Filtered by vendor Axis
Subscribe
Total
64 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-21404 | 1 Axis | 1 Axis Os | 2023-12-10 | N/A | 5.3 MEDIUM |
| AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific source code. The static RSA key is not used in any other secure communication nor can it be used to compromise the device or any customer data. | |||||
| CVE-2022-28860 | 2 Axis, Citilog | 2 M1125, Citilog | 2023-12-10 | N/A | 5.9 MEDIUM |
| An authentication downgrade in the server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1125) to achieve HTTP access to the camera. | |||||
| CVE-2022-28861 | 2 Axis, Citilog | 2 M1125, Citilog | 2023-12-10 | N/A | 5.9 MEDIUM |
| The server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1125) to see FTP credentials in a cleartext HTTP traffic. These can be used for FTP access to the server. | |||||
| CVE-2017-20049 | 1 Axis | 12 M3005, M3005 Firmware, M3007 and 9 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability, was found in legacy Axis devices such as P3225 and M3005. This affects an unknown part of the component CGI Script. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. | |||||
| CVE-2022-23410 | 1 Axis | 1 Ip Utility | 2023-12-10 | 4.4 MEDIUM | 7.8 HIGH |
| AXIS IP Utility before 4.18.0 allows for remote code execution and local privilege escalation by the means of DLL hijacking. IPUtility.exe would attempt to load DLLs from its current working directory which could allow for remote code execution if a compromised DLL would be placed in the same folder. | |||||
| CVE-2021-31986 | 1 Axis | 4 Axis Os, Axis Os 2016, Axis Os 2018 and 1 more | 2023-12-10 | 4.0 MEDIUM | 6.8 MEDIUM |
| User controlled parameters related to SMTP notifications are not correctly validated. This can lead to a buffer overflow resulting in crashes and data leakage. | |||||
| CVE-2021-31988 | 1 Axis | 4 Axis Os, Axis Os 2016, Axis Os 2018 and 1 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed (CRLF) control characters and include arbitrary SMTP headers in the generated test email. | |||||
| CVE-2021-31987 | 1 Axis | 4 Axis Os, Axis Os 2016, Axis Os 2018 and 1 more | 2023-12-10 | 5.1 MEDIUM | 7.5 HIGH |
| A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to bypass blocked network recipients. | |||||
| CVE-2021-31989 | 1 Axis | 1 Device Manager | 2023-12-10 | 3.5 LOW | 5.3 MEDIUM |
| A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application. The memory dump may potentially contain credentials of connected Axis devices. | |||||
| CVE-2018-9158 | 1 Axis | 2 M1033-w, M1033-w Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on AXIS M1033-W (IP camera) Firmware version 5.40.5.1 devices. They don't employ a suitable mechanism to prevent a DoS attack, which leads to a response time delay. An attacker can use the hping3 tool to perform an IPv4 flood attack, and the services are interrupted from attack start to end. | |||||
| CVE-2018-10663 | 1 Axis | 780 A1001, A1001 Firmware, A8004-v and 777 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in multiple models of Axis IP Cameras. There is an Incorrect Size Calculation. | |||||
| CVE-2018-10662 | 1 Axis | 780 A1001, A1001 Firmware, A8004-v and 777 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface. | |||||
| CVE-2018-10660 | 1 Axis | 780 A1001, A1001 Firmware, A8004-v and 777 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection. | |||||
| CVE-2018-10659 | 1 Axis | 780 A1001, A1001 Firmware, A8004-v and 777 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which allows remote attackers to cause a denial of service (crash) by sending a crafted command which will result in a code path that calls the UND undefined ARM instruction. | |||||
| CVE-2018-10658 | 1 Axis | 780 A1001, A1001 Firmware, A8004-v and 777 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which causes a denial of service (crash). The crash arises from code inside libdbus-send.so shared object or similar. | |||||
| CVE-2018-10664 | 1 Axis | 780 A1001, A1001 Firmware, A8004-v and 777 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the httpd process in multiple models of Axis IP Cameras. There is Memory Corruption. | |||||
| CVE-2018-10661 | 1 Axis | 780 A1001, A1001 Firmware, A8004-v and 777 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control. | |||||
| CVE-2017-12413 | 1 Axis | 2 2100 Network Camera, 2100 Network Camera Firmware | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| AXIS 2100 devices 2.43 have XSS via the URI, possibly related to admin/admin.shtml. | |||||
| CVE-2017-15885 | 1 Axis | 2 2100 Network Camera, 2100 Network Camera Firmware | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in the web administration portal on the Axis 2100 Network Camera 2.03 allows an attacker to execute arbitrary JavaScript via the conf_Layout_OwnTitle parameter to view/view.shtml. NOTE: this might overlap CVE-2007-5214. | |||||
| CVE-2015-8257 | 1 Axis | 11 Cannon Network Camera, Explosion-protected Camera, Fixed Box Camera and 8 more | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
| The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_custom.shtml, (3) app_index.shtml, or (4) app_params.shtml. | |||||