|
2351
|
- |
|
-
|
-
|
Marinus Pfund, member of the AXIS OS Bug Bounty Program,
has found the VAPIX API alwaysmulti.cgi was vulnerable for file globbing which could lead to resource exhaustion of the Axis device.
Axis ha…
|
-
|
CVE-2024-6509
|
2024-11-8 18:15 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2352
|
- |
|
-
|
-
|
51l3nc3, member of the AXIS OS Bug Bounty Program, has found that a Guard Tour VAPIX API parameter allowed the use of arbitrary values allowing for an attacker to block access to the guard tour confi…
|
-
|
CVE-2024-6173
|
2024-11-8 18:15 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2353
|
- |
|
-
|
-
|
Marinus Pfund, member of the AXIS OS Bug Bounty Program,
has found the VAPIX API ledlimit.cgi was vulnerable for path traversal attacks allowing to list folder/file names on the local file system of…
|
-
|
CVE-2024-0067
|
2024-11-8 18:15 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2354
|
- |
|
-
|
-
|
Johan Fagerström, member of the AXIS OS Bug Bounty Program, has found that a O3C feature may expose sensitive traffic between the client (Axis device) and (O3C) server. If O3C is not being used this …
|
-
|
CVE-2024-0066
|
2024-11-8 18:15 |
2024-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2355
|
- |
|
-
|
-
|
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs mediaclip.cgi and playclip.cgi was vulnerable for file globbing which could lead to a resource exhaustion attack.…
|
-
|
CVE-2024-0055
|
2024-11-8 18:15 |
2024-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2356
|
- |
|
-
|
-
|
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs local_list.cgi, create_overlay.cgi and irissetup.cgi was vulnerable for file globbing which could lead to a resou…
|
-
|
CVE-2024-0054
|
2024-11-8 18:15 |
2024-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2357
|
8.8 |
HIGH
Network
|
axis
|
axis_os
axis_os_2022
axis_os_2020
|
Vintage,
member of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay.cgi
did not have a sufficient input validation allowing for a possible remote code
execution. This flaw …
|
CWE-94
Code Injection
|
CVE-2023-5800
|
2024-11-8 18:15 |
2024-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2358
|
6.8 |
MEDIUM
Physics
|
axis
|
axis_os_2022
axis_os
|
During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a s…
|
NVD-CWE-noinfo
|
CVE-2023-5553
|
2024-11-8 18:15 |
2023-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2359
|
6.5 |
MEDIUM
Network
|
axis
|
axis_os
axis_os_2022
|
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi was vulnerable to a Denial-of-Service attack allowing for an attacker to block access to the ov…
|
NVD-CWE-noinfo
|
CVE-2023-21416
|
2024-11-8 18:15 |
2023-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2360
|
8.1 |
HIGH
Network
|
axis
|
axis_os_2022
axis_os_2018
axis_os_2020
axis_os
axis_os_2016
|
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be explo…
|
CWE-22
Path Traversal
|
CVE-2023-21415
|
2024-11-8 18:15 |
2023-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
