Vulnerabilities > Axis

DATE CVE VULNERABILITY TITLE RISK
2018-06-26 CVE-2018-10659 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Axis products
There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which allows remote attackers to cause a denial of service (crash) by sending a crafted command which will result in a code path that calls the UND undefined ARM instruction.
network
low complexity
axis CWE-119
5.0
2018-06-26 CVE-2018-10658 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Axis products
There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which causes a denial of service (crash).
network
low complexity
axis CWE-119
5.0
2018-04-01 CVE-2018-9158 Improper Input Validation vulnerability in Axis M1033-W Firmware 5.40.5.1
An issue was discovered on AXIS M1033-W (IP camera) Firmware version 5.40.5.1 devices.
network
low complexity
axis CWE-20
5.0
2018-04-01 CVE-2018-9157 Unrestricted Upload of File with Dangerous Type vulnerability in Axis M1033-W Firmware 5.40.5.1
An issue was discovered on AXIS M1033-W (IP camera) Firmware version 5.40.5.1 devices.
network
high complexity
axis CWE-434
7.5
2018-04-01 CVE-2018-9156 Unrestricted Upload of File with Dangerous Type vulnerability in Axis P1354 Firmware 5.90.1.1
An issue was discovered on AXIS P1354 (IP camera) Firmware version 5.90.1.1 devices.
network
high complexity
axis CWE-434
7.5
2017-10-25 CVE-2017-15885 Cross-site Scripting vulnerability in Axis 2100 Network Camera Firmware 2.03
Reflected XSS in the web administration portal on the Axis 2100 Network Camera 2.03 allows an attacker to execute arbitrary JavaScript via the conf_Layout_OwnTitle parameter to view/view.shtml.
network
axis CWE-79
4.3
2017-08-04 CVE-2017-12413 Cross-site Scripting vulnerability in Axis 2100 Network Camera Firmware 2.43
AXIS 2100 devices 2.43 have XSS via the URI, possibly related to admin/admin.shtml.
network
axis CWE-79
4.3
2017-05-02 CVE-2015-8257 Command Injection vulnerability in Axis Network Camera Firmware
The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_custom.shtml, (3) app_index.shtml, or (4) app_params.shtml.
network
low complexity
axis CWE-77
critical
9.0
2017-04-17 CVE-2015-8256 Cross-site Scripting vulnerability in Axis Network Camera Firmware
Multiple cross-site scripting (XSS) vulnerabilities in Axis network cameras.
network
axis CWE-79
4.3
2017-04-10 CVE-2015-8258 Injection vulnerability in Axis Communications Firmware
AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a "resource injection vulnerability."
network
low complexity
axis CWE-74
7.8