Vulnerabilidades em Gallagher
67 resultadosCVE-2023-23568MEDIUM
Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields.EPSS 0.3%CVE-2024-23906MEDIUMImproper Neutralization of Input During Web Page Generation (CWE-79) in the Controller 6000 and Controller 7000 diagnostic webpage allows anEPSS 0.3%CVE-2021-23197MEDIUMUnquoted service path vulnerability in the Gallagher Controller Service allows an unprivileged user to execute arbitrary code as the accountEPSS 0.3%CVE-2022-26348HIGHCommand Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. The Windows Registry settiEPSS 0.3%CVE-2024-39808MEDIUMIncorrect Calculation of Buffer Size (CWE-131) in the Controller 6000 and Controller 7000 OSDP message handling, allows an attacker with phyEPSS 0.2%CVE-2024-23485MEDIUMImproperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation (CWE-1304) in the Controller 6000 and 7EPSS 0.2%CVE-2024-41724HIGHImproper Certificate Validation (CWE-295) in the Gallagher Command Centre SALTO integration allowed an attacker to spoof the SALTO server.
EPSS 0.2%CVE-2024-43107HIGHImproper Certificate Validation (CWE-295) in the Gallagher Milestone Integration Plugin (MIP) permits unauthenticated messages (e.g. alarm eEPSS 0.2%CVE-2025-44003MEDIUMMissing Release of Resource after Effective Lifetime (CWE-772) in the Gallagher T-Series Reader allows an attacker with physical access to tEPSS 0.2%CVE-2024-22383MEDIUM
Missing release of resource after effective lifetime (CWE-772) in the Controller 7000 resulted in HBUS connected T-Series readers to not auEPSS 0.2%CVE-2021-23182MEDIUMCleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows OSDP reader master keys to be dEPSS 0.2%CVE-2024-23317MEDIUMExternal Control of File Name or Path (CWE-73) in the Controller 6000 and Controller 7000 allows an attacker with local access to the ControEPSS 0.2%CVE-2025-35983MEDIUMImproper Certificate Validation (CWE-295) in the Controller 7000 OneLink implementation could allow an unprivileged attacker to perform a liEPSS 0.2%CVE-2024-23194LOWImproper output Neutralization for Logs (CWE-117) in the Command Centre API Diagnostics Endpoint could allow an attacker limited ability to EPSS 0.1%CVE-2025-64734LOWMissing Release of Resource after Effective Lifetime (CWE-772) in the T21 Reader allows an attacker with physical access to the Reader to peEPSS 0.1%CVE-2026-25193HIGHInsertion of Sensitive Information into Log File (CWE-532) in some Command Centre Service installers could lead to Service Account credentiaEPSS 0.1%CVE-2025-52578MEDIUMIncorrect Usage of Seeds in Pseudo-Random Number Generator (CWE- 335) vulnerability in the High Sec ELM may allow a sophisticated attacker wEPSS 0.1%CVE-2025-52457MEDIUMObservable Timing Discrepancy (CWE-208) in HBUS devices may allow an attacker with physical access to the device to extract device-specific EPSS 0.1%CVE-2025-41402MEDIUMClient-Side Enforcement of Server-Side Security (CWE-602) in the Command Centre Server allows a privileged operator to enter invalid competeEPSS 0.1%CVE-2025-35981MEDIUMExposure of Private Personal Information to an Unauthorized Actor (CWE-359) in the Command Centre Server allows a privileged Operator to vieEPSS 0.1%