Filtered by vendor Deltaww
Subscribe
Total
233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38422 | 1 Deltaww | 1 Dialink | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Delta Electronics DIALink versions 1.2.4.0 and prior stores sensitive information in cleartext, which may allow an attacker to have extensive access to the application directory and escalate privileges. | |||||
| CVE-2021-38420 | 1 Deltaww | 1 Dialink | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Delta Electronics DIALink versions 1.2.4.0 and prior default permissions give extensive permissions to low-privileged user accounts, which may allow an attacker to modify the installation directory and upload malicious files. | |||||
| CVE-2021-38418 | 1 Deltaww | 1 Dialink | 2024-11-21 | 4.3 MEDIUM | 8.8 HIGH |
| Delta Electronics DIALink versions 1.2.4.0 and prior runs by default on HTTP, which may allow an attacker to be positioned between the traffic and perform a machine-in-the-middle attack to access information without authorization. | |||||
| CVE-2021-38416 | 1 Deltaww | 1 Dialink | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| Delta Electronics DIALink versions 1.2.4.0 and prior insecurely loads libraries, which may allow an attacker to use DLL hijacking and takeover the system where the software is installed. | |||||
| CVE-2021-38411 | 1 Deltaww | 1 Dialink | 2024-11-21 | 3.5 LOW | 5.5 MEDIUM |
| Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter deviceName of the API modbusWriter-Reader, which may allow an attacker to remotely execute code. | |||||
| CVE-2021-38407 | 1 Deltaww | 1 Dialink | 2024-11-21 | 3.5 LOW | 5.5 MEDIUM |
| Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API devices, which may allow an attacker to remotely execute code. | |||||
| CVE-2021-38404 | 1 Deltaww | 1 Dopsoft | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2021-38403 | 1 Deltaww | 1 Dialink | 2024-11-21 | 3.5 LOW | 5.5 MEDIUM |
| Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter supplier of the API maintenance, which may allow an attacker to remotely execute code. | |||||
| CVE-2021-38402 | 1 Deltaww | 1 Dopsoft | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could lead to a stack-based buffer overflow while trying to copy to a buffer during font string handling. An attacker could leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2021-38393 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A Blind SQL injection vulnerability exists in the /DataHandler/HandlerAlarmGroup.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter agid before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this issue to execute arbitrary code in the context of NT SERVICE\MSSQLSERVER. | |||||
| CVE-2021-38391 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A Blind SQL injection vulnerability exists in the /DataHandler/AM/AM_Handler.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter type before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this issue to execute arbitrary code in the context of NT SERVICE\MSSQLSERVER. | |||||
| CVE-2021-38390 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A Blind SQL injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter egyid before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this issue to execute arbitrary code in the context of NT SERVICE\MSSQLSERVER. | |||||
| CVE-2021-33019 | 1 Deltaww | 1 Dopsoft | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A stack-based buffer overflow vulnerability in Delta Electronics DOPSoft Version 4.00.11 and prior may be exploited by processing a specially crafted project file, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2021-33007 | 1 Deltaww | 1 Tpeditor | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A heap-based buffer overflow in Delta Electronics TPEditor: v1.98.06 and prior may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code. | |||||
| CVE-2021-33003 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in cleartext due to a weak hashing algorithm. | |||||
| CVE-2021-32991 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to cross-site request forgery, which may allow an attacker to cause a user to carry out an action unintentionally. | |||||
| CVE-2021-32983 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A Blind SQL injection vulnerability exists in the /DataHandler/Handler_CFG.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter keyword before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this issue to execute arbitrary code in the context of NT SERVICE\MSSQLSERVER. | |||||
| CVE-2021-32969 | 1 Deltaww | 1 Diascreen | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to an out-of-bounds write condition, which may result in a system crash or allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2021-32967 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to add a new administrative user without being authenticated or authorized, which may allow the attacker to log in and use the device with administrative privileges. | |||||
| CVE-2021-32965 | 1 Deltaww | 1 Diascreen | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to type confusion, which may allow an attacker to remotely execute arbitrary code. | |||||