Lucene search
K

18 matches found

NVD
NVD
added 2024/03/19 7:15 a.m.18 views

CVE-2024-0055

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs mediaclip.cgi and playclip.cgi was vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis...

6.5CVSS6.5AI score0.00596EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/03/19 6:39 a.m.16 views

CVE-2024-0055

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs mediaclip.cgi and playclip.cgi was vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis...

6.5CVSS6.5AI score0.00596EPSS
Exploits0References1
CVE
CVE
added 2024/03/19 6:39 a.m.93 views

CVE-2024-0055

The CVE-2024-0055 entry concerns AXIS OS where the VAPIX endpoints mediaclip.cgi and playclip.cgi are vulnerable to file globbing, enabling a resource-exhaustion (DoS) condition. Affected software is AXIS OS; the issue is fixed in patched AXIS OS versions as per Axis advisory. Connected sources c...

6.5CVSS6.5AI score0.00596EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2024/03/19 6:35 a.m.12 views

CVE-2024-0054

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs locallist.cgi, createoverlay.cgi and irissetup.cgi was vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AXIS OS versions for the highlighted flaw. Please...

6.5CVSS6.5AI score0.00572EPSS
Exploits0References1
CVE
CVE
added 2024/03/19 6:35 a.m.115 views

CVE-2024-0054

CVE-2024-0054 affects Axis OS: the VAPIX endpoints local_list.cgi, create_overlay.cgi and irissetup.cgi are vulnerable to file globbing, enabling a resource-exhaustion DoS. The issue is rooted in how these APIs handle globbing, with exploitation described in Axis advisories and vendor-confirmed p...

6.5CVSS6.5AI score0.00572EPSS
Exploits0References1
NVD
NVD
added 2023/11/21 7:15 a.m.19 views

CVE-2023-21418

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact...

7.1CVSS0.00668EPSS
Exploits0References1
NVD
NVD
added 2023/11/21 7:15 a.m.26 views

CVE-2023-21416

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi was vulnerable to a Denial-of-Service attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited...

7.1CVSS0.00668EPSS
Exploits0References1
Prion
Prion
added 2023/11/21 7:15 a.m.20 views

Path traversal

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact...

5.5CVSS7AI score0.00668EPSS
Exploits0References1Affected Software4
Prion
Prion
added 2023/11/21 7:15 a.m.26 views

Design/Logic Flaw

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi was vulnerable to a Denial-of-Service attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited...

4CVSS7AI score0.00668EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2023/11/21 6:56 a.m.14 views

CVE-2023-21418

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact...

7.1CVSS7.1AI score0.00668EPSS
Exploits0References1
CVE
CVE
added 2023/11/21 6:56 a.m.52 views

CVE-2023-21418

AXIS OS vulnerability CVE-2023-21418 affects the VAPIX API irissetup.cgi, where path traversal could delete files. Exploitation requires authentication with an operator- or administrator-privileged service account, with impact higher on administrator privileges and lower on operator accounts (non...

7.1CVSS6.9AI score0.00668EPSS
Exploits0References1Affected Software4
Cvelist
Cvelist
added 2023/11/21 6:53 a.m.23 views

CVE-2023-21417

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API manageoverlayimage.cgi was vulnerable to path traversal attacks that allows for file/folder deletion. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service...

7.1CVSS7AI score0.00668EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/11/21 6:49 a.m.13 views

CVE-2023-21416

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi was vulnerable to a Denial-of-Service attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited...

7.1CVSS6.6AI score0.00668EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/11/21 6:49 a.m.27 views

CVE-2023-21416

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi was vulnerable to a Denial-of-Service attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited...

7.1CVSS7.1AI score0.00668EPSS
Exploits0References1
NVD
NVD
added 2023/10/16 7:15 a.m.18 views

CVE-2023-21415

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlaydel.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has...

8.1CVSS7AI score0.0059EPSS
Exploits0References1
Prion
Prion
added 2023/10/16 7:15 a.m.19 views

Path traversal

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlaydel.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has...

5.5CVSS7.9AI score0.0059EPSS
Exploits0References1Affected Software5
CVE
CVE
added 2023/10/16 6:24 a.m.49 views

CVE-2023-21415

CVE-2023-21415 concerns AXIS OS: the VAPIX API endpoint overlay_del.cgi is vulnerable to a path traversal that allows deleting arbitrary files. Exploitation requires authentication with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions to address...

8.1CVSS7.2AI score0.0059EPSS
Exploits0References1Affected Software5
Vulnrichment
Vulnrichment
added 2023/10/16 6:24 a.m.16 views

CVE-2023-21415

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlaydel.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has...

6.5CVSS7.3AI score0.0059EPSS
Exploits0References1
Rows per page
Query Builder