|
195021
|
7.8 |
HIGH
Local
|
gallagher
|
command_centre
|
Unquoted service path vulnerability in the Gallagher Controller Service allows an unprivileged user to execute arbitrary code as the account that runs the Controller Service. This issue affects: Gall…
|
CWE-428
Unquoted Search Path or Element
|
CVE-2021-23197
|
2024-11-21 14:51 |
2021-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195022
|
6.5 |
MEDIUM
Network
|
gallagher
|
command_centre
|
Improper privilege validation vulnerability in COM Interface of Gallagher Command Centre Server allows authenticated unprivileged operators to retrieve sensitive information from the Command Centre S…
|
CWE-269
Improper Privilege Management
|
CVE-2021-23193
|
2024-11-21 14:51 |
2021-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195023
|
6.8 |
MEDIUM
Network
|
gallagher
|
command_centre
|
Improper certificate validation vulnerability in SMTP Client allows man-in-the-middle attack to retrieve sensitive information from the Command Centre Server. This issue affects: Gallagher Command Ce…
|
CWE-295
Improper Certificate Validation
|
CVE-2021-23167
|
2024-11-21 14:51 |
2021-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195024
|
8.1 |
HIGH
Network
|
gallagher
|
command_centre_mobile_connect
|
Improper validation of the cloud certificate chain in Mobile Connect allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. This issue affects: Gallagher Command Centre …
|
CWE-295
Improper Certificate Validation
|
CVE-2021-23162
|
2024-11-21 14:51 |
2021-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195025
|
6.8 |
MEDIUM
Network
|
gallagher
|
command_centre_mobile_client
|
Improper validation of the cloud certificate chain in Mobile Client allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. This issue affects: Gallagher Command Centre M…
|
CWE-295
Improper Certificate Validation
|
CVE-2021-23155
|
2024-11-21 14:51 |
2021-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195026
|
7.5 |
HIGH
Network
|
gallagher
|
command_centre
|
An Incomplete Comparison with Missing Factors vulnerability in the Gallagher Controller allows an attacker to bypass PIV verification. This issue affects: Gallagher Command Centre 8.40 versions prior…
|
CWE-697
Incorrect Comparison
|
CVE-2021-23146
|
2024-11-21 14:51 |
2021-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195027
|
6.5 |
MEDIUM
Network
|
llhttp
oracle
debian
|
llhttp
graalvm
debian_linux
|
The parser in accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS) in llhttp < v2.1.4 and < v6.0.6.
|
CWE-444
HTTP Request Smuggling
|
CVE-2021-22959
|
2024-11-21 14:51 |
2021-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195028
|
6.5 |
MEDIUM
Network
|
llhttp
oracle
debian
|
llhttp
graalvm
debian_linux
|
The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.
|
CWE-444
HTTP Request Smuggling
|
CVE-2021-22960
|
2024-11-21 14:51 |
2021-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195029
|
6.1 |
MEDIUM
Network
|
tempura_project
|
tempura
|
This affects the package tempura before 0.4.0. If the input to the esc function is of type object (i.e an array) it is returned without being escaped/sanitized, leading to a potential Cross-Site Scri…
|
CWE-79
Cross-site Scripting
|
CVE-2021-23784
|
2024-11-21 14:51 |
2021-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195030
|
9.8 |
CRITICAL
Network
|
dotty_project
|
dotty
|
This affects the package dotty before 0.1.2. A type confusion vulnerability can lead to a bypass of CVE-2021-25912 when the user-provided keys used in the path parameter are arrays.
|
CWE-843
Type Confusion
|
CVE-2021-23624
|
2024-11-21 14:51 |
2021-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
