Lucene search
K

164 matches found

NVD
NVD
added 2025/03/04 6:15 a.m.13 views

CVE-2025-0360

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that could lead to an incorrect user privilege level in the VAPIX service account D-Bus API...

7.8CVSS0.00137EPSS
Exploits0References1
NVD
NVD
added 2025/03/04 6:15 a.m.12 views

CVE-2024-47262

Dzmitry Lukyanenka, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API param.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the web interface of the Axis device. Other API endpoints or services not making use of param.cgi are not...

5.3CVSS0.00334EPSS
Exploits0References1
NVD
NVD
added 2025/03/04 6:15 a.m.11 views

CVE-2024-47260

51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API mediaclip.cgi did not have a sufficient input validation allowing for uploading more audio clips then designed resulting in the Axis device running out of memory. Axis has released patched AXIS OS versions for the...

6.5CVSS0.00374EPSS
Exploits0References1
OSV
OSV
added 2025/03/04 6:15 a.m.5 views

CVE-2024-47259

Girishunawane, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files to the Axis device with the purpose to exhaust system resources. Ax...

7.1CVSS5.8AI score0.00555EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/04 5:24 a.m.14 views

CVE-2025-0360

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that could lead to an incorrect user privilege level in the VAPIX service account D-Bus API...

7.8CVSS0.00137EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/04 5:24 a.m.7 views

CVE-2025-0360

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that could lead to an incorrect user privilege level in the VAPIX service account D-Bus API...

7.8CVSS7.6AI score0.00137EPSS
Exploits0References1
CVE
CVE
added 2025/03/04 5:24 a.m.121 views

CVE-2025-0360

CVE-2025-0360 affects Axis VAPIX Device Configuration framework; flaw could yield an incorrect privilege level for the VAPIX service account D-Bus API. Reported during a penetration test, the CVSSv3.1 vector indicates Local attacker, Low privileges required, No user interaction, with Confidential...

7.8CVSS6.9AI score0.00137EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2025/03/04 5:19 a.m.101 views

CVE-2024-47262

CVE-2024-47262 describes a race condition in Axis VAPIX API param.cgi that can block access to the web interface of Axis devices running AXIS OS. Affected component: VAPIX param.cgi; affected product family: Axis with AXIS OS (specific versions not enumerated in the provided documents). Root caus...

5.3CVSS6.8AI score0.00334EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/04 5:19 a.m.7 views

CVE-2024-47262

Dzmitry Lukyanenka, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API param.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the web interface of the Axis device. Other API endpoints or services not making use of param.cgi are not...

5.3CVSS5.3AI score0.00334EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/04 5:19 a.m.14 views

CVE-2024-47262

Dzmitry Lukyanenka, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API param.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the web interface of the Axis device. Other API endpoints or services not making use of param.cgi are not...

5.3CVSS0.00334EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/04 5:17 a.m.9 views

CVE-2024-47260

51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API mediaclip.cgi did not have a sufficient input validation allowing for uploading more audio clips then designed resulting in the Axis device running out of memory. Axis has released patched AXIS OS versions for the...

6.5CVSS0.00374EPSS
Exploits0References1
CVE
CVE
added 2025/03/04 5:17 a.m.81 views

CVE-2024-47260

The CVE-2024-47260 entry relates to Axis AXIS OS devices where the VAPIX API mediaclip.cgi lacked sufficient input validation, enabling an attacker to upload more audio clips than intended and causing memory exhaustion on the device. This is supported by Axis security advisories noting patched AX...

6.5CVSS6.8AI score0.00374EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/04 5:17 a.m.4 views

CVE-2024-47260

51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API mediaclip.cgi did not have a sufficient input validation allowing for uploading more audio clips then designed resulting in the Axis device running out of memory. Axis has released patched AXIS OS versions for the...

6.5CVSS6.5AI score0.00374EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/04 5:15 a.m.4 views

CVE-2024-47259

Girishunawane, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files to the Axis device with the purpose to exhaust system resources. Ax...

3.5CVSS4.6AI score0.00555EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/04 5:15 a.m.11 views

CVE-2024-47259

Girishunawane, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files to the Axis device with the purpose to exhaust system resources. Ax...

3.5CVSS0.00555EPSS
Exploits0References1
NVD
NVD
added 2024/11/26 8:15 a.m.20 views

CVE-2024-8160

Erik de Jong, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API ftptest.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files from/to the Axis device. This flaw can only be exploited after authenticati...

3.8CVSS0.00614EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/26 7:27 a.m.22 views

CVE-2024-8160

Erik de Jong, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API ftptest.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files from/to the Axis device. This flaw can only be exploited after authenticati...

3.8CVSS0.00614EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/26 7:27 a.m.10 views

CVE-2024-8160

Erik de Jong, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API ftptest.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files from/to the Axis device. This flaw can only be exploited after authenticati...

3.8CVSS7.2AI score0.00614EPSS
Exploits0References1
CVE
CVE
added 2024/11/26 7:27 a.m.103 views

CVE-2024-8160

Summary (CVE-2024-8160) : The vulnerability affects Axis OS (AXIS OS) versions prior to the patched release. The flaw resides in the VAPIX API’s ftptest.cgi due to insufficient input validation, enabling a possible command injection that could allow transferring files to/from the Axis device. Exp...

3.8CVSS7.3AI score0.00614EPSS
Exploits0References1Affected Software3
Cvelist
Cvelist
added 2024/11/26 7:24 a.m.29 views

CVE-2024-8772

51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API managedoverlayimages.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited...

4.3CVSS0.00418EPSS
Exploits0References1
Rows per page
Query Builder