversal attacks that allows for file/folder deletion. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service...

7.1CVSS0.00668EPSS

Exploits0References1

NVD•added 2023/11/21 7:15 a.m.•14 views

CVE-2023-21416

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi was vulnerable to a Denial-of-Service attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited...

7.1CVSS0.00668EPSS

Exploits0References1

Prion•added 2023/11/21 7:15 a.m.•13 views

Path traversal

5.5CVSS6.9AI score0.00668EPSS

Exploits0References1Affected Software3

Prion•added 2023/11/21 7:15 a.m.•18 views

Path traversal

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact...

5.5CVSS7AI score0.00668EPSS

Exploits0References1Affected Software4

Prion•added 2023/11/21 7:15 a.m.•21 views

Design/Logic Flaw

4CVSS7AI score0.00668EPSS

Exploits0References1Affected Software2

CVE•added 2023/11/21 6:56 a.m.•47 views

CVE-2023-21418

AXIS OS vulnerability CVE-2023-21418 affects the VAPIX API irissetup.cgi, where path traversal could delete files. Exploitation requires authentication with an operator- or administrator-privileged service account, with impact higher on administrator privileges and lower on operator accounts (non...

7.1CVSS6.9AI score0.00668EPSS

Exploits0References1Affected Software4

Vulnrichment•added 2023/11/21 6:56 a.m.•12 views

CVE-2023-21418

7.1CVSS6.9AI score0.00668EPSS

Exploits0References1

CVE•added 2023/11/21 6:53 a.m.•44 views

CVE-2023-21417

CVE-2023-21417 affects AXIS OS via the VAPIX API endpoint manageoverlayimage.cgi, where path traversal can lead to file/folder deletion. Exploitation requires an operator- or administrator-privileged service account, with impact higher on administrator privileges and non-system files; operator ac...

7.1CVSS6.8AI score0.00668EPSS

Exploits0References1Affected Software3

Cvelist•added 2023/11/21 6:53 a.m.•21 views

CVE-2023-21417

7.1CVSS7AI score0.00668EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by