Vulnerabilities > Axis > Axis OS 2020

DATE CVE VULNERABILITY TITLE RISK
2024-02-05 CVE-2023-5800 Code Injection vulnerability in Axis OS
Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay.cgi did not have a sufficient input validation allowing for a possible remote code execution.
network
low complexity
axis CWE-94
8.8
2023-11-21 CVE-2023-21417 Path Traversal vulnerability in Axis OS
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API manageoverlayimage.cgi was vulnerable to path traversal attacks that allows for file/folder deletion.
network
low complexity
axis CWE-22
7.1
2023-11-21 CVE-2023-21418 Path Traversal vulnerability in Axis products
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion.
network
low complexity
axis CWE-22
7.1
2023-10-16 CVE-2023-21415 Path Traversal vulnerability in Axis products
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion.
network
low complexity
axis CWE-22
8.1
2021-10-05 CVE-2021-31986 Out-of-bounds Write vulnerability in Axis products
User controlled parameters related to SMTP notifications are not correctly validated.
network
high complexity
axis CWE-787
6.8
2021-10-05 CVE-2021-31987 Unspecified vulnerability in Axis products
A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to bypass blocked network recipients.
network
high complexity
axis
7.5
2021-10-05 CVE-2021-31988 Injection vulnerability in Axis products
A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed (CRLF) control characters and include arbitrary SMTP headers in the generated test email.
network
low complexity
axis CWE-74
8.8