2601
|
8.8 |
HIGH
Network
|
axis
|
license_plate_verifier
|
User provided input is not sanitized in the “Settings > Access Control” configuration interface allowing for
arbitrary code execution.
|
NVD-CWE-noinfo
|
CVE-2023-21411
|
2024-11-8 18:15 |
2023-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2602
|
8.8 |
HIGH
Network
|
axis
|
license_plate_verifier
|
User provided input is not sanitized on the AXIS License Plate Verifier specific “api.cgi” allowing for
arbitrary code execution.
|
NVD-CWE-noinfo
|
CVE-2023-21410
|
2024-11-8 18:15 |
2023-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2603
|
8.8 |
HIGH
Adjacent
|
axis
|
a1001_firmware
|
Ariel Harush and Roy Hodir from OTORIO have found a flaw in the AXIS A1001 when
communicating over OSDP. A heap-based buffer overflow was found in the pacsiod process which
is handling the OSDP commu…
|
CWE-787
Out-of-bounds Write
|
CVE-2023-21406
|
2024-11-8 18:15 |
2023-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2604
|
5.3 |
MEDIUM
Network
axis
|
axis_os
|
AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific source code. The static RSA key is not used in any other secure communication nor can it be used to comp…
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2023-21404
|
2024-11-8 18:15 |
2023-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2605
|
7.8 |
HIGH
Local
|
axis
|
ip_utility
|
AXIS IP Utility before 4.18.0 allows for remote code execution and local privilege escalation by the means of DLL hijacking. IPUtility.exe would attempt to load DLLs from its current working director…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2022-23410
|
2024-11-8 18:15 |
2022-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2606
|
8.8 |
HIGH
Network
|
axis
|
axis_os_2020 axis_os_2018 axis_os_2016 axis_os
|
A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed (CRLF) control characters and include arbitrary S…
|
CWE-74
Injection
|
CVE-2021-31988
|
2024-11-8 18:15 |
2021-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2607
|
7.5 |
HIGH
Network
|
axis
|
axis_os_2020 axis_os_2018 axis_os_2016 axis_os
|
A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to bypass blocked network recipients.
|
NVD-CWE-Other
|
CVE-2021-31987
|
2024-11-8 18:15 |
2021-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2608
|
6.8 |
MEDIUM
Network
|
axis
|
axis_os_2020 axis_os_2018 axis_os_2016 axis_os
|
User controlled parameters related to SMTP notifications are not correctly validated. This can lead to a buffer overflow resulting in crashes and data leakage.
|
CWE-787
Out-of-bounds Write
|
CVE-2021-31986
|
2024-11-8 18:15 |
2021-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2609
|
8.8 |
HIGH
Network
|
axis
|
m3024-lve_firmware m3025-ve_firmware m7014_firmware m7016_firmware p1214-e_firmware p7214_firmware p7216_firmware q7401_firmware q7404_firmware q7414_firmware q7424-r_mk…
|
Brandon
Rothel from QED Secure Solutions has found that the VAPIX API tcptest.cgi
did not have a sufficient input validation allowing for a possible remote code
execution. This flaw can only be explo…
|
CWE-94
Code Injection
|
CVE-2023-5677
|
2024-11-8 18:15 |
2024-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2610
|
7.1 |
HIGH
Network
|
axis
|
axis_os_2018 axis_os axis_os_2022 axis_os_2020
|
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploi…
|
CWE-22
Path Traversal
|
CVE-2023-21418
|
2024-11-8 18:15 |
2023-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|