45 matches found
Axis Communications AXIS OS Improper Validation of Syntactic Correctness of Input (CVE-2024-8160)
A researcher in the AXIS OS Bug Bounty Program has found that the VAPIX API ftptest.cgi did not have a sufficient input validation allowing for a possible command injection to transfer files to/from the Axis device. This flaw can only be exploited after authenticating with an...
Axis Communications AXIS OS Path Traversal (CVE-2024-0067)
A researcher in the AXIS OS Bug Bounty Program has found that the VAPIX API ledlimit.cgi was vulnerable for path traversal attacks allowing to list folder/file names on the local file system of the Axis device. Axis has released patched AXIS OS versions for this flaw. This plugin only works with...
Axis Communications AXIS OS Improper Validation of Syntactic Correctness of Input (CVE-2024-8772)
A researcher in the AXIS OS Bug Bounty Program has found that the VAPIX API managedoverlayimages.cgi was vulnerable to a race condition attack enabling an attacker to block access to the overlay configuration page in the web interface of the Axis device. Exploitation requires prior authentication...
Axis Communications AXIS OS Improper Restriction of Names for Files and Other Resources (CVE-2024-47260)
Lasse Trind, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API mediaclip.cgi did not have a sufficient input validation allowing for uploading more audio clips then designed resulting in the Axis device running out of memory. Axis has released patched AXIS OS versions for thi...
Unspecified Vulnerability in AXIS OS
AXIS OS is an edge device operating system from Axis Sweden. AXIS OS suffers from a security vulnerability that stems from a third-party component exposing passwords in process parameters, which can be exploited by an attacker to cause low-privilege user access...
AXIS OS 安全漏洞
AXIS OS is an edge device operating system from Axis Sweden. AXIS OS suffers from a security vulnerability that stems from a symbolic link attack that could lead to elevation of privilege...
AXIS OS 安全漏洞
AXIS OS is an edge device operating system from Axis Sweden. AXIS OS has a security vulnerability that stems from insufficient validation of ACAP configuration file inputs, which could lead to arbitrary code execution...
AXIS OS 安全漏洞
AXIS OS is an edge device operating system from Swedish company Axis AXIS. AXIS OS has a security vulnerability that stems from improper configuration file permissions and insufficient input validation, which could lead to elevated privileges...
AXIS OS 安全漏洞
AXIS OS is an edge device operating system from Axis Sweden. AXIS OS suffers from a security vulnerability that stems from a third-party component exposing passwords in process parameters, which can be exploited by an attacker to cause low-privilege user access...
AXIS OS 安全漏洞
AXIS OS is an edge device operating system from Axis Sweden. AXIS OS has a security vulnerability that stems from insufficient input validation, which could lead to process crashes and affect availability...
AXIS OS 安全漏洞
AXIS OS is an edge device operating system from Axis Sweden. AXIS OS suffers from a security vulnerability that stems from an escalation of privilege issue that could result in a VAPIX Administrator privileged user gaining Linux Root privileges...
AXIS OS 安全漏洞
AXIS OS is an edge device operating system from Axis Sweden. AXIS OS has a security vulnerability that originates from a malicious ACAP application that can obtain administrator-level service account credentials used by a legitimate ACAP application, potentially resulting in elevated privileges f...
AXIS OS 安全漏洞
AXIS OS is an edge device operating system from Axis Sweden. AXIS OS has a security vulnerability that stems from insufficient validation of ACAP configuration file inputs, which could lead to path traversal attacks and elevation of privilege...
EUVD-2024-47313
Malicious code in bioql PyPI...
PT-2025-32626 · Axis · Axis
Name of the Vulnerable Software and Affected Versions: Axis affected versions not specified Description: ACAP applications can be executed with elevated privileges, potentially leading to privilege escalation. This issue can only be exploited if the Axis device is configured to allow the...
The vulnerability of the Device Configuration component in the APIX application programming interface of the AXIS OS operating system allows a perpetrator to increase their privileges.
The vulnerability of the Device Configuration component in the APIX application programming interface of the AXIS OS operating system is related to incomplete filtering of specific elements. Exploiting this vulnerability can allow an attacker to increase their privileges remotely...
AXIS OS 安全漏洞
AXIS OS is an edge device operating system from Axis Sweden AXIS. A security vulnerability exists in AXIS OS versions 6.50 through 12.3, which stems from a parameter that allows arbitrary values and could result in blocking access to the guard patrol configuration page of an Axis device...
AXIS OS 安全漏洞
AXIS OS is an edge device operating system from Axis Sweden. AXIS OS has a security vulnerability that originates from allowing an attacker to obtain a system username via the VAPIX Device Configuration SSH Management API...
CVE-2025-0359
During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the ACAP Application framework that allowed applications to access restricted D-Bus methods within the framework. Axis has released patched AXIS OS versions for the highlighted flaw. Please...
AXIS OS 代码问题漏洞
AXIS OS is an edge device operating system from Swedish company Axis AXIS. AXIS OS suffers from a security vulnerability that stems from insufficient input validation, which could lead to command injection and resource exhaustion...