|
1831
|
6.5 |
MEDIUM
Network
|
axis
|
axis_os
axis_os_2022
|
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi was vulnerable to a Denial-of-Service attack allowing for an attacker to block access to the ov…
|
NVD-CWE-noinfo
|
CVE-2023-21416
|
2024-11-8 18:15 |
2023-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1832
|
8.1 |
HIGH
Network
|
axis
|
axis_os_2022
axis_os_2018
axis_os_2020
axis_os
axis_os_2016
|
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be explo…
|
CWE-22
Path Traversal
|
CVE-2023-21415
|
2024-11-8 18:15 |
2023-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1833
|
6.8 |
MEDIUM
Physics
|
axis
|
axis_os
|
NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which provid…
|
NVD-CWE-noinfo
|
CVE-2023-21414
|
2024-11-8 18:15 |
2023-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1834
|
7.2 |
HIGH
Network
|
axis
|
axis_os
|
GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution during the installation of ACAP applications on the Axis device. The application handling service in AXIS O…
|
CWE-77
Command Injection
|
CVE-2023-21413
|
2024-11-8 18:15 |
2023-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1835
|
8.8 |
HIGH
Network
|
axis
|
license_plate_verifier
|
User provided input is not sanitized on the AXIS License Plate Verifier specific “search.cgi” allowing for
SQL injections.
|
CWE-89
SQL Injection
|
CVE-2023-21412
|
2024-11-8 18:15 |
2023-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1836
|
8.8 |
HIGH
Network
|
axis
|
license_plate_verifier
|
User provided input is not sanitized in the “Settings > Access Control” configuration interface allowing for
arbitrary code execution.
|
NVD-CWE-noinfo
|
CVE-2023-21411
|
2024-11-8 18:15 |
2023-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1837
|
8.8 |
HIGH
Network
|
axis
|
license_plate_verifier
|
User provided input is not sanitized on the AXIS License Plate Verifier specific “api.cgi” allowing for
arbitrary code execution.
|
NVD-CWE-noinfo
|
CVE-2023-21410
|
2024-11-8 18:15 |
2023-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1838
|
8.8 |
HIGH
Adjacent
|
axis
|
a1001_firmware
|
Ariel Harush and Roy Hodir from OTORIO have found a flaw in the AXIS A1001 when
communicating over OSDP. A heap-based buffer overflow was found in the pacsiod process which
is handling the OSDP commu…
|
CWE-787
Out-of-bounds Write
|
CVE-2023-21406
|
2024-11-8 18:15 |
2023-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1839
|
5.3 |
MEDIUM
Network
axis
|
axis_os
|
AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific source code. The static RSA key is not used in any other secure communication nor can it be used to comp…
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2023-21404
|
2024-11-8 18:15 |
2023-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1840
|
8.8 |
HIGH
Network
|
axis
|
m3024-lve_firmware
m3025-ve_firmware
m7014_firmware
m7016_firmware
p1214-e_firmware
p7214_firmware
p7216_firmware
q7401_firmware
q7404_firmware
q7414_firmware
q7424-r_mk…
|
Brandon
Rothel from QED Secure Solutions has found that the VAPIX API tcptest.cgi
did not have a sufficient input validation allowing for a possible remote code
execution. This flaw can only be explo…
|
CWE-94
Code Injection
|
CVE-2023-5677
|
2024-11-8 18:15 |
2024-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
