168 matches found
CVE-2024-6979
Amin Aliakbari, member of the AXIS OS Bug Bounty Program, has found a broken access control which would lead to less-privileged operator- and/or viewer accounts having more privileges than designed. The risk of exploitation is very low as it requires complex steps to execute, including knowing of...
CVE-2024-6979
Amin Aliakbari, member of the AXIS OS Bug Bounty Program, has found a broken access control which would lead to less-privileged operator- and/or viewer accounts having more privileges than designed. The risk of exploitation is very low as it requires complex steps to execute, including knowing of...
CVE-2024-6509
Marinus Pfund, member of the AXIS OS Bug Bounty Program, has found the VAPIX API alwaysmulti.cgi was vulnerable for file globbing which could lead to resource exhaustion of the Axis device. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security...
CVE-2024-6173
51l3nc3, member of the AXIS OS Bug Bounty Program, has found that a Guard Tour VAPIX API parameter allowed the use of arbitrary values allowing for an attacker to block access to the guard tour configuration page in the web interface of the Axis device. Axis has released patched AXIS OS versions...
CVE-2024-0067
Marinus Pfund, member of the AXIS OS Bug Bounty Program, has found the VAPIX API ledlimit.cgi was vulnerable for path traversal attacks allowing to list folder/file names on the local file system of the Axis device. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer...
CVE-2024-6979
CVE-2024-6979 affects Axis OS, where a broken access control could allow less-privileged operator- and/or viewer-accounts to gain higher privileges. The issue is described as requiring complex steps and social engineering to trigger administrator configurations, with exploitation risk considered ...
CVE-2024-6979
Amin Aliakbari, member of the AXIS OS Bug Bounty Program, has found a broken access control which would lead to less-privileged operator- and/or viewer accounts having more privileges than designed. The risk of exploitation is very low as it requires complex steps to execute, including knowing of...
CVE-2024-6979
Amin Aliakbari, member of the AXIS OS Bug Bounty Program, has found a broken access control which would lead to less-privileged operator- and/or viewer accounts having more privileges than designed. The risk of exploitation is very low as it requires complex steps to execute, including knowing of...
CVE-2024-6173
51l3nc3, member of the AXIS OS Bug Bounty Program, has found that a Guard Tour VAPIX API parameter allowed the use of arbitrary values allowing for an attacker to block access to the guard tour configuration page in the web interface of the Axis device. Axis has released patched AXIS OS versions...
CVE-2024-6173
CVE-2024-6173 concerns Axis OS: a Guard Tour VAPIX API parameter allows arbitrary values, enabling an attacker to block access to the guard tour configuration page in the Axis web interface. Reported by AXIS OS Bug Bounty participant, the flaw’s impact is described as blocking access (availabilit...
CVE-2024-6509
Marinus Pfund, member of the AXIS OS Bug Bounty Program, has found the VAPIX API alwaysmulti.cgi was vulnerable for file globbing which could lead to resource exhaustion of the Axis device. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security...
CVE-2024-6509
Marinus Pfund, member of the AXIS OS Bug Bounty Program, has found the VAPIX API alwaysmulti.cgi was vulnerable for file globbing which could lead to resource exhaustion of the Axis device. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security...
CVE-2024-6509
AXIS OS CVE-2024-6509 affects the VAPIX API endpoint alwaysmulti.cgi. The issue is a file globbing vulnerability that could lead to resource exhaustion on Axis devices. Affected product: AXIS OS (versions 6.50–11.11 cited by CNNVD/PT security sources). Root cause: improper handling of file globbi...
CVE-2024-0067
Marinus Pfund, member of the AXIS OS Bug Bounty Program, has found the VAPIX API ledlimit.cgi was vulnerable for path traversal attacks allowing to list folder/file names on the local file system of the Axis device. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer...
AXIS OS 安全漏洞
AXIS OS is an edge device operating system from Axis Sweden. A security vulnerability exists in AXIS OS versions 6.50 through 11.10, which stems from the Guard Tour VAPIX API parameter that allows the use of arbitrary values...
AXIS OS 安全漏洞
AXIS OS is an edge device operating system from Axis Sweden. A security vulnerability exists in AXIS OS version 11.11 that stems from an access control error. An attacker can escalate privileges by exploiting the vulnerability...
AXIS OS 安全漏洞
AXIS OS is an edge device operating system from Axis Sweden AXIS. A security vulnerability exists in AXIS OS versions 8.40 through 11.10. An attacker exploiting the vulnerability could enumerate folder or file names on the local file system...
PT-2024-37679 · Axis · Axis Os
Name of the Vulnerable Software and Affected Versions: AXIS OS affected versions not specified Description: The VAPIX API alwaysmulti.cgi is vulnerable to file globbing, which could lead to resource exhaustion of the Axis device. The issue was discovered by Marinus Pfund, a member of the AXIS OS...
PT-2024-37433 · Axis · Axis Os
Name of the Vulnerable Software and Affected Versions: AXIS OS affected versions not specified Description: A Guard Tour VAPIX API parameter in Axis devices allows the use of arbitrary values, enabling an attacker to block access to the guard tour configuration page in the web interface. Axis has...
PT-2024-38578 · Axis Communications · Axis Os
Name of the Vulnerable Software and Affected Versions: AXIS OS affected versions not specified Description: A flaw was found in the protection for device tampering, commonly known as Secure Boot, in AXIS OS, making it vulnerable to a sophisticated attack to bypass this protection. To the vendor's...