Filtered by vendor Deltaww
Subscribe
Total
224 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-38422 | 1 Deltaww | 1 Dialink | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
Delta Electronics DIALink versions 1.2.4.0 and prior stores sensitive information in cleartext, which may allow an attacker to have extensive access to the application directory and escalate privileges. | |||||
CVE-2021-38402 | 1 Deltaww | 1 Dopsoft | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could lead to a stack-based buffer overflow while trying to copy to a buffer during font string handling. An attacker could leverage this vulnerability to execute code in the context of the current process. | |||||
CVE-2021-38404 | 1 Deltaww | 1 Dopsoft | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. | |||||
CVE-2021-44471 | 1 Deltaww | 1 Diaenergie | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “name” of the script “DIAE_HandlerAlarmGroup.ashx”. | |||||
CVE-2021-38418 | 1 Deltaww | 1 Dialink | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
Delta Electronics DIALink versions 1.2.4.0 and prior runs by default on HTTP, which may allow an attacker to be positioned between the traffic and perform a machine-in-the-middle attack to access information without authorization. | |||||
CVE-2021-38407 | 1 Deltaww | 1 Dialink | 2024-02-28 | 3.5 LOW | 4.8 MEDIUM |
Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API devices, which may allow an attacker to remotely execute code. | |||||
CVE-2021-38411 | 1 Deltaww | 1 Dialink | 2024-02-28 | 3.5 LOW | 4.8 MEDIUM |
Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter deviceName of the API modbusWriter-Reader, which may allow an attacker to remotely execute code. | |||||
CVE-2021-23228 | 1 Deltaww | 1 Diaenergie | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross-site scripting attack through error pages that are returned by “.NET Request.QueryString”. | |||||
CVE-2021-38416 | 1 Deltaww | 1 Dialink | 2024-02-28 | 4.4 MEDIUM | 7.8 HIGH |
Delta Electronics DIALink versions 1.2.4.0 and prior insecurely loads libraries, which may allow an attacker to use DLL hijacking and takeover the system where the software is installed. | |||||
CVE-2021-38420 | 1 Deltaww | 1 Dialink | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
Delta Electronics DIALink versions 1.2.4.0 and prior default permissions give extensive permissions to low-privileged user accounts, which may allow an attacker to modify the installation directory and upload malicious files. | |||||
CVE-2021-38424 | 1 Deltaww | 1 Dialink | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
The tag interface of Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to an attacker injecting formulas into the tag data. Those formulas may then be executed when it is opened with a spreadsheet application. | |||||
CVE-2021-38403 | 1 Deltaww | 1 Dialink | 2024-02-28 | 3.5 LOW | 4.8 MEDIUM |
Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter supplier of the API maintenance, which may allow an attacker to remotely execute code. | |||||
CVE-2021-38428 | 1 Deltaww | 1 Dialink | 2024-02-28 | 3.5 LOW | 4.8 MEDIUM |
Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API schedule, which may allow an attacker to remotely execute code. | |||||
CVE-2021-32955 | 1 Deltaww | 1 Diaenergie | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Delta Electronics DIAEnergie Version 1.7.5 and prior allows unrestricted file uploads, which may allow an attacker to remotely execute code. | |||||
CVE-2021-32991 | 1 Deltaww | 1 Diaenergie | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to cross-site request forgery, which may allow an attacker to cause a user to carry out an action unintentionally. | |||||
CVE-2021-22668 | 1 Deltaww | 1 Cncsoft Screeneditor | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Delta Industrial Automation CNCSoft ScreenEditor Versions 1.01.28 (with ScreenEditor Version 1.01.2) and prior are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code. | |||||
CVE-2021-32983 | 1 Deltaww | 1 Diaenergie | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
A Blind SQL injection vulnerability exists in the /DataHandler/Handler_CFG.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter keyword before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this issue to execute arbitrary code in the context of NT SERVICE\MSSQLSERVER. | |||||
CVE-2021-33003 | 1 Deltaww | 1 Diaenergie | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in cleartext due to a weak hashing algorithm. | |||||
CVE-2021-22672 | 1 Deltaww | 1 Cncsoft Screeneditor | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
Delta Electronics' CNCSoft ScreenEditor in versions prior to v1.01.30 could allow the corruption of data, a denial-of-service condition, or code execution. The vulnerability may allow an attacker to remotely execute arbitrary code. | |||||
CVE-2021-27455 | 1 Deltaww | 1 Dopsoft | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to disclose information. |