Filtered by vendor Geovision
Subscribe
Total
14 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-3638 | 1 Geovision | 2 Gv-adr2701, Gv-adr2701 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
In GeoVision GV-ADR2701 cameras, an attacker could edit the login response to access the web application. | |||||
CVE-2023-23059 | 1 Geovision | 1 Gv-edge Recording Manager | 2024-11-21 | N/A | 9.8 CRITICAL |
An issue was discovered in GeoVision GV-Edge Recording Manager 2.2.3.0 for windows, which contains improper permissions within the default installation and allows attackers to execute arbitrary code and gain escalated privileges. | |||||
CVE-2020-3931 | 1 Geovision | 12 Gv-as1010, Gv-as1010 Firmware, Gv-as210 and 9 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Buffer overflow exists in Geovision Door Access Control device family, an unauthenticated remote attacker can execute arbitrary command. | |||||
CVE-2020-3930 | 1 Geovision | 2 Gv-gf192x, Gv-gf192x Firmware | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
GeoVision Door Access Control device family improperly stores and controls access to system logs, any users can read these logs. | |||||
CVE-2019-13408 | 2 Androvideo, Geovision | 6 Vd 1, Vd 1 Firmware, Gv-vd8700 and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
A relative path traversal vulnerability found in Advan VD-1 firmware versions up to 230. It allows attackers to download arbitrary files via url cgibin/ExportSettings.cgi?Download=filepath, without any authentication. | |||||
CVE-2019-13407 | 2 Androvideo, Geovision | 6 Vd 1, Vd 1 Firmware, Gv-vd8700 and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
A XSS found in Advan VD-1 firmware versions up to 230. VD-1 responses a path error message when a requested resource was not found in page cgibin/ssi.cgi. It leads to a reflected XSS because the error message does not escape properly. | |||||
CVE-2019-11064 | 2 Androvideo, Geovision | 6 Vd 1, Vd 1 Firmware, Gv-vd8700 and 3 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
A vulnerability of remote credential disclosure was discovered in Advan VD-1 firmware versions up to 230. An attacker can export system configuration which is not encrypted to get the administrator’s account and password in plain text via cgibin/ExportSettings.cgi?Export=1 without any authentication. | |||||
CVE-2009-5087 | 1 Geovision | 1 Digital Surveillance System | 2024-11-21 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in geohttpserver in Geovision Digital Video Surveillance System 8.2 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET request. | |||||
CVE-2009-1092 | 1 Geovision | 1 Liveaudio Activex Control | 2024-11-21 | 9.3 HIGH | N/A |
Use-after-free vulnerability in the LIVEAUDIO.LiveAudioCtrl.1 ActiveX control in LIVEAU~1.OCX 7.0 for GeoVision DVR systems allows remote attackers to execute arbitrary code by calling the GetAudioPlayingTime method with certain arguments. | |||||
CVE-2009-0865 | 1 Geovision | 1 Livex Activex Control | 2024-11-21 | 8.8 HIGH | N/A |
Directory traversal vulnerability in the SnapShotToFile method in the GeoVision LiveX (aka LiveX_v8200) ActiveX control 8.1.2 and 8.2.0 in LIVEX_~1.OCX allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument, possibly involving the PlayX and SnapShotX methods. | |||||
CVE-2005-1553 | 1 Geovision | 1 Digital Surveillance System | 2024-11-20 | 7.5 HIGH | N/A |
GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0 uses a weak encryption scheme to encrypt passwords, which allows remote attackers to obtain the password via sniffing. | |||||
CVE-2005-1552 | 1 Geovision | 1 Digital Surveillance System | 2024-11-20 | 5.0 MEDIUM | N/A |
GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0, when set to create JPEG images, does not properly protect an image even when a password and username is assigned, which may allow remote attackers to gain sensitive information via a direct request to the image. | |||||
CVE-2004-2101 | 1 Geovision | 1 Geohttpserver | 2024-11-20 | 5.0 MEDIUM | N/A |
The sysinfo script in GeoHttpServer allows remote attackers to cause a denial of service (crash) via a long pwd parameter, possibly triggering a buffer overflow. | |||||
CVE-2004-2100 | 1 Geovision | 1 Geohttpserver | 2024-11-20 | 5.0 MEDIUM | N/A |
GeoHttpServer, when configured to authenticate users, allows remote attackers to bypass authentication and access unauthorized files via a URL that contains %0a%0a (encoded newlines). |