Lucene search
K

6 matches found

CVE
CVE
added 2025/03/04 5:24 a.m.121 views

CVE-2025-0360

CVE-2025-0360 affects Axis VAPIX Device Configuration framework; flaw could yield an incorrect privilege level for the VAPIX service account D-Bus API. Reported during a penetration test, the CVSSv3.1 vector indicates Local attacker, Low privileges required, No user interaction, with Confidential...

7.8CVSS6.9AI score0.00137EPSS
CVE
CVE
added 2024/11/26 7:27 a.m.104 views

CVE-2024-8160

Summary (CVE-2024-8160) : The vulnerability affects Axis OS (AXIS OS) versions prior to the patched release. The flaw resides in the VAPIX API’s ftptest.cgi due to insufficient input validation, enabling a possible command injection that could allow transferring files to/from the Axis device. Exp...

3.8CVSS7.3AI score0.00614EPSS
CVE
CVE
added 2025/03/04 5:15 a.m.102 views

CVE-2024-47259

CVE-2024-47259 affects Axis OS: VAPIX API endpoint dynamicoverlay.cgi with insufficient input validation that enables command injection, enabling potential file transfers to the Axis device and resource exhaustion. Axis has released patched AXIS OS versions; refer to Axis security advisory for de...

7.1CVSS7.4AI score0.00555EPSS
CVE
CVE
added 2025/04/08 5:33 a.m.102 views

CVE-2024-47261

The CVE-2024-47261 entry describes a vulnerability in Axis OS devices where the VAPIX API endpoint uploadoverlayimage.cgi lacks sufficient input validation. This allows an attacker to upload files that can block access to create image overlays in the device’s web interface. Affected product scope...

4.3CVSS7.1AI score0.00323EPSS
CVE
CVE
added 2025/04/08 5:38 a.m.90 views

CVE-2025-0361

CVE-2025-0361 describes a vulnerability in Axis Communications’ VAPIX Device Configuration framework where unauthenticated username enumeration is possible via the VAPIX Device Configuration SSH Management API. Affected component is the VAPIX Device Configuration framework (Axis OS context cited ...

5.3CVSS7.2AI score0.00283EPSS
CVE
CVE
added 2025/03/04 5:21 a.m.62 views

CVE-2025-0359

CVE-2025-0359 concerns Axis OS/ACAP: a flaw in the ACAP Application framework allowed applications to access restricted D-Bus methods. The issue stems from insufficient access control in the framework, exposing sensitive IPC interfaces. Axis has released patched AXIS OS versions; refer to Axis se...

8.5CVSS8.4AI score0.00132EPSS