EUVD-2021-10309

Malware in sbrugna...

EUVD-2021-10291

Malware in sbrugna...

EUVD-2023-25573

Malicious code in bioql PyPI...

EUVD-2024-38240

Malicious code in bioql PyPI...

EUVD-2023-25574

Malicious code in bioql PyPI...

CVE-2021-23182

Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows OSDP reader master keys to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 MR3; All versions of 8.30...

CVE-2024-52296

libosdp is an implementation of IEC 60839-11-5 OSDP Open Supervised Device Protocol and provides a C library with support for C++, Rust and Python3. At ospdcommon.c, on the osdpreplyname function, any reply id between REPLYACK and REPLYXRD is valid, but names array do not declare all of the range...

CVE-2024-52296 libosdp has a null pointer deref in osdp_reply_name

libosdp is an implementation of IEC 60839-11-5 OSDP Open Supervised Device Protocol and provides a C library with support for C++, Rust and Python3. At ospdcommon.c, on the osdpreplyname function, any reply id between REPLYACK and REPLYXRD is valid, but names array do not declare all of the range...

CVE-2024-52296 libosdp has a null pointer deref in osdp_reply_name

libosdp is an implementation of IEC 60839-11-5 OSDP Open Supervised Device Protocol and provides a C library with support for C++, Rust and Python3. At ospdcommon.c, on the osdpreplyname function, any reply id between REPLYACK and REPLYXRD is valid, but names array do not declare all of the range...

CVE-2024-52296 libosdp has a null pointer deref in osdp_reply_name

libosdp is an implementation of IEC 60839-11-5 OSDP Open Supervised Device Protocol and provides a C library with support for C++, Rust and Python3. At ospdcommon.c, on the osdpreplyname function, any reply id between REPLYACK and REPLYXRD is valid, but names array do not declare all of the range...

CVE-2024-52288

libosdp is an implementation of IEC 60839-11-5 OSDP Open Supervised Device Protocol and provides a C library with support for C++, Rust and Python3. In affected versions an unexpected REPLYCCRYPT or REPLYRMACI may be introduced into an active stream when they should not be. Once RMACI message can...

CVE-2024-52288

LibOSDP (C library with C++, Rust, Python3 bindings) is affected by CVE-2024-52288: under affected versions, an RMAC_I/RMAC_I-like artifact may be injected into an active OSDP stream, allowing a MITM attacker to capture RMAC_I replies and later replay messages, effectively reverting the RMAC to t...

CVE-2024-52288 RMAC revert to the beginning of the session in libosdp

libosdp is an implementation of IEC 60839-11-5 OSDP Open Supervised Device Protocol and provides a C library with support for C++, Rust and Python3. In affected versions an unexpected REPLYCCRYPT or REPLYRMACI may be introduced into an active stream when they should not be. Once RMACI message can...

CVE-2024-39808

Incorrect Calculation of Buffer Size CWE-131 in the Controller 6000 and Controller 7000 OSDP message handling, allows an attacker with physical access to Controller wiring to instigate a reboot leading to a denial of service. This issue affects: Controller 6000 and Controller 7000 9.10 prior to...

CVE-2024-39808

CVE-2024-39808 describes an incorrect buffer size calculation in the Controller 6000 and Controller 7000 OSDP message handling, allowing a physically connected attacker to trigger a reboot and cause a denial of service. Affected are Gallagher Controllers: versions before vCR9.10.240816a (9.10.153...

CVE-2024-39808

Incorrect Calculation of Buffer Size CWE-131 in the Controller 6000 and Controller 7000 OSDP message handling, allows an attacker with physical access to Controller wiring to instigate a reboot leading to a denial of service. This issue affects: Controller 6000 and Controller 7000 9.10 prior to...

Controller 6000和Controller 7000 安全漏洞

The Gallagher Controller 6000 and Gallagher Controller 7000 are both products of Gallagher New Zealand.The Gallagher Controller 6000 is an interface between a Gallagher Command Center server and distributed field hardware. The Gallagher Controller 7000 is a powerful network connected controller. ...

PT-2024-35162 · Libosdp · Libosdp

Name of the Vulnerable Software and Affected Versions: libosdp versions prior to 2.4.0 Description: The issue arises from a null pointer dereference in the osdp reply name function at ospd common.c. Any reply id between REPLY ACK and REPLY XRD is considered valid, but the names array does not...

AXIS A1001 Heap-Based Buffer Overflow (CVE-2023-21406)

Ariel Harush and Roy Hodir from OTORIO have found a flaw in the AXIS A1001 when communicating over OSDP. A heap-based buffer overflow was found in the pacsiod process which is handling the OSDP communication allowing to write outside of the allocated buffer. By appending invalid data to an OSDP...

Axis Communications Network Door Controllers and Intercoms Denial of Service (CVE-2023-21405)

Knud from Fraktal.fi has found a flaw in some Axis Network Door Controllers and Axis Network Intercoms when communicating over OSDP, highlighting that the OSDP message parser crashes the pacsiod process, causing a temporary unavailability of the door-controlling functionalities meaning that doors...