Filtered by vendor Deltaww
Subscribe
Total
212 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38422 | 1 Deltaww | 1 Dialink | 2021-11-05 | 4.6 MEDIUM | 7.8 HIGH |
| Delta Electronics DIALink versions 1.2.4.0 and prior stores sensitive information in cleartext, which may allow an attacker to have extensive access to the application directory and escalate privileges. | |||||
| CVE-2021-38420 | 1 Deltaww | 1 Dialink | 2021-11-05 | 4.6 MEDIUM | 7.8 HIGH |
| Delta Electronics DIALink versions 1.2.4.0 and prior default permissions give extensive permissions to low-privileged user accounts, which may allow an attacker to modify the installation directory and upload malicious files. | |||||
| CVE-2021-38418 | 1 Deltaww | 1 Dialink | 2021-11-05 | 4.3 MEDIUM | 5.9 MEDIUM |
| Delta Electronics DIALink versions 1.2.4.0 and prior runs by default on HTTP, which may allow an attacker to be positioned between the traffic and perform a machine-in-the-middle attack to access information without authorization. | |||||
| CVE-2021-38488 | 1 Deltaww | 1 Dialink | 2021-11-05 | 3.5 LOW | 4.8 MEDIUM |
| Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter comment of the API events, which may allow an attacker to remotely execute code. | |||||
| CVE-2021-38428 | 1 Deltaww | 1 Dialink | 2021-11-05 | 3.5 LOW | 4.8 MEDIUM |
| Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API schedule, which may allow an attacker to remotely execute code. | |||||
| CVE-2021-38403 | 1 Deltaww | 1 Dialink | 2021-11-05 | 3.5 LOW | 4.8 MEDIUM |
| Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter supplier of the API maintenance, which may allow an attacker to remotely execute code. | |||||
| CVE-2021-38407 | 1 Deltaww | 1 Dialink | 2021-11-05 | 3.5 LOW | 4.8 MEDIUM |
| Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API devices, which may allow an attacker to remotely execute code. | |||||
| CVE-2021-38411 | 1 Deltaww | 1 Dialink | 2021-11-05 | 3.5 LOW | 4.8 MEDIUM |
| Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter deviceName of the API modbusWriter-Reader, which may allow an attacker to remotely execute code. | |||||
| CVE-2019-13536 | 1 Deltaww | 1 Tpeditor | 2021-10-28 | 6.8 MEDIUM | 7.8 HIGH |
| Delta Electronics TPEditor, Versions 1.94 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2021-38406 | 1 Deltaww | 1 Dopsoft | 2021-10-04 | 6.8 MEDIUM | 7.8 HIGH |
| Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in multiple out-of-bounds write instances. An attacker could leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2021-38404 | 1 Deltaww | 1 Dopsoft | 2021-10-04 | 6.8 MEDIUM | 7.8 HIGH |
| Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2021-38402 | 1 Deltaww | 1 Dopsoft | 2021-10-04 | 6.8 MEDIUM | 7.8 HIGH |
| Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could lead to a stack-based buffer overflow while trying to copy to a buffer during font string handling. An attacker could leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2021-33019 | 1 Deltaww | 1 Dopsoft | 2021-09-16 | 6.8 MEDIUM | 7.8 HIGH |
| A stack-based buffer overflow vulnerability in Delta Electronics DOPSoft Version 4.00.11 and prior may be exploited by processing a specially crafted project file, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2020-10597 | 1 Deltaww | 1 Delta Industrial Automation Dopsoft | 2021-09-14 | 5.8 MEDIUM | 7.1 HIGH |
| Delta Industrial Automation DOPSoft, Version 4.00.08.15 and prior. Multiple out-of-bounds read vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to read information and/or crash the application. | |||||
| CVE-2021-38390 | 1 Deltaww | 1 Diaenergie | 2021-09-07 | 10.0 HIGH | 9.8 CRITICAL |
| A Blind SQL injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter egyid before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this issue to execute arbitrary code in the context of NT SERVICE\MSSQLSERVER. | |||||
| CVE-2021-38391 | 1 Deltaww | 1 Diaenergie | 2021-09-07 | 10.0 HIGH | 9.8 CRITICAL |
| A Blind SQL injection vulnerability exists in the /DataHandler/AM/AM_Handler.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter type before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this issue to execute arbitrary code in the context of NT SERVICE\MSSQLSERVER. | |||||
| CVE-2021-38393 | 1 Deltaww | 1 Diaenergie | 2021-09-07 | 10.0 HIGH | 9.8 CRITICAL |
| A Blind SQL injection vulnerability exists in the /DataHandler/HandlerAlarmGroup.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter agid before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this issue to execute arbitrary code in the context of NT SERVICE\MSSQLSERVER. | |||||
| CVE-2021-32983 | 1 Deltaww | 1 Diaenergie | 2021-09-07 | 10.0 HIGH | 9.8 CRITICAL |
| A Blind SQL injection vulnerability exists in the /DataHandler/Handler_CFG.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter keyword before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this issue to execute arbitrary code in the context of NT SERVICE\MSSQLSERVER. | |||||
| CVE-2021-33007 | 1 Deltaww | 1 Tpeditor | 2021-09-03 | 6.8 MEDIUM | 7.8 HIGH |
| A heap-based buffer overflow in Delta Electronics TPEditor: v1.98.06 and prior may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code. | |||||
| CVE-2021-33003 | 1 Deltaww | 1 Diaenergie | 2021-09-03 | 2.1 LOW | 5.5 MEDIUM |
| Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in cleartext due to a weak hashing algorithm. | |||||