Filtered by vendor Deltaww
Subscriptions
Total
253 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1098 | 1 Deltaww | 1 Diaenergie | 2025-04-16 | 7.8 High |
| Delta Electronics DIAEnergie (all versions prior to 1.8.02.004) are vulnerable to a DLL hijacking condition. When combined with the Incorrect Default Permissions vulnerability of 4.2.2 above, this makes it possible for an attacker to escalate privileges | ||||
| CVE-2022-1402 | 1 Deltaww | 1 Asda Soft | 2025-04-16 | 7.8 High |
| ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition. | ||||
| CVE-2022-1403 | 1 Deltaww | 1 Asda Soft | 2025-04-16 | 7.8 High |
| ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds write condition. | ||||
| CVE-2021-32965 | 1 Deltaww | 1 Diascreen | 2025-04-16 | 7.8 High |
| Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to type confusion, which may allow an attacker to remotely execute arbitrary code. | ||||
| CVE-2021-32969 | 1 Deltaww | 1 Diascreen | 2025-04-16 | 7.8 High |
| Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to an out-of-bounds write condition, which may result in a system crash or allow an attacker to remotely execute arbitrary code. | ||||
| CVE-2022-1405 | 1 Deltaww | 1 Cncsoft | 2025-04-16 | 7.8 High |
| CNCSoft: All versions prior to 1.01.32 does not properly sanitize input while processing a specific project file, allowing a possible stack-based buffer overflow condition. | ||||
| CVE-2022-40965 | 1 Deltaww | 1 Diaenergie | 2025-04-16 | 8.7 High |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PostEnergyType API. | ||||
| CVE-2022-41555 | 1 Deltaww | 1 Diaenergie | 2025-04-16 | 8.7 High |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutLineMessageSetting API. | ||||
| CVE-2022-40967 | 1 Deltaww | 1 Diaenergie | 2025-04-16 | 8.8 High |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckIoTHubNameExisted. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. | ||||
| CVE-2022-41701 | 1 Deltaww | 1 Diaenergie | 2025-04-16 | 8.7 High |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutShift API. | ||||
| CVE-2022-41773 | 1 Deltaww | 1 Diaenergie | 2025-04-16 | 8.8 High |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. | ||||
| CVE-2022-41133 | 1 Deltaww | 1 Diaenergie | 2025-04-16 | 8.8 High |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in GetDIAE_line_message_settingsListParameters. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. | ||||
| CVE-2022-41651 | 1 Deltaww | 1 Diaenergie | 2025-04-16 | 8.7 High |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the SetPF API. | ||||
| CVE-2022-41702 | 1 Deltaww | 1 Diaenergie | 2025-04-16 | 8.7 High |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the InsertReg API. | ||||
| CVE-2022-41779 | 1 Deltaww | 1 Infrasuite Device Master | 2025-04-16 | 8.8 High |
| Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize network packets without proper verification. If the device connects to an attacker-controlled server, the attacker could send maliciously crafted packets that would be deserialized and executed, leading to remote code execution. | ||||
| CVE-2022-41644 | 1 Deltaww | 1 Infrasuite Device Master | 2025-04-16 | 8.8 High |
| Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lacks authentication for a function that changes group privileges. An attacker could use this to create a denial-of-service state or escalate their own privileges. | ||||
| CVE-2022-43447 | 1 Deltaww | 1 Diaenergie | 2025-04-16 | 8.8 High |
| SQL Injection in AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | ||||
| CVE-2022-43452 | 1 Deltaww | 1 Diaenergie | 2025-04-16 | 8.8 High |
| SQL Injection in FtyInfoSetting.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | ||||
| CVE-2022-41775 | 1 Deltaww | 1 Diaenergie | 2025-04-16 | 8.8 High |
| SQL Injection in Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | ||||
| CVE-2022-43506 | 1 Deltaww | 1 Diaenergie | 2025-04-16 | 8.8 High |
| SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | ||||