Improper Locking vulnerability (CWE-667) in Gallagher Morpho integration allows a privileged operator to cause a limited denial-of-service in the Command Centre Server.
This issue affects Command C
Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) in the Gallagher Morpho integration could allow an authenticated operator with limited site permissions to make cri
Cleartext Storage of Sensitive Information (CWE-312) in the Gallagher Morpho integration could allow an authenticated user with access to the Command Centre Server to export a specific signing key whi
A Privilege Context Switching Error (CWE-270) in the Command Center Server could allow a privileged Operator with high level access in one Division to perform limited privileged activities across the
Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation (CWE-1304) in the Controller 6000 and 7000 can lead to secured door locks connected via Aperio Comm
Insertion of Sensitive Information into Log File (CWE-532) in the Gallagher Command Centre Alarm Transmitter feature could allow an authenticated Operator to view some security sensitive information t
External Control of Critical State Data (CWE-642) in the Controller 6000 and Controller 7000 diagnostic web interface allows an authenticated user to modify device I/O connections leading to unexpecte
Client-Side Enforcement of Server-Side Security (CWE-602) in the Command Centre Server allows a privileged operator to enter invalid competency data, bypassing expiry checks.
This issue affects Comm
Improper locking for some Intel(R) TDX Module firmware before version 1.5.13 may allow a privileged user to potentially enable escalation of privilege via local access.
Improper Certificate Validation (CWE-295) in the Gallagher Command Centre SALTO integration allowed an attacker to spoof the SALTO server.
This issue affects all versions of Gallagher Command Cen
An Improper Locking vulnerability in the GTP plugin of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (Dos).
If an SRX Series d
Improper output Neutralization for Logs (CWE-117) in the Command Centre API Diagnostics Endpoint could allow an attacker limited ability to modify Command Centre log files.
This issue affects: Galla
Inclusion of Functionality from Untrusted Control Sphere(CWE-829) in the Command Centre Server and Workstations may allow an attacker to perform Remote Code Execution (RCE).
This issue affects: Comma
Buffer Copy without Checking Size of Input (CWE-120) in the Controller 6000 and Controller 7000 diagnostic web interface allows an authorised and authenticated operator to reboot the Controller, causi
An Incorrect Synchronization vulnerability in the management daemon (mgd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based attacker with low privileges to cause a complete Deni
Missing Release of Resource after Effective Lifetime (CWE-772) in the Gallagher T-Series Reader allows an attacker with physical access to the reader to perform a limited denial of service when 125 kH
CVE-2024-7507 IMPACT
A denial-of-service vulnerability exists in the affected products. This vulnerability occurs when a malformed PCCC message is received, causing a fault in the controller.
Boundary Community Edition and Boundary Enterprise (“Boundary”) incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate
Improper access control for some Intel(R) Arc™ & Iris(R) Xe graphics software before version 32.0.101.6077 may allow an authenticated user to potentially enable denial of service via local access.
Improper access control for some Intel(R) Arc™ & Iris(R) Xe graphics software before version 31.0.101.4032 may allow an authenticated user to potentially enable denial of service via local access.
Page 1+ Next →