admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-03-05 04:00:33 +00:00
parent 5185f50cd6
commit 580e866bb2
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
3 changed files with 319 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

112
2024/21xxx/CVE-2024-21815.json
View File

@ -1,17 +1,121 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-21815",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "disclosures@gallagher.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\nInsufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users. \n\nThis issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), \u00a0all version of 8.60 and prior.\n\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522 Insufficiently Protected Credentials",
"cweId": "CWE-522"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Gallagher",
"product": {
"product_data": [
{
"product_name": "Command Centre Server",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "8.60"
},
{
"version_affected": "<",
"version_name": "9.00",
"version_value": "vEL9.00.1774 (MR2)"
},
{
"version_affected": "<",
"version_name": "8.90",
"version_value": "vEL8.90.1751 (MR3)"
},
{
"version_affected": "<",
"version_name": "8.80",
"version_value": "vEL8.80.1526 (MR4)"
},
{
"version_affected": "<",
"version_name": "8.70",
"version_value": "vEL8.70.2526 (MR6)"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.gallagher.com/Security-Advisories/CVE-2024-21815",
"refsource": "MISC",
"name": "https://security.gallagher.com/Security-Advisories/CVE-2024-21815"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "INTERNAL"
},
"configuration": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Only sites with DVR integrations are affected. </span>\n\n<br>"
}
],
"value": "\nOnly sites with DVR integrations are affected. \n\n\n"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
}
]
}

112
2024/21xxx/CVE-2024-21838.json
View File

@ -1,17 +1,121 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-21838",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "disclosures@gallagher.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\nImproper neutralization of special elements in output (CWE-74) used by the email generation feature of the Command Centre Server could lead to HTML code injection in emails generated by Command Centre. \n\nThis issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), \u00a0all version of 8.60 and prior.\n\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Gallagher ",
"product": {
"product_data": [
{
"product_name": "Command Centre Server",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "8.60"
},
{
"version_affected": "<",
"version_name": "9.00",
"version_value": "vEL9.00.1774 (MR2)"
},
{
"version_affected": "<",
"version_name": "8.90",
"version_value": "vEL8.90.1751 (MR3)"
},
{
"version_affected": "<",
"version_name": "8.80",
"version_value": "vEL8.80.1526 (MR4)"
},
{
"version_affected": "<",
"version_name": "8.70",
"version_value": "vEL8.70.2526"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-21838",
"refsource": "MISC",
"name": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-21838"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "INTERNAL"
},
"configuration": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Only sites making use of Command Centre to send emails are affected. </span>\n\n<br>"
}
],
"value": "\nOnly sites making use of Command Centre to send emails are affected. \n\n\n"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
}
]
}

107
2024/22xxx/CVE-2024-22383.json
View File

@ -1,17 +1,116 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-22383",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "disclosures@gallagher.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\nMissing release of resource after effective lifetime (CWE-772) in the Controller 7000 resulted in HBUS connected T-Series readers to not automatically recover after coming under attack over the RS-485 interface, resulting in a persistent denial of service. \n\nThis issue affects: All variants of the Gallagher Controller 7000 9.00 prior to vCR9.00.231204b (distributed in 9.00.1507(MR1)), 8.90 prior to vCR8.90.240209b (distributed in 8.90.1751 (MR3)),\u00a08.80 prior to vCR8.80.240209a (distributed in 8.80.1526 (MR4)), 8.70 prior to vCR8.70.240209a (distributed in 8.70.2526 (MR6)).\n\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-772 Missing Release of Resource after Effective Lifetime",
"cweId": "CWE-772"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Gallagher",
"product": {
"product_data": [
{
"product_name": "Controller 7000",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "9.00",
"version_value": "vCR9.00.231204b"
},
{
"version_affected": "<",
"version_name": "8.90",
"version_value": "vCR8.90.240209b"
},
{
"version_affected": "<",
"version_name": "8.80",
"version_value": "vCR8.80.240209a"
},
{
"version_affected": "<",
"version_name": "8.70",
"version_value": "vCR8.70.240209a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-22383",
"refsource": "MISC",
"name": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-22383"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "INTERNAL"
},
"configuration": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Only sites with Controller 7000 or Controller 7000 SDC (Single Door Controller) are affected. To exploit this an attacker would need access to the HBUS cabling, ensure HBUS cables are suitably protected. </span>\n\n<br>"
}
],
"value": "\nOnly sites with Controller 7000 or Controller 7000 SDC (Single Door Controller) are affected. To exploit this an attacker would need access to the HBUS cabling, ensure HBUS cables are suitably protected. \n\n\n"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}