246 matches found
EUVD-2024-39433
Malicious code in bioql PyPI...
Gallagher Command Centre Server 安全漏洞
Gallagher Command Centre Server is a management system used by Gallagher New Zealand to monitor and manage infrastructure in buildings. A security vulnerability exists in Gallagher Command Centre Server that stems from a privilege context switching error that could lead to cross-departmental...
CVE-2024-23194
Improper output Neutralization for Logs CWE-117 in the Command Centre API Diagnostics Endpoint could allow an attacker limited ability to modify Command Centre log files. This issue affects: Gallagher Command Centre v9.10 prior to vEL9.10.1268 MR1...
CVE-2024-21838
Improper neutralization of special elements in output CWE-74 used by the email generation feature of the Command Centre Server could lead to HTML code injection in emails generated by Command Centre. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 MR2, 8.90 prior to...
CVE-2023-23570
Client-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior. This issue affects: Gallagher Command Centre 8.90 prior to vEL8.90.1620 MR2, all versions of 8.80 and prior...
CVE-2023-23584
An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable. This issue affects: Gallagher Command Centre 8.70 prior to vEL8.70.1787 MR2, 8.60 prior to vEL8.60.2039 MR4, all...
CVE-2021-23230
A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre databases undetected. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 MR3; 8.30 versions prior to 8.30.1359...
CVE-2021-23204
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gallagher Command Centre Server allows OSDP key material to be exposed to Command Centre Operators. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 MR3; 8.30 versions prior to 8.30.1359 MR3...
CVE-2021-23211
Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows Cloud end-to-end encryption key to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 MR3...
CVE-2021-23140
Improper Authorization vulnerability in Gallagher Command Centre Server allows command line macros to be modified by an unauthorised Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 MR3; 8.30 versions prior to 8.30.1359 MR3; 8.20 versions prio...
CVE-2021-23136
Improper Authorization vulnerability in Gallagher Command Centre Server allows macro overrides to be performed by an unprivileged Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 MR3; 8.30 versions prior to 8.30.1359 MR3; 8.20 versions prior t...
CVE-2021-23205
Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration of Controllers and other hardware items beyond their privilege. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 MR3; 8.30 versions prior to...
CVE-2021-23182
Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows OSDP reader master keys to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 MR3; All versions of 8.30...
CVE-2020-16099
In Gallagher Command Centre v8.20 prior to v8.20.1093MR2 it is possible to create Guard Tour events that when accessed via things like reporting cause clients to temporarily hang or disconnect...
CVE-2019-19801
In Gallagher Command Centre Server versions of v8.10 prior to v8.10.1134MR4, v8.00 prior to v8.00.1161MR5, v7.90 prior to v7.90.991MR5, v7.80 prior to v7.80.960MR2 and v7.70 or earlier, an unprivileged but authenticated user is able to perform a backup of the Command Centre databases...
CVE-2019-19802
In Gallagher Command Centre Server v8.10 prior to v8.10.1134MR4, v8.00 prior to v8.00.1161MR5, v7.90 prior to v7.90.991MR5, v7.80 prior to v7.80.960MR2 and v7.70 or earlier, an authenticated user connecting to OPCUA can view all data that would be replicated in a multi-server setup without...
CVE-2019-15294
An issue was discovered in Gallagher Command Centre 8.10 before 8.10.1092MR2. Upon an upgrade, if a custom service account is in use and the visitor management service is installed, the Windows username and password for this service are logged in cleartext to the Commandcentre.log file...
CVE-2024-41724
Improper Certificate Validation CWE-295 in the Gallagher Command Centre SALTO integration allowed an attacker to spoof the SALTO server. This issue affects all versions of Gallagher Command Centre prior to 9.20.1043...
CVE-2024-41724
Improper Certificate Validation CWE-295 in the Gallagher Command Centre SALTO integration allowed an attacker to spoof the SALTO server. This issue affects all versions of Gallagher Command Centre prior to 9.20.1043...
CVE-2024-41724
CVE-2024-41724 describes an improper certificate validation (CWE-295) in the Gallagher Command Centre SALTO integration that allows an attacker to spoof the SALTO server. The issue affects all versions of Gallagher Command Centre prior to 9.20.1043. The provided documents consistently identify th...