CVE 列表 – 发现高风险与在野利用漏洞

聚合 NVD、CVE 及多源情报,深度解析 RCE 等高危风险。系统集成 CVSS 与 EPSS 模型,动态追踪 Exploit 资源与 PoC 公开状态,研判可利用性。结合官方补丁与修复方案,优化漏洞管理优先级,缩短响应周期,保障资产安全。

分配机构(CNA / 来源):[email protected] 移除此筛选

显示 12090 条结果
«« 第一页 « 上一页 第 1 / 5 页 下一页 »
CVE 描述 最高 CVSS EPSS % 公开时间 更新时间
CVE-2021-31989 A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application. The memory dump may potentially contain credentials of connected Axis devices. 5.3 0.38% 2021-08-25 2026-06-16
CVE-2021-31986 User controlled parameters related to SMTP notifications are not correctly validated. This can lead to a buffer overflow resulting in crashes and data leakage. 6.8 0.78% 2021-10-05 2026-06-16
CVE-2021-31987 A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to bypass blocked network recipients. 7.5 0.86% 2021-10-05 2026-06-16
CVE-2021-31988 A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed (CRLF) control characters and include arbitrary SMTP headers in the generated test email. 8.8 0.92% 2021-10-05 2026-06-16
CVE-2022-23410 AXIS IP Utility before 4.18.0 allows for remote code execution and local privilege escalation by the means of DLL hijacking. IPUtility.exe would attempt to load DLLs from its current working directory which could allow for remote code execution if a compromised DLL would be placed in the same folder. 7.8 0.37% 2022-02-14 2026-06-17
CVE-2017-20046 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This CVE has been rejected since it is out of scope in accordance to the Vulnerability Policy of Axis: https://www.axis.com/dam/public/76/fe/26/axis-vulnerability-management-policy-en-US-375421.pdf. Notes: none 0.04% 2022-06-15 2023-11-06
CVE-2017-20047 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This CVE has been rejected as out of scope in accordance to the Vulnerability Policy of Axis: https://www.axis.com/dam/public/76/fe/26/axis-vulnerability-management-policy-en-US-375421.pdf. Notes: none 0.04% 2022-06-15 2023-11-06
CVE-2017-20048 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This CVE has been rejected since it is out of scope in accordance to the Vulnerability Policy of Axis: https://www.axis.com/dam/public/76/fe/26/axis-vulnerability-management-policy-en-US-375421.pdf. Notes: none 0.04% 2022-06-15 2023-11-06
CVE-2017-20049 A vulnerability, was found in legacy Axis devices such as P3225 and M3005. This affects an unknown part of the component CGI Script. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. 9.8 1.41% 2022-06-15 2026-06-16
CVE-2017-20050 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This CVE has been rejected due to lack of sufficient information on how to reproduce the vulnerability. Notes: none 0.04% 2022-06-15 2023-11-06
CVE-2023-21404 AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific source code. The static RSA key is not used in any other secure communication nor can it be used to compromise the device or any customer data. 5.3 0.28% 2023-05-08 2026-06-17
CVE-2023-21405 Knud from Fraktal.fi has found a flaw in some Axis Network Door Controllers and Axis Network Intercoms when communicating over OSDP, highlighting that the OSDP message parser crashes the pacsiod process, causing a temporary unavailability of the door-controlling functionalities meaning that doors cannot be opened or closed. No sensitive or customer data can be extracted as the Axis device is not further compromised. Please refer to the Axis security advisory for more information, mitigation and 6.5 0.26% 2023-07-25 2026-06-17
CVE-2023-21406 Ariel Harush and Roy Hodir from OTORIO have found a flaw in the AXIS A1001 when communicating over OSDP. A heap-based buffer overflow was found in the pacsiod process which is handling the OSDP communication allowing to write outside of the allocated buffer. By appending invalid data to an OSDP message it was possible to write data beyond the heap allocated buffer. The data written outside the buffer could be used to execute arbitrary code.  lease refer to the Axis security advisory for more in 7.1 0.28% 2023-07-25 2026-06-17
CVE-2023-21407 A broken access control was found allowing for privileged escalation of the operator account to gain administrator privileges. 8.8 0.55% 2023-08-03 2026-06-17
CVE-2023-21408 Due to insufficient file permissions, unprivileged users could gain access to unencrypted user credentials that are used in the integration interface towards 3rd party systems. 8.4 0.56% 2023-08-03 2026-06-17
CVE-2023-21409 Due to insufficient file permissions, unprivileged users could gain access to unencrypted administrator credentials allowing the configuration of the application. 8.4 0.56% 2023-08-03 2026-06-17
CVE-2023-21410 User provided input is not sanitized on the AXIS License Plate Verifier specific “api.cgi” allowing for arbitrary code execution. 7.2 0.75% 2023-08-03 2026-06-17
CVE-2023-21411 User provided input is not sanitized in the “Settings > Access Control” configuration interface allowing for arbitrary code execution. 7.2 0.75% 2023-08-03 2026-06-17
CVE-2023-21412 User provided input is not sanitized on the AXIS License Plate Verifier specific “search.cgi” allowing for SQL injections. 7.2 0.49% 2023-08-03 2026-06-17
CVE-2023-21413 GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution during the installation of ACAP applications on the Axis device. The application handling service in AXIS OS was vulnerable to command injection allowing an attacker to run arbitrary code. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. 9.1 1.25% 2023-10-16 2026-06-17
«« 第一页 « 上一页 第 1 / 5 页 下一页 »
cvelogic Threat Intelligence