Axis Axis_os_2020
7 CVEs affecting Axis Axis_os_2020. Latest disclosed: 2024-02-05. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-31988 | High | 8.8 | 2021-10-05 | A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed (CRLF) co… |
CVE-2021-31987 | High | 7.5 | 2021-10-05 | A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to bypass blocked network recipients. |
CVE-2023-21418 | High | 7.1 | 2023-11-21 | Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for fil… |
CVE-2023-21417 | High | 7.1 | 2023-11-21 | Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API manageoverlayimage.cgi was vulnerable to path traversal attacks that allo… |
CVE-2021-31986 | Medium | 6.8 | 2021-10-05 | User controlled parameters related to SMTP notifications are not correctly validated. This can lead to a buffer overflow resulting in crashes and data leakage. |
CVE-2023-21415 | Medium | 6.5 | 2023-10-16 | Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for fi… |
CVE-2023-5800 | Medium | 5.4 | 2024-02-05 | Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay.cgi did not have a sufficient input validation allowing for a po… |