Filtered by vendor Deltaww
Subscriptions
Total
212 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-41555 | 1 Deltaww | 1 Diaenergie | 2022-10-28 | 5.4 Medium |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutLineMessageSetting API. | ||||
| CVE-2022-41651 | 1 Deltaww | 1 Diaenergie | 2022-10-28 | 5.4 Medium |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the SetPF API. | ||||
| CVE-2022-41701 | 1 Deltaww | 1 Diaenergie | 2022-10-28 | 5.4 Medium |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutShift API. | ||||
| CVE-2022-41773 | 1 Deltaww | 1 Diaenergie | 2022-10-28 | 8.8 High |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. | ||||
| CVE-2022-41702 | 1 Deltaww | 1 Diaenergie | 2022-10-28 | 5.4 Medium |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the InsertReg API. | ||||
| CVE-2022-43775 | 1 Deltaww | 1 Diaenergie | 2022-10-28 | 9.8 Critical |
| The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. | ||||
| CVE-2022-43774 | 1 Deltaww | 1 Diaenergie | 2022-10-28 | 9.8 Critical |
| The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. | ||||
| CVE-2020-16225 | 1 Deltaww | 1 Tpeditor | 2022-09-30 | 7.8 High |
| Delta Electronics TPEditor Versions 1.97 and prior. A write-what-where condition may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. | ||||
| CVE-2020-16223 | 1 Deltaww | 1 Tpeditor | 2022-09-30 | 7.8 High |
| Delta Electronics TPEditor Versions 1.97 and prior. A heap-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. | ||||
| CVE-2020-16221 | 1 Deltaww | 1 Tpeditor | 2022-09-30 | 7.8 High |
| Delta Electronics TPEditor Versions 1.97 and prior. A stack-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. | ||||
| CVE-2020-16219 | 1 Deltaww | 1 Tpeditor | 2022-09-30 | 7.8 High |
| Delta Electronics TPEditor Versions 1.97 and prior. An out-of-bounds read may be exploited by processing specially crafted project files. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. | ||||
| CVE-2022-1404 | 1 Deltaww | 1 Cncsoft | 2022-09-07 | 7.1 High |
| Delta Electronics CNCSoft (All versions prior to 1.01.32) does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition. | ||||
| CVE-2022-1405 | 1 Deltaww | 1 Cncsoft | 2022-09-05 | 7.8 High |
| CNCSoft: All versions prior to 1.01.32 does not properly sanitize input while processing a specific project file, allowing a possible stack-based buffer overflow condition. | ||||
| CVE-2022-2759 | 1 Deltaww | 1 Delta Robot Automation Studio | 2022-09-02 | 8.6 High |
| Delta Electronics Delta Robot Automation Studio (DRAS) versions prior to 1.13.20 are affected by improper restrictions where the software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. This may allow an attacker to view sensitive documents and information on the affected host. | ||||
| CVE-2022-33005 | 1 Deltaww | 1 Diaenergie | 2022-07-06 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the System Settings/IOT Settings module of Delta Electronics DIAEnergie v1.08.00 allows attackers to execute arbitrary web scripts via a crafted payload injected into the Name text field. | ||||
| CVE-2021-32967 | 1 Deltaww | 1 Diaenergie | 2022-07-02 | 9.8 Critical |
| Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to add a new administrative user without being authenticated or authorized, which may allow the attacker to log in and use the device with administrative privileges. | ||||
| CVE-2022-26338 | 1 Deltaww | 1 Diaenergie | 2022-06-29 | 9.8 Critical |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerPageP_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | ||||
| CVE-2022-26887 | 1 Deltaww | 1 Diaenergie | 2022-06-29 | 9.8 Critical |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_loopmapHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | ||||
| CVE-2022-26666 | 1 Deltaww | 1 Diaenergie | 2022-06-29 | 9.8 Critical |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerECC.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | ||||
| CVE-2022-26065 | 1 Deltaww | 1 Diaenergie | 2022-06-29 | 9.8 Critical |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in GetLatestDemandNode. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | ||||