Filtered by vendor Deltaww
Subscriptions
Total
233 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-0822 | 1 Deltaww | 1 Diaenergie | 2025-01-16 | 8.8 High |
| The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality. | ||||
| CVE-2023-1139 | 1 Deltaww | 1 Infrasuite Device Master | 2025-01-16 | 8.8 High |
| Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-gateway service, which could allow deserialization of requests prior to authentication, resulting in remote code execution. | ||||
| CVE-2023-1138 | 1 Deltaww | 1 Infrasuite Device Master | 2025-01-16 | 7.5 High |
| Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain an improper access control vulnerability, which could allow an attacker to retrieve Gateway configuration files to obtain plaintext credentials. | ||||
| CVE-2023-1144 | 1 Deltaww | 1 Infrasuite Device Master | 2025-01-16 | 8.8 High |
| Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contains an improper access control vulnerability in which an attacker can use the Device-Gateway service and bypass authorization, which could result in privilege escalation. | ||||
| CVE-2023-1137 | 1 Deltaww | 1 Infrasuite Device Master | 2025-01-16 | 6.5 Medium |
| Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which a low-level user could extract files and plaintext credentials of administrator users, resulting in privilege escalation. | ||||
| CVE-2023-1143 | 1 Deltaww | 1 Infrasuite Device Master | 2025-01-16 | 8.8 High |
| In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code. | ||||
| CVE-2023-1134 | 1 Deltaww | 1 Infrasuite Device Master | 2025-01-16 | 7.1 High |
| Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a path traversal vulnerability, which could allow an attacker to read local files, disclose plaintext credentials, and escalate privileges. | ||||
| CVE-2023-1142 | 1 Deltaww | 1 Infrasuite Device Master | 2025-01-16 | 7.5 High |
| In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use URL decoding to retrieve system files, credentials, and bypass authentication resulting in privilege escalation. | ||||
| CVE-2023-1136 | 1 Deltaww | 1 Infrasuite Device Master | 2025-01-16 | 9.8 Critical |
| In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an unauthenticated attacker could generate a valid token, which would lead to authentication bypass. | ||||
| CVE-2023-1141 | 1 Deltaww | 1 Infrasuite Device Master | 2025-01-16 | 8.8 High |
| Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a command injection vulnerability that could allow an attacker to inject arbitrary commands, which could result in remote code execution. | ||||
| CVE-2023-1140 | 1 Deltaww | 1 Infrasuite Device Master | 2025-01-16 | 9.8 Critical |
| Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability that could allow an attacker to achieve unauthenticated remote code execution in the context of an administrator. | ||||
| CVE-2023-1145 | 1 Deltaww | 1 Infrasuite Device Master | 2025-01-16 | 7.8 High |
| Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-DataCollect service, which could allow deserialization of requests prior to authentication, resulting in remote code execution. | ||||
| CVE-2023-1135 | 1 Deltaww | 1 Infrasuite Device Master | 2025-01-16 | 7.8 High |
| In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could set incorrect directory permissions, which could result in local privilege escalation. | ||||
| CVE-2023-5068 | 1 Deltaww | 1 Diascreen | 2025-01-16 | 7.8 High |
| Delta Electronics DIAScreen may write past the end of an allocated buffer while parsing a specially crafted input file. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2023-24014 | 1 Deltaww | 1 Cncsoft-b | 2025-01-06 | 7.8 High |
| Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are vulnerable to heap-based buffer overflow, which could allow an attacker to execute arbitrary code. | ||||
| CVE-2023-25177 | 1 Deltaww | 1 Cncsoft-b | 2025-01-06 | 7.8 High |
| Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are vulnerable to stack-based buffer overflow, which could allow an attacker to execute arbitrary code. | ||||
| CVE-2024-39883 | 1 Deltaww | 1 Cncsoft-g2 | 2024-11-21 | 8.8 High |
| Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. | ||||
| CVE-2024-39882 | 1 Deltaww | 1 Cncsoft-g2 | 2024-11-21 | 8.8 High |
| Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. | ||||
| CVE-2024-39881 | 1 Deltaww | 1 Cncsoft-g2 | 2024-11-21 | 8.8 High |
| Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a memory corruption condition. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. | ||||
| CVE-2024-39880 | 1 Deltaww | 1 Cncsoft-g2 | 2024-11-21 | 7.8 High |
| Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. | ||||