Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-21417

Sandro Poppi, member of the AXIS OS Bug Bounty Program,

has found that the VAPIX API manageoverlayimage.cgi was vulnerable to path traversal attacks that allows for file/folder deletion. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account. The impact of exploiting this vulnerability is lower with operator service accounts and limited to non-system files compared to administrator-privileges. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

CVE
Open in Source
#vulnerability#js#pdf#auth

%PDF-1.7 %���� 1 0 obj <> endobj 2 0 obj <> endobj 3 0 obj <>/ExtGState<>/Font<>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/Annots[ 43 0 R 47 0 R 48 0 R 51 0 R 66 0 R 69 0 R 70 0 R 71 0 R 72 0 R 73 0 R] /MediaBox[ 0 0 595.32 841.92] /Contents 6 0 R/Group<>/Tabs/S>> endobj 4 0 obj <> stream ����JFIF����C    $.’ ",#(7),01444’9=82<.342��C  2!!22222222222222222222222222222222222222222222222222����"�� ���}!1AQa"q2���#B��R��$3br� %&’()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz��������������������������������������������������������������������������� ���w!1AQaq"2�B���� #3R�br� $4�%�&’()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz�������������������������������������������������������������������������� ?��(�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� )��Ā����S�&��QE0 (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (����݋Kb��xQ�VY�)bpɮ[P�7w%��^W��c~�GO��ta��I�&�|��D�Ĥ��ϯ�t����G��b�����W����7������PӞ&�Q_Ny�EPEPEPEPEPEPEP\��:�4�nn�k���� �0V`>�g��WO}{o��O{w*�o$�� ��|e���x��W����~��#�,���<��h��ᥬ��[������������5�?L_�^\�n$7���s�{��5�����9�aKo��� x����t-b�K����\��cu7#���z��5�� ��(�[a����(��_��}����ᥬ��[������֟��h-+Y׬��&[�\G���2�=21�8�|�J "�>�����ߎ?�.����T���|��q����������MF��o��mk��s������������|��&�>>���GS_ �K�[6�x�xy{/���j�*�#�Z������ �Mz’��I��>�P]"[X���� �|q�q��ɞ��犼Eg�د�n ��5�&>�f����k?h��M�{-�����’ܞh�|U�����’��_C�v��!�g �zc���� -e�B�����+���%S���?��.�>��s�"�Q�-�%�،`�>�۽�5�W�������O�������Z�Kq<�8bB�;tU$�Y����y(�nwv�Q�My������4� ����q���f�b�3^#�3�u���9-�� ’���������h�9�ih�~��NW?�v�Z��]��X���W��@�� .��,� ��+�<9��o�oN���’��7��v܌�=��Z�_����o�ׄ_� I�x�=*I#�#o%�’�ge�6o��*�3�A�$dR�)�S�8dH��XC4��~�r���i9���K%��:���Rk^�2��

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE