|
2341
|
8.1 |
HIGH
Network
|
axis
|
axis_os_2022
axis_os_2018
axis_os_2020
axis_os
axis_os_2016
|
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be explo…
|
CWE-22
Path Traversal
|
CVE-2023-21415
|
2024-11-8 18:15 |
2023-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2342
|
6.8 |
MEDIUM
Physics
|
axis
|
axis_os
|
NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which provid…
|
NVD-CWE-noinfo
|
CVE-2023-21414
|
2024-11-8 18:15 |
2023-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2343
|
7.2 |
HIGH
Network
|
axis
|
axis_os
|
GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution during the installation of ACAP applications on the Axis device. The application handling service in AXIS O…
|
CWE-77
Command Injection
|
CVE-2023-21413
|
2024-11-8 18:15 |
2023-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2344
|
8.8 |
HIGH
Network
|
axis
|
license_plate_verifier
|
User provided input is not sanitized on the AXIS License Plate Verifier specific “search.cgi” allowing for
SQL injections.
|
CWE-89
SQL Injection
|
CVE-2023-21412
|
2024-11-8 18:15 |
2023-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2345
|
8.8 |
HIGH
Network
|
axis
|
license_plate_verifier
|
User provided input is not sanitized in the “Settings > Access Control” configuration interface allowing for
arbitrary code execution.
|
NVD-CWE-noinfo
|
CVE-2023-21411
|
2024-11-8 18:15 |
2023-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2346
|
8.8 |
HIGH
Network
|
axis
|
license_plate_verifier
|
User provided input is not sanitized on the AXIS License Plate Verifier specific “api.cgi” allowing for
arbitrary code execution.
|
NVD-CWE-noinfo
|
CVE-2023-21410
|
2024-11-8 18:15 |
2023-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2347
|
8.8 |
HIGH
Adjacent
|
axis
|
a1001_firmware
|
Ariel Harush and Roy Hodir from OTORIO have found a flaw in the AXIS A1001 when
communicating over OSDP. A heap-based buffer overflow was found in the pacsiod process which
is handling the OSDP commu…
|
CWE-787
Out-of-bounds Write
|
CVE-2023-21406
|
2024-11-8 18:15 |
2023-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2348
|
8.8 |
HIGH
Network
|
axis
|
m3024-lve_firmware
m3025-ve_firmware
m7014_firmware
m7016_firmware
p1214-e_firmware
p7214_firmware
p7216_firmware
q7401_firmware
q7404_firmware
q7414_firmware
q7424-r_mk…
|
Brandon
Rothel from QED Secure Solutions has found that the VAPIX API tcptest.cgi
did not have a sufficient input validation allowing for a possible remote code
execution. This flaw can only be explo…
|
CWE-94
Code Injection
|
CVE-2023-5677
|
2024-11-8 18:15 |
2024-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2349
|
7.1 |
HIGH
Network
|
axis
|
axis_os_2018
axis_os
axis_os_2022
axis_os_2020
|
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploi…
|
CWE-22
Path Traversal
|
CVE-2023-21418
|
2024-11-8 18:15 |
2023-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2350
|
7.1 |
HIGH
Network
|
axis
|
axis_os
axis_os_2022
axis_os_2020
|
Sandro Poppi, member of the AXIS OS Bug Bounty Program,
has found that the VAPIX API manageoverlayimage.cgi was vulnerable to path traversal attacks that allows for file/folder deletion. This flaw c…
|
CWE-22
Path Traversal
|
CVE-2023-21417
|
2024-11-8 18:15 |
2023-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
