Filtered by vendor Deltaww
Subscriptions
Total
218 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1403 | 1 Deltaww | 1 Asda Soft | 2024-09-17 | 7.8 High |
| ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds write condition. | ||||
| CVE-2019-6547 | 1 Deltaww | 1 Screeneditor | 2024-09-17 | 5.5 Medium |
| Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.84 and prior. An out-of-bounds read vulnerability may cause the software to crash due to lacking user input validation for processing project files. | ||||
| CVE-2018-10623 | 1 Deltaww | 1 Delta Industrial Automation Dopsoft | 2024-09-17 | N/A |
| Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior performs read operations on a memory buffer where the position can be determined by a value read from a .dpa file. This may cause improper restriction of operations within the bounds of the memory buffer, allow remote code execution, alter the intended control flow, allow reading of sensitive information, or cause the application to crash. | ||||
| CVE-2022-41773 | 1 Deltaww | 1 Diaenergie | 2024-09-17 | 8.8 High |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. | ||||
| CVE-2021-38403 | 1 Deltaww | 1 Dialink | 2024-09-17 | 5.5 Medium |
| Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter supplier of the API maintenance, which may allow an attacker to remotely execute code. | ||||
| CVE-2018-14800 | 1 Deltaww | 1 Ispsoft | 2024-09-17 | N/A |
| Delta Electronics ISPSoft version 3.0.5 and prior allow an attacker, by opening a crafted file, to cause the application to read past the boundary allocated to a stack object, which could allow execution of code under the context of the application. | ||||
| CVE-2022-25880 | 1 Deltaww | 1 Diaenergie | 2024-09-17 | 9.8 Critical |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerTag_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | ||||
| CVE-2022-41651 | 1 Deltaww | 1 Diaenergie | 2024-09-17 | 8.7 High |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the SetPF API. | ||||
| CVE-2018-14824 | 1 Deltaww | 1 Delta Industrial Automation Pmsoft | 2024-09-17 | N/A |
| Delta Electronics Delta Industrial Automation PMSoft v2.11 or prior has an out-of-bounds read vulnerability that can be executed when processing project files, which may allow an attacker to read confidential information. | ||||
| CVE-2022-41555 | 1 Deltaww | 1 Diaenergie | 2024-09-17 | 8.7 High |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutLineMessageSetting API. | ||||
| CVE-2022-27175 | 1 Deltaww | 1 Diaenergie | 2024-09-17 | 9.8 Critical |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetCalcTagList. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | ||||
| CVE-2021-38407 | 1 Deltaww | 1 Dialink | 2024-09-17 | 5.5 Medium |
| Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API devices, which may allow an attacker to remotely execute code. | ||||
| CVE-2021-44471 | 1 Deltaww | 1 Diaenergie | 2024-09-16 | 7.5 High |
| DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “name” of the script “DIAE_HandlerAlarmGroup.ashx”. | ||||
| CVE-2022-1402 | 1 Deltaww | 1 Asda Soft | 2024-09-16 | 7.8 High |
| ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition. | ||||
| CVE-2022-41702 | 1 Deltaww | 1 Diaenergie | 2024-09-16 | 8.7 High |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the InsertReg API. | ||||
| CVE-2021-38411 | 1 Deltaww | 1 Dialink | 2024-09-16 | 5.5 Medium |
| Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter deviceName of the API modbusWriter-Reader, which may allow an attacker to remotely execute code. | ||||
| CVE-2022-26349 | 1 Deltaww | 1 Diaenergie | 2024-09-16 | 9.8 Critical |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_eccoefficientHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | ||||
| CVE-2022-0923 | 1 Deltaww | 1 Diaenergie | 2024-09-16 | 9.8 Critical |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerDialog_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | ||||
| CVE-2022-26667 | 1 Deltaww | 1 Diaenergie | 2024-09-16 | 9.8 Critical |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetDemandAnalysisData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | ||||
| CVE-2021-38424 | 1 Deltaww | 1 Dialink | 2024-09-16 | 5.9 Medium |
| The tag interface of Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to an attacker injecting formulas into the tag data. Those formulas may then be executed when it is opened with a spreadsheet application. | ||||