Filtered by vendor Deltaww
Subscriptions
Total
233 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1375 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 9.8 Critical |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_slogHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | ||||
| CVE-2022-1374 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 9.8 Critical |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_unHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | ||||
| CVE-2022-1372 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 9.8 Critical |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in dlSlog.aspx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | ||||
| CVE-2022-1371 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 9.8 Critical |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegf. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | ||||
| CVE-2022-1370 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 9.8 Critical |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadREGbyID. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | ||||
| CVE-2022-1369 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 9.8 Critical |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegIND. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | ||||
| CVE-2022-1367 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 9.8 Critical |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in Handler_TCV.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | ||||
| CVE-2022-1366 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 9.8 Critical |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerChart.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | ||||
| CVE-2022-1331 | 1 Deltaww | 1 Dmars | 2024-11-21 | 5.5 Medium |
| In four instances DMARS (All versions prior to v2.1.10.24) does not properly restrict references of XML external entities while processing specific project files, which may allow unauthorized information disclosure. | ||||
| CVE-2022-1098 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 7.8 High |
| Delta Electronics DIAEnergie (all versions prior to 1.8.02.004) are vulnerable to a DLL hijacking condition. When combined with the Incorrect Default Permissions vulnerability of 4.2.2 above, this makes it possible for an attacker to escalate privileges | ||||
| CVE-2022-0988 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 7.1 High |
| Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable to cleartext transmission as the web application runs by default on HTTP. This could allow an attacker to remotely read transmitted information between the client and product. | ||||
| CVE-2022-0923 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 9.8 Critical |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerDialog_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | ||||
| CVE-2021-44768 | 1 Deltaww | 1 Cncsoft Screeneditor | 2024-11-21 | 6.1 Medium |
| Delta Electronics CNCSoft (Version 1.01.30) and prior) is vulnerable to an out-of-bounds read while processing a specific project file, which may allow an attacker to disclose information. | ||||
| CVE-2021-44544 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 7.5 High |
| DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-site scripting vulnerabilities when arbitrary code is injected into the parameter “name” of the script “HandlerEnergyType.ashx”. | ||||
| CVE-2021-44471 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 7.5 High |
| DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “name” of the script “DIAE_HandlerAlarmGroup.ashx”. | ||||
| CVE-2021-43982 | 1 Deltaww | 1 Cncsoft | 2024-11-21 | 7.8 High |
| Delta Electronics CNCSoft Versions 1.01.30 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. | ||||
| CVE-2021-38488 | 1 Deltaww | 1 Dialink | 2024-11-21 | 5.5 Medium |
| Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter comment of the API events, which may allow an attacker to remotely execute code. | ||||
| CVE-2021-38428 | 1 Deltaww | 1 Dialink | 2024-11-21 | 5.5 Medium |
| Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API schedule, which may allow an attacker to remotely execute code. | ||||
| CVE-2021-38424 | 1 Deltaww | 1 Dialink | 2024-11-21 | 5.9 Medium |
| The tag interface of Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to an attacker injecting formulas into the tag data. Those formulas may then be executed when it is opened with a spreadsheet application. | ||||
| CVE-2021-38422 | 1 Deltaww | 1 Dialink | 2024-11-21 | 7.8 High |
| Delta Electronics DIALink versions 1.2.4.0 and prior stores sensitive information in cleartext, which may allow an attacker to have extensive access to the application directory and escalate privileges. | ||||