Lucene search
K

164 matches found

Vulnrichment
Vulnrichment
added 2024/03/19 6:35 a.m.12 views

CVE-2024-0054

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs locallist.cgi, createoverlay.cgi and irissetup.cgi was vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AXIS OS versions for the highlighted flaw. Please...

6.5CVSS6.5AI score0.00572EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/19 6:35 a.m.27 views

CVE-2024-0054

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs locallist.cgi, createoverlay.cgi and irissetup.cgi was vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AXIS OS versions for the highlighted flaw. Please...

6.5CVSS6.7AI score0.00572EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/03/18 12:0 a.m.4 views

PT-2024-15328 · Axis Communications · Axis Os

Name of the Vulnerable Software and Affected Versions: AXIS OS versions prior to the patched version Description: The VAPIX APIs, specifically the "mediaclip.cgi" and "playclip.cgi" endpoints, were found to be vulnerable to file globbing, which could lead to a resource exhaustion attack. This iss...

6.5CVSS6.9AI score0.00596EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2024/02/28 12:0 a.m.22 views

AXIS OS RCE Vulnerability (Feb 2024)

AXIS OS is prone to a remote code execution RCE vulnerability on severaldevices. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

8.8CVSS7.9AI score0.0056EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2024/02/28 12:0 a.m.16 views

AXIS OS RCE Vulnerability (Feb 2024)

AXIS OS is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:axis:axisos"; if...

8.8CVSS8AI score0.00684EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/02/12 12:0 a.m.30 views

Axis Communications Multiple Products Remote Code Execution (CVE-2023-5677)

Brandon Rothel from QED Secure Solutions has found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impac...

8.8CVSS7.7AI score0.0056EPSS
Exploits0References2
OSV
OSV
added 2024/02/05 6:15 a.m.5 views

CVE-2023-5800

Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API createoverlay.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service...

8.8CVSS5.8AI score0.00684EPSS
Exploits0References1
NVD
NVD
added 2024/02/05 6:15 a.m.32 views

CVE-2023-5677

Brandon Rothel from QED Secure Solutions and Sam Hanson of Dragos have found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged...

8.8CVSS7AI score0.0056EPSS
Exploits0References2
Prion
Prion
added 2024/02/05 6:15 a.m.28 views

Input validation

Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API createoverlay.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service...

6.5CVSS7.1AI score0.00684EPSS
Exploits0References1Affected Software3
Prion
Prion
added 2024/02/05 6:15 a.m.23 views

Input validation

Brandon Rothel from QED Secure Solutions has found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impac...

6.5CVSS7.1AI score0.0056EPSS
Exploits0References1Affected Software11
CVE
CVE
added 2024/02/05 5:20 a.m.74 views

CVE-2023-5800

CVE-2023-5800 concerns Axis OS: the VAPIX API create_overlay.cgi lacks sufficient input validation, enabling remote code execution. Exploitation requires an operator/admin-privileged service account and network access, with impact on confidentiality, integrity, and availability listed as high. Ax...

8.8CVSS7.1AI score0.00684EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/05 5:20 a.m.2 views

CVE-2023-5800 Insufficient input validation in VAPIX API create_overlay.cgi

Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API createoverlay.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service...

5.4CVSS7.1AI score0.00684EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/02/05 5:20 a.m.27 views

CVE-2023-5800 Insufficient input validation in VAPIX API create_overlay.cgi

Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API createoverlay.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service...

5.4CVSS8.9AI score0.00684EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/02/05 5:20 a.m.3 views

CVE-2023-5677

Brandon Rothel from QED Secure Solutions and Sam Hanson of Dragos have found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged...

6.3CVSS7AI score0.0056EPSS
Exploits0References1
CVE
CVE
added 2024/02/05 5:20 a.m.83 views

CVE-2023-5677

CVE-2023-5677 concerns an input validation weakness in Axis’s VAPIX API tcptest.cgi that allows remote code execution after authentication with an operator- or administrator-privileged service account. Affected: Axis AXIS OS and related products (e.g., Axis OS/Webcam contexts referenced in connec...

8.8CVSS7.4AI score0.0056EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/02/05 5:20 a.m.33 views

CVE-2023-5677

Brandon Rothel from QED Secure Solutions and Sam Hanson of Dragos have found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged...

6.3CVSS8.9AI score0.0056EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/02/05 12:0 a.m.5 views

AXIS OS Code Injection Vulnerability

AXIS Os is an edge device operating system from the Swedish company Axis. A security vulnerability exists in AXIS OS versions 6.50 through 11.7 that stems from the VAPIX API createoverlay.cgi not having sufficient input validation, allowing for possible remote code execution...

8.8CVSS8AI score0.00684EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/02/05 12:0 a.m.5 views

AXIS M3024 Code Injection Vulnerability

AXIS M3024 is a webcam from Axis Sweden. The AXIS M3024 suffers from a code injection vulnerability that stems from the VAPIX API tcptest.cgi not having sufficient input validation, allowing remote code execution...

8.8CVSS8.4AI score0.0056EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/02/04 12:0 a.m.7 views

PT-2024-14825 · Axis Communications · Axis Os

Name of the Vulnerable Software and Affected Versions: AXIS OS versions affected versions not specified Description: The VAPIX API tcptest.cgi did not have sufficient input validation, allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an...

8.8CVSS8.7AI score0.0056EPSS
Exploits0References7
NVD
NVD
added 2023/11/21 7:15 a.m.13 views

CVE-2023-21417

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API manageoverlayimage.cgi was vulnerable to path traversal attacks that allows for file/folder deletion. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service...

7.1CVSS0.00668EPSS
Exploits0References1
Rows per page
Query Builder