Lucene search
K

164 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 1:49 a.m.10 views

CVE-2023-21416

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi was vulnerable to a Denial-of-Service attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited...

7.1CVSS6.8AI score0.00668EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:49 a.m.9 views

CVE-2023-21415

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlaydel.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has...

8.1CVSS6.7AI score0.0059EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:49 a.m.8 views

CVE-2023-21417

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API manageoverlayimage.cgi was vulnerable to path traversal attacks that allows for file/folder deletion. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service...

7.1CVSS6.7AI score0.00668EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/10 6:46 a.m.10 views

CVE-2025-0361

During an annual penetration test conducted on behalf of Axis Communications, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed for unauthenticated username enumeration through the VAPIX Device Configuration SSH Management API...

4.3CVSS7AI score0.00283EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/10 6:44 a.m.10 views

CVE-2024-47261

51l3nc3, a member of the AXIS OS Bug Bounty Program, has found that the VAPIX API uploadoverlayimage.cgi did not have sufficient input validation to allow an attacker to upload files to block access to create image overlays in the web interface of the Axis device...

4.3CVSS6.9AI score0.00323EPSS
Exploits0
NVD
NVD
added 2025/04/08 6:15 a.m.9 views

CVE-2025-0361

During an annual penetration test conducted on behalf of Axis Communications, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed for unauthenticated username enumeration through the VAPIX Device Configuration SSH Management API...

5.3CVSS0.00283EPSS
Exploits0References1
OSV
OSV
added 2025/04/08 6:15 a.m.5 views

CVE-2025-0361

During an annual penetration test conducted on behalf of Axis Communications, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed for unauthenticated username enumeration through the VAPIX Device Configuration SSH Management API...

5.3CVSS5.8AI score0.00283EPSS
Exploits0References1
NVD
NVD
added 2025/04/08 6:15 a.m.10 views

CVE-2024-47261

51l3nc3, a member of the AXIS OS Bug Bounty Program, has found that the VAPIX API uploadoverlayimage.cgi did not have sufficient input validation to allow an attacker to upload files to block access to create image overlays in the web interface of the Axis device...

4.3CVSS0.00323EPSS
Exploits0References1
OSV
OSV
added 2025/04/08 6:15 a.m.4 views

CVE-2024-47261

51l3nc3, a member of the AXIS OS Bug Bounty Program, has found that the VAPIX API uploadoverlayimage.cgi did not have sufficient input validation to allow an attacker to upload files to block access to create image overlays in the web interface of the Axis device...

4.3CVSS5.8AI score0.00323EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/08 5:38 a.m.9 views

CVE-2025-0361

During an annual penetration test conducted on behalf of Axis Communications, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed for unauthenticated username enumeration through the VAPIX Device Configuration SSH Management API...

4.3CVSS7.2AI score0.00283EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/08 5:38 a.m.30 views

CVE-2025-0361

During an annual penetration test conducted on behalf of Axis Communications, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed for unauthenticated username enumeration through the VAPIX Device Configuration SSH Management API...

4.3CVSS0.00283EPSS
Exploits0References1
CVE
CVE
added 2025/04/08 5:38 a.m.90 views

CVE-2025-0361

CVE-2025-0361 describes a vulnerability in Axis Communications’ VAPIX Device Configuration framework where unauthenticated username enumeration is possible via the VAPIX Device Configuration SSH Management API. Affected component is the VAPIX Device Configuration framework (Axis OS context cited ...

5.3CVSS7.2AI score0.00283EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2025/04/08 5:33 a.m.26 views

CVE-2024-47261

51l3nc3, a member of the AXIS OS Bug Bounty Program, has found that the VAPIX API uploadoverlayimage.cgi did not have sufficient input validation to allow an attacker to upload files to block access to create image overlays in the web interface of the Axis device...

4.3CVSS0.00323EPSS
Exploits0References1
CVE
CVE
added 2025/04/08 5:33 a.m.102 views

CVE-2024-47261

The CVE-2024-47261 entry describes a vulnerability in Axis OS devices where the VAPIX API endpoint uploadoverlayimage.cgi lacks sufficient input validation. This allows an attacker to upload files that can block access to create image overlays in the device’s web interface. Affected product scope...

4.3CVSS7.1AI score0.00323EPSS
Exploits0References1Affected Software3
Vulnrichment
Vulnrichment
added 2025/04/08 5:33 a.m.9 views

CVE-2024-47261

51l3nc3, a member of the AXIS OS Bug Bounty Program, has found that the VAPIX API uploadoverlayimage.cgi did not have sufficient input validation to allow an attacker to upload files to block access to create image overlays in the web interface of the Axis device...

4.3CVSS7.1AI score0.00323EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/08 12:0 a.m.9 views

PT-2025-15356 · Axis Communications · Vapix Device Configuration Framework

Name of the Vulnerable Software and Affected Versions: Axis Communications VAPIX Device Configuration framework affected versions not specified Description: The issue concerns a flaw in the VAPIX Device Configuration framework, allowing unauthenticated username enumeration. This is achieved throu...

4.3CVSS6.3AI score0.00283EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/03/06 5:51 a.m.5 views

CVE-2024-47260

51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API mediaclip.cgi did not have a sufficient input validation allowing for uploading more audio clips then designed resulting in the Axis device running out of memory. Axis has released patched AXIS OS versions for the...

6.5CVSS7AI score0.00374EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/06 5:50 a.m.8 views

CVE-2024-47262

Dzmitry Lukyanenka, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API param.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the web interface of the Axis device. Other API endpoints or services not making use of param.cgi are not...

5.3CVSS7AI score0.00334EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/06 5:43 a.m.11 views

CVE-2025-0360

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that could lead to an incorrect user privilege level in the VAPIX service account D-Bus API...

7.8CVSS7AI score0.00137EPSS
Exploits0References1
OSV
OSV
added 2025/03/04 6:15 a.m.3 views

CVE-2025-0360

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that could lead to an incorrect user privilege level in the VAPIX service account D-Bus API...

7.8CVSS5.8AI score0.00137EPSS
Exploits0References1
Rows per page
Query Builder