|
1841
|
7.8 |
HIGH
Local
|
axis
|
ip_utility
|
AXIS IP Utility before 4.18.0 allows for remote code execution and local privilege escalation by the means of DLL hijacking. IPUtility.exe would attempt to load DLLs from its current working director…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2022-23410
|
2024-11-8 18:15 |
2022-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1842
|
8.8 |
HIGH
Network
|
axis
|
axis_os_2020
axis_os_2018
axis_os_2016
axis_os
|
A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed (CRLF) control characters and include arbitrary S…
|
CWE-74
Injection
|
CVE-2021-31988
|
2024-11-8 18:15 |
2021-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1843
|
7.5 |
HIGH
Network
|
axis
|
axis_os_2020
axis_os_2018
axis_os_2016
axis_os
|
A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to bypass blocked network recipients.
|
NVD-CWE-Other
|
CVE-2021-31987
|
2024-11-8 18:15 |
2021-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1844
|
7.1 |
HIGH
Network
|
axis
|
axis_os_2018
axis_os
axis_os_2022
axis_os_2020
|
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploi…
|
CWE-22
Path Traversal
|
CVE-2023-21418
|
2024-11-8 18:15 |
2023-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1845
|
7.1 |
HIGH
Network
|
axis
|
axis_os
axis_os_2022
axis_os_2020
|
Sandro Poppi, member of the AXIS OS Bug Bounty Program,
has found that the VAPIX API manageoverlayimage.cgi was vulnerable to path traversal attacks that allows for file/folder deletion. This flaw c…
|
CWE-22
Path Traversal
|
CVE-2023-21417
|
2024-11-8 18:15 |
2023-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1846
|
6.5 |
MEDIUM
Adjacent
|
axis
|
a1001_firmware
a1210_\(-b\)_firmware
a1601_firmware
a1610_\(-b\)_firmware
axis_os
|
Knud from Fraktal.fi has found a flaw in some Axis Network Door Controllers and Axis Network
Intercoms when communicating over OSDP, highlighting that the OSDP message parser crashes
the pacsiod proc…
|
NVD-CWE-noinfo
|
CVE-2023-21405
|
2024-11-8 18:15 |
2023-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1847
|
6.8 |
MEDIUM
Network
|
axis
|
axis_os_2020
axis_os_2018
axis_os_2016
axis_os
|
User controlled parameters related to SMTP notifications are not correctly validated. This can lead to a buffer overflow resulting in crashes and data leakage.
|
CWE-787
Out-of-bounds Write
|
CVE-2021-31986
|
2024-11-8 18:15 |
2021-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1848
|
5.3 |
MEDIUM
Network
|
axis
|
device_manager
|
A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application. The mem…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2021-31989
|
2024-11-8 18:15 |
2021-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1849
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
udf: refactor inode_bmap() to handle error
Refactor inode_bmap() to handle error since udf_next_aext() can return
error now. On s…
|
-
|
CVE-2024-50211
|
2024-11-8 15:15 |
2024-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1850
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
ring-buffer: Fix reader locking when changing the sub buffer order
The function ring_buffer_subbuf_order_set() updates each
ring_…
|
-
|
CVE-2024-50207
|
2024-11-8 15:15 |
2024-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
