Vulnerabilities > Axis > Axis OS 2016 > High

DATE CVE VULNERABILITY TITLE RISK
2023-10-16 CVE-2023-21415 Path Traversal vulnerability in Axis products
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion.
network
low complexity
axis CWE-22
8.1
2021-10-05 CVE-2021-31987 Unspecified vulnerability in Axis products
A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to bypass blocked network recipients.
network
high complexity
axis
7.5
2021-10-05 CVE-2021-31988 Injection vulnerability in Axis products
A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed (CRLF) control characters and include arbitrary SMTP headers in the generated test email.
network
low complexity
axis CWE-74
8.8