Lucene search
K

13 matches found

Cvelist
Cvelist
added 2024/11/26 7:24 a.m.29 views

CVE-2024-8772

51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API managedoverlayimages.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited...

4.3CVSS0.00418EPSS
Exploits0References1
NVD
NVD
added 2024/09/10 6:15 a.m.13 views

CVE-2024-6979

Amin Aliakbari, member of the AXIS OS Bug Bounty Program, has found a broken access control which would lead to less-privileged operator- and/or viewer accounts having more privileges than designed. The risk of exploitation is very low as it requires complex steps to execute, including knowing of...

7.5CVSS0.0029EPSS
Exploits1References1
NVD
NVD
added 2024/09/10 5:15 a.m.23 views

CVE-2024-6509

Marinus Pfund, member of the AXIS OS Bug Bounty Program, has found the VAPIX API alwaysmulti.cgi was vulnerable for file globbing which could lead to resource exhaustion of the Axis device. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security...

6.5CVSS0.00391EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/10 5:7 a.m.16 views

CVE-2024-6979

Amin Aliakbari, member of the AXIS OS Bug Bounty Program, has found a broken access control which would lead to less-privileged operator- and/or viewer accounts having more privileges than designed. The risk of exploitation is very low as it requires complex steps to execute, including knowing of...

6.8CVSS0.0029EPSS
Exploits1References1
CVE
CVE
added 2024/09/10 5:7 a.m.47 views

CVE-2024-6979

CVE-2024-6979 affects Axis OS, where a broken access control could allow less-privileged operator- and/or viewer-accounts to gain higher privileges. The issue is described as requiring complex steps and social engineering to trigger administrator configurations, with exploitation risk considered ...

7.5CVSS6.9AI score0.0029EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/09/10 5:3 a.m.76 views

CVE-2024-6173

CVE-2024-6173 concerns Axis OS: a Guard Tour VAPIX API parameter allows arbitrary values, enabling an attacker to block access to the guard tour configuration page in the Axis web interface. Reported by AXIS OS Bug Bounty participant, the flaw’s impact is described as blocking access (availabilit...

6.5CVSS6.5AI score0.00391EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/10 4:58 a.m.14 views

CVE-2024-6509

Marinus Pfund, member of the AXIS OS Bug Bounty Program, has found the VAPIX API alwaysmulti.cgi was vulnerable for file globbing which could lead to resource exhaustion of the Axis device. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security...

6.5CVSS7AI score0.00391EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/03/19 6:39 a.m.15 views

CVE-2024-0055

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs mediaclip.cgi and playclip.cgi was vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis...

6.5CVSS6.5AI score0.00596EPSS
Exploits0References1
NVD
NVD
added 2023/11/21 7:15 a.m.19 views

CVE-2023-21418

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact...

7.1CVSS0.00668EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/11/21 6:56 a.m.14 views

CVE-2023-21418

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact...

7.1CVSS7.1AI score0.00668EPSS
Exploits0References1
CVE
CVE
added 2023/11/21 6:56 a.m.52 views

CVE-2023-21418

AXIS OS vulnerability CVE-2023-21418 affects the VAPIX API irissetup.cgi, where path traversal could delete files. Exploitation requires authentication with an operator- or administrator-privileged service account, with impact higher on administrator privileges and lower on operator accounts (non...

7.1CVSS6.9AI score0.00668EPSS
Exploits0References1Affected Software4
Cvelist
Cvelist
added 2023/11/21 6:53 a.m.23 views

CVE-2023-21417

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API manageoverlayimage.cgi was vulnerable to path traversal attacks that allows for file/folder deletion. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service...

7.1CVSS7AI score0.00668EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/10/16 6:24 a.m.16 views

CVE-2023-21415

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlaydel.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has...

6.5CVSS7.3AI score0.0059EPSS
Exploits0References1
Rows per page
Query Builder