Search Results (365174 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-38431 1 Advantech 1 Webaccess Scada 2024-11-21 4.3 Medium
An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names and paths from other users.
CVE-2021-38430 1 Fatek 1 Winproladder 2024-11-21 7.8 High
FATEK Automation WinProladder versions 3.30 and prior proper validation of user-supplied data when parsing project files, which could result in a stack-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code.
CVE-2021-38428 1 Deltaww 1 Dialink 2024-11-21 5.5 Medium
Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API schedule, which may allow an attacker to remotely execute code.
CVE-2021-38426 1 Fatek 1 Winproladder 2024-11-21 7.8 High
FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code.
CVE-2021-38424 1 Deltaww 1 Dialink 2024-11-21 5.9 Medium
The tag interface of Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to an attacker injecting formulas into the tag data. Those formulas may then be executed when it is opened with a spreadsheet application.
CVE-2021-38422 1 Deltaww 1 Dialink 2024-11-21 7.8 High
Delta Electronics DIALink versions 1.2.4.0 and prior stores sensitive information in cleartext, which may allow an attacker to have extensive access to the application directory and escalate privileges.
CVE-2021-38421 1 Fujielectric 2 V-server, V-simulator 2024-11-21 7.8 High
Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds read, which may allow an attacker to read sensitive information from other memory locations or cause a crash.
CVE-2021-38420 1 Deltaww 1 Dialink 2024-11-21 7.8 High
Delta Electronics DIALink versions 1.2.4.0 and prior default permissions give extensive permissions to low-privileged user accounts, which may allow an attacker to modify the installation directory and upload malicious files.
CVE-2021-38419 1 Fujielectric 2 V-server, V-simulator 2024-11-21 7.8 High
Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds write, which can result in data corruption, a system crash, or code execution.
CVE-2021-38418 1 Deltaww 1 Dialink 2024-11-21 8.8 High
Delta Electronics DIALink versions 1.2.4.0 and prior runs by default on HTTP, which may allow an attacker to be positioned between the traffic and perform a machine-in-the-middle attack to access information without authorization.
CVE-2021-38416 1 Deltaww 1 Dialink 2024-11-21 7.8 High
Delta Electronics DIALink versions 1.2.4.0 and prior insecurely loads libraries, which may allow an attacker to use DLL hijacking and takeover the system where the software is installed.
CVE-2021-38415 1 Fujielectric 2 V-server, V-simulator 2024-11-21 7.8 High
Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable a heap-based buffer overflow when parsing a specially crafted project file, which may allow an attacker to execute arbitrary code.
CVE-2021-38413 1 Fujielectric 2 V-server, V-simulator 2024-11-21 7.8 High
Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to a stack-based buffer overflow, which may allow an attacker to achieve code execution.
CVE-2021-38412 1 Digi 2 Portserver Ts 16, Portserver Ts 16 Firmware 2024-11-21 9.6 Critical
Properly formatted POST requests to multiple resources on the HTTP and HTTPS web servers of the Digi PortServer TS 16 Rack device do not require authentication or authentication tokens. This vulnerability could allow an attacker to enable the SNMP service and manipulate the community strings to achieve further control in.
CVE-2021-38411 1 Deltaww 1 Dialink 2024-11-21 5.5 Medium
Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter deviceName of the API modbusWriter-Reader, which may allow an attacker to remotely execute code.
CVE-2021-38409 1 Fujielectric 2 V-server, V-simulator 2024-11-21 7.8 High
Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an access of uninitialized pointer, which may allow an attacker read from or write to unexpected memory locations, leading to a denial-of-service.
CVE-2021-38408 1 Advantech 1 Webaccess 2024-11-21 9.8 Critical
A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.
CVE-2021-38407 1 Deltaww 1 Dialink 2024-11-21 5.5 Medium
Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API devices, which may allow an attacker to remotely execute code.
CVE-2021-38405 1 Siemens 2 Jt2go, Teamcenter Visualization 2024-11-21 7.8 High
The Datalogics APDFL library used in affected products is vulnerable to memory corruption condition while parsing specially crafted PDF files. An attacker could leverage this vulnerability to execute code in the context of the current process.
CVE-2021-38403 1 Deltaww 1 Dialink 2024-11-21 5.5 Medium
Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter supplier of the API maintenance, which may allow an attacker to remotely execute code.