Vulnerabilities > Axis
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-03 | CVE-2023-21408 | Improper Handling of Exceptional Conditions vulnerability in Axis License Plate Verifier Due to insufficient file permissions, unprivileged users could gain access to unencrypted user credentials that are used in the integration interface towards 3rd party systems. | 9.8 |
| 2023-08-03 | CVE-2023-21409 | Improper Handling of Exceptional Conditions vulnerability in Axis License Plate Verifier Due to insufficient file permissions, unprivileged users could gain access to unencrypted administrator credentials allowing the configuration of the application. | 9.8 |
| 2023-08-03 | CVE-2023-21410 | Unspecified vulnerability in Axis License Plate Verifier User provided input is not sanitized on the AXIS License Plate Verifier specific “api.cgi” allowing for arbitrary code execution. | 8.8 |
| 2023-08-03 | CVE-2023-21411 | Unspecified vulnerability in Axis License Plate Verifier User provided input is not sanitized in the “Settings > Access Control” configuration interface allowing for arbitrary code execution. | 8.8 |
| 2023-08-03 | CVE-2023-21412 | SQL Injection vulnerability in Axis License Plate Verifier User provided input is not sanitized on the AXIS License Plate Verifier specific “search.cgi” allowing for SQL injections. | 8.8 |
| 2023-07-25 | CVE-2023-21405 | Unspecified vulnerability in Axis products Knud from Fraktal.fi has found a flaw in some Axis Network Door Controllers and Axis Network Intercoms when communicating over OSDP, highlighting that the OSDP message parser crashes the pacsiod process, causing a temporary unavailability of the door-controlling functionalities meaning that doors cannot be opened or closed. low complexity axis | 6.5 |
| 2023-07-25 | CVE-2023-21406 | Out-of-bounds Write vulnerability in Axis A1001 Firmware 1.65.1 Ariel Harush and Roy Hodir from OTORIO have found a flaw in the AXIS A1001 when communicating over OSDP. | 8.8 |
| 2023-05-08 | CVE-2023-21404 | Missing Encryption of Sensitive Data vulnerability in Axis OS AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific source code. | 5.3 |
| 2023-02-21 | CVE-2023-22984 | Cross-site Scripting vulnerability in Axis 207W Firmware A Vulnerability was discovered in Axis 207W network camera. | 6.1 |
| 2022-06-15 | CVE-2017-20049 | Improper Privilege Management vulnerability in Axis products A vulnerability, was found in legacy Axis devices such as P3225 and M3005. | 9.8 |