76 matches found
EUVD-2024-39327
Malicious code in bioql PyPI...
EUVD-2023-28605
Malicious code in bioql PyPI...
EUVD-2024-21336
Malicious code in bioql PyPI...
EUVD-2024-22335
Malicious code in bioql PyPI...
EUVD-2024-38240
Malicious code in bioql PyPI...
EUVD-2023-46426
Malicious code in bioql PyPI...
EUVD-2023-28599
Malicious code in bioql PyPI...
EUVD-2023-26601
Malicious code in bioql PyPI...
EUVD-2022-30646
Malicious code in bioql PyPI...
CVE-2024-24972
Buffer Copy without Checking Size of Input CWE-120 in the Controller 6000 and Controller 7000 diagnostic web interface allows an authorised and authenticated operator to reboot the Controller, causing a Denial of Service. Gallagher recommend the diagnostic web page is not enabled default is off...
CVE-2024-23906
Improper Neutralization of Input During Web Page Generation CWE-79 in the Controller 6000 and Controller 7000 diagnostic webpage allows an attacker to modify Controller configuration during an authenticated Operator's session. This issue affects: Controller 6000 and Controller 7000 9.10 prior to...
CVE-2024-39808
Incorrect Calculation of Buffer Size CWE-131 in the Controller 6000 and Controller 7000 OSDP message handling, allows an attacker with physical access to Controller wiring to instigate a reboot leading to a denial of service. This issue affects: Controller 6000 and Controller 7000 9.10 prior to...
CVE-2024-22387
External Control of Critical State Data CWE-642 in the Controller 6000 and Controller 7000 diagnostic web interface allows an authenticated user to modify device I/O connections leading to unexpected behavior that in some circumstances could compromise site physical security controls. Gallagher...
CVE-2023-41967
Sensitive information uncleared after debug/power state transition in the Controller 6000 could be abused by an attacker with knowledge of the Controller's default diagnostic password and physical access to the Controller to view its configuration through the diagnostic web pages. This issue...
CVE-2023-24584
Controller 6000 is vulnerable to a buffer overflow via the Controller diagnostic web interface upload feature. This issue affects Controller 6000: before vCR8.80.230201a, before vCR8.70.230201a, before vCR8.60.230201b, before vCR8.50.230201a, all versions of vCR8.40 and prior...
CVE-2023-24590
A format string issue in the Controller 6000's optional diagnostic web interface can be used to write/read from memory, and in some instances crash the Controller 6000 leading to a Denial of Service. This issue affects: Gallagher Controller 6000 8.60 prior to vCR8.60.231116a distributed in...
CVE-2024-41146
Use of Multiple Resources with Duplicate Identifier CWE-694 in the Controller 6000 and Controller 7000 Platforms could allow an attacker with physical access to HBUS communication cabling to perform a Denial-of-Service attack against HBUS connected devices, require a device reboot to resolve. Thi...
CVE-2024-41146
Use of Multiple Resources with Duplicate Identifier CWE-694 in the Controller 6000 and Controller 7000 Platforms could allow an attacker with physical access to HBUS communication cabling to perform a Denial-of-Service attack against HBUS connected devices, require a device reboot to resolve. Thi...
CVE-2024-41146
Use of Multiple Resources with Duplicate Identifier CWE-694 in the Controller 6000 and Controller 7000 Platforms could allow an attacker with physical access to HBUS communication cabling to perform a Denial-of-Service attack against HBUS connected devices, require a device reboot to resolve. Thi...
CVE-2024-41146
The CVE-2024-41146 affects Gallagher Controller 6000 and Controller 7000 platforms. The root cause is use of multiple resources with duplicate identifiers (CWE-694) in HBUS communications, which could allow a local attacker with physical access to HBUS cabling to trigger a Denial-of-Service on HB...