Filtered by vendor Axis
Subscriptions
Total
66 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-10660 | 1 Axis | 780 A1001, A1001 Firmware, A8004-v and 777 more | 2024-08-05 | N/A |
An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection. | ||||
CVE-2018-10659 | 1 Axis | 780 A1001, A1001 Firmware, A8004-v and 777 more | 2024-08-05 | N/A |
There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which allows remote attackers to cause a denial of service (crash) by sending a crafted command which will result in a code path that calls the UND undefined ARM instruction. | ||||
CVE-2018-10661 | 1 Axis | 780 A1001, A1001 Firmware, A8004-v and 777 more | 2024-08-05 | N/A |
An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control. | ||||
CVE-2018-10662 | 1 Axis | 780 A1001, A1001 Firmware, A8004-v and 777 more | 2024-08-05 | N/A |
An issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface. | ||||
CVE-2018-10664 | 1 Axis | 780 A1001, A1001 Firmware, A8004-v and 777 more | 2024-08-05 | N/A |
An issue was discovered in the httpd process in multiple models of Axis IP Cameras. There is Memory Corruption. | ||||
CVE-2018-10658 | 1 Axis | 780 A1001, A1001 Firmware, A8004-v and 777 more | 2024-08-05 | N/A |
There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which causes a denial of service (crash). The crash arises from code inside libdbus-send.so shared object or similar. | ||||
CVE-2018-9158 | 1 Axis | 2 M1033-w, M1033-w Firmware | 2024-08-05 | N/A |
An issue was discovered on AXIS M1033-W (IP camera) Firmware version 5.40.5.1 devices. They don't employ a suitable mechanism to prevent a DoS attack, which leads to a response time delay. An attacker can use the hping3 tool to perform an IPv4 flood attack, and the services are interrupted from attack start to end. | ||||
CVE-2021-31988 | 1 Axis | 4 Axis Os, Axis Os 2016, Axis Os 2018 and 1 more | 2024-08-03 | 8.8 High |
A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed (CRLF) control characters and include arbitrary SMTP headers in the generated test email. | ||||
CVE-2021-31989 | 1 Axis | 1 Device Manager | 2024-08-03 | 5.3 Medium |
A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application. The memory dump may potentially contain credentials of connected Axis devices. | ||||
CVE-2021-31986 | 1 Axis | 4 Axis Os, Axis Os 2016, Axis Os 2018 and 1 more | 2024-08-03 | 6.8 Medium |
User controlled parameters related to SMTP notifications are not correctly validated. This can lead to a buffer overflow resulting in crashes and data leakage. | ||||
CVE-2021-31987 | 1 Axis | 4 Axis Os, Axis Os 2016, Axis Os 2018 and 1 more | 2024-08-03 | 7.5 High |
A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to bypass blocked network recipients. | ||||
CVE-2022-28860 | 2 Axis, Citilog | 2 M1125, Citilog | 2024-08-03 | 5.9 Medium |
An authentication downgrade in the server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1125) to achieve HTTP access to the camera. | ||||
CVE-2022-28861 | 2 Axis, Citilog | 2 M1125, Citilog | 2024-08-03 | 5.9 Medium |
The server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1125) to see FTP credentials in a cleartext HTTP traffic. These can be used for FTP access to the server. | ||||
CVE-2022-23410 | 1 Axis | 1 Ip Utility | 2024-08-03 | 7.8 High |
AXIS IP Utility before 4.18.0 allows for remote code execution and local privilege escalation by the means of DLL hijacking. IPUtility.exe would attempt to load DLLs from its current working directory which could allow for remote code execution if a compromised DLL would be placed in the same folder. | ||||
CVE-2023-22984 | 1 Axis | 2 207w, 207w Firmware | 2024-08-02 | 6.1 Medium |
A Vulnerability was discovered in Axis 207W network camera. There is a reflected XSS vulnerability in the web administration portal, which allows an attacker to execute arbitrary JavaScript via URL. | ||||
CVE-2023-21408 | 1 Axis | 1 License Plate Verifier | 2024-08-02 | 8.4 High |
Due to insufficient file permissions, unprivileged users could gain access to unencrypted user credentials that are used in the integration interface towards 3rd party systems. | ||||
CVE-2023-21412 | 1 Axis | 1 License Plate Verifier | 2024-08-02 | 7.2 High |
User provided input is not sanitized on the AXIS License Plate Verifier specific “search.cgi” allowing for SQL injections. | ||||
CVE-2023-21407 | 1 Axis | 1 License Plate Verifier | 2024-08-02 | 8.8 High |
A broken access control was found allowing for privileged escalation of the operator account to gain administrator privileges. | ||||
CVE-2023-21410 | 1 Axis | 1 License Plate Verifier | 2024-08-02 | 7.2 High |
User provided input is not sanitized on the AXIS License Plate Verifier specific “api.cgi” allowing for arbitrary code execution. | ||||
CVE-2023-21411 | 1 Axis | 1 License Plate Verifier | 2024-08-02 | 7.2 High |
User provided input is not sanitized in the “Settings > Access Control” configuration interface allowing for arbitrary code execution. |