Search
Search Results (11 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-57873 | 2 Geovision, Geovision Inc. | 2 Gv-lpc2011, Gv-lpclpc2011 2211 | 2026-06-29 | 7.5 High |
| An unauthenticated NULL pointer dereference vulnerability exists in IEEE8021x_upload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of multipart upload headers when processing certificate-related upload fields. A remote attacker may exploit this vulnerability by sending a malformed multipart request, causing the affected CGI process to crash and resulting in a denial of service. | ||||
| CVE-2026-57874 | 2 Geovision, Geovision Inc. | 2 Gv-lpc2011, Gv-lpclpc2011 2211 | 2026-06-29 | 7.5 High |
| An unauthenticated buffer overflow vulnerability exists in IEEE8021x_upload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when parsing filename values in multipart upload data. A remote attacker may exploit this vulnerability by sending a crafted upload request with overly long input, causing memory corruption and resulting in a denial of service. | ||||
| CVE-2026-57875 | 2 Geovision, Geovision Inc. | 2 Gv-lpc2011, Gv-lpclpc2011 2211 | 2026-06-29 | 7.5 High |
| An unauthenticated NULL pointer dereference vulnerability exists in the HTTP request parsing logic of multiple CGI components in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of required HTTP request metadata before it is used by the affected components. A remote attacker may exploit this vulnerability by sending a specially crafted HTTP request, causing the affected process to crash and resulting in a denial of service. | ||||
| CVE-2026-57876 | 2 Geovision, Geovision Inc. | 2 Gv-lpc2011, Gv-lpclpc2011 2211 | 2026-06-29 | 7.5 High |
| An unauthenticated out-of-bounds write vulnerability exists in onvif.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing HTTP request body data. A remote attacker may exploit this vulnerability by sending a crafted request with excessive input, causing memory corruption and resulting in a denial of service. | ||||
| CVE-2026-57879 | 2 Geovision, Geovision Inc. | 2 Gv-lpc2011, Gv-lpclpc2011 2211 | 2026-06-29 | 9.8 Critical |
| An unauthenticated stack-based buffer overflow vulnerability exists in ssvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing RTSP custom authentication data. A remote attacker may exploit this vulnerability by sending a crafted RTSP request, resulting in memory corruption, denial of service, or potentially arbitrary code execution. | ||||
| CVE-2026-42368 | 2 Geovision, Geovision Inc. | 5 Gv-lpc2011, Gv-lpc2011 Firmware, Gv-lpc2211 and 2 more | 2026-06-15 | 9.9 Critical |
| A privilege escalation vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to execute priviledged operation. An attacker can visit a webpage to trigger this vulnerability. | ||||
| CVE-2026-42367 | 2 Geovision, Geovision Inc. | 5 Gv-lpc2011, Gv-lpc2011 Firmware, Gv-lpc2211 and 2 more | 2026-06-15 | 6.5 Medium |
| A privilege escalation vulnerability exists in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to credentials leak. An attacker can visit a webpage to trigger this vulnerability. | ||||
| CVE-2026-42365 | 2 Geovision, Geovision Inc. | 5 Gv-lpc2011, Gv-lpc2011 Firmware, Gv-lpc2211 and 2 more | 2026-06-15 | 8.6 High |
| A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted series of HTTP requests can lead to an authentication bypas. An attacker can bruteforce session cookies to trigger this vulnerability. | ||||
| CVE-2026-42364 | 2 Geovision, Geovision Inc. | 5 Gv-lpc2011, Gv-lpc2011 Firmware, Gv-lpc2211 and 2 more | 2026-06-15 | 9.9 Critical |
| An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An attacker can modify a configuration value to trigger this vulnerability. | ||||
| CVE-2026-42366 | 2 Geovision, Geovision Inc. | 5 Gv-lpc2011, Gv-lpc2011 Firmware, Gv-lpc2211 and 2 more | 2026-05-05 | 7.4 High |
| Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. | ||||
| CVE-2026-7371 | 2 Geovision, Geovision Inc. | 5 Gv-lpc2011, Gv-lpc2011 Firmware, Gv-lpc2211 and 2 more | 2026-05-05 | 7.4 High |
| Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. Reflected XXS via the error message for requesting non-existing page. | ||||
Page 1 of 1.