Vulnerabilities > Axis > Axis OS > 10.6.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-05 | CVE-2023-5800 | Code Injection vulnerability in Axis OS Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay.cgi did not have a sufficient input validation allowing for a possible remote code execution. | 8.8 |
| 2023-11-21 | CVE-2023-21416 | Unspecified vulnerability in Axis OS Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi was vulnerable to a Denial-of-Service attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. | 6.5 |
| 2023-11-21 | CVE-2023-21417 | Path Traversal vulnerability in Axis OS Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API manageoverlayimage.cgi was vulnerable to path traversal attacks that allows for file/folder deletion. | 7.1 |
| 2023-11-21 | CVE-2023-21418 | Path Traversal vulnerability in Axis products Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. | 7.1 |
| 2023-10-16 | CVE-2023-21414 | Unspecified vulnerability in Axis OS NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. low complexity axis | 6.8 |
| 2023-07-25 | CVE-2023-21405 | Unspecified vulnerability in Axis products Knud from Fraktal.fi has found a flaw in some Axis Network Door Controllers and Axis Network Intercoms when communicating over OSDP, highlighting that the OSDP message parser crashes the pacsiod process, causing a temporary unavailability of the door-controlling functionalities meaning that doors cannot be opened or closed. low complexity axis | 6.5 |
| 2021-10-05 | CVE-2021-31986 | Out-of-bounds Write vulnerability in Axis products User controlled parameters related to SMTP notifications are not correctly validated. | 4.0 |
| 2021-10-05 | CVE-2021-31987 | Unspecified vulnerability in Axis products A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to bypass blocked network recipients. | 5.1 |
| 2021-10-05 | CVE-2021-31988 | Injection vulnerability in Axis products A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed (CRLF) control characters and include arbitrary SMTP headers in the generated test email. | 6.8 |