Vulnerabilities > Deltaww > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-11 | CVE-2024-39354 | Out-of-bounds Write vulnerability in Deltaww Diascreen 1.2.1.23/1.3.2 If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in CEtherIPTagItem can be exploited, allowing the attacker to remotely execute arbitrary code. | 7.8 |
| 2024-11-11 | CVE-2024-39605 | Out-of-bounds Write vulnerability in Deltaww Diascreen 1.2.1.23/1.3.2 If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetParameter can be exploited, allowing the attacker to remotely execute arbitrary code. | 7.8 |
| 2024-11-11 | CVE-2024-47131 | Out-of-bounds Write vulnerability in Deltaww Diascreen 1.2.1.23/1.3.2 If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetObjectInfo can be exploited, allowing the attacker to remotely execute arbitrary code. | 7.8 |
| 2024-10-10 | CVE-2024-47962 | Out-of-bounds Write vulnerability in Deltaww Cncsoft-G2 2.1.0.10 Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. | 7.8 |
| 2024-10-10 | CVE-2024-47963 | Out-of-bounds Write vulnerability in Deltaww Cncsoft-G2 2.1.0.10 Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a write past the end of an allocated object. | 7.8 |
| 2024-10-10 | CVE-2024-47964 | Out-of-bounds Write vulnerability in Deltaww Cncsoft-G2 2.1.0.10 Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. | 7.8 |
| 2024-10-10 | CVE-2024-47965 | Out-of-bounds Read vulnerability in Deltaww Cncsoft-G2 2.1.0.10 Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. | 7.8 |
| 2024-10-10 | CVE-2024-47966 | Use of Uninitialized Resource vulnerability in Deltaww Cncsoft-G2 2.1.0.10 Delta Electronics CNCSoft-G2 lacks proper initialization of memory prior to accessing it. | 7.8 |
| 2024-10-03 | CVE-2024-42417 | SQL Injection vulnerability in Deltaww Diaenergie Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script Handler_CFG.ashx. | 8.8 |
| 2024-08-06 | CVE-2024-7502 | Out-of-bounds Write vulnerability in Deltaww Diascreen 1.2.1.23/1.3.2 A crafted DPA file could force Delta Electronics DIAScreen to overflow a stack-based buffer, which could allow an attacker to execute arbitrary code. | 7.8 |