6 matches found
EUVD-2024-47593
Malicious code in bioql PyPI...
EUVD-2024-42777
Malicious code in bioql PyPI...
CVE-2024-47259
Girishunawane, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files to the Axis device with the purpose to exhaust system resources. Ax...
CVE-2024-47262
CVE-2024-47262 describes a race condition in Axis VAPIX API param.cgi that can block access to the web interface of Axis devices running AXIS OS. Affected component: VAPIX param.cgi; affected product family: Axis with AXIS OS (specific versions not enumerated in the provided documents). Root caus...
CVE-2023-5553
During internal Axis Security Development Model ASDM threat-modelling, a flaw was found in the protection for device tampering commonly known as Secure Boot in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis' knowledge, there are no known exploits of the...
CVE-2023-21415
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlaydel.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has...