Vulnerabilities > Deltaww > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-29 | CVE-2022-1402 | Unspecified vulnerability in Deltaww Asda Soft 5.4.1.0 ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition. | 7.1 |
| 2022-04-29 | CVE-2022-1403 | Out-of-bounds Write vulnerability in Deltaww Asda Soft 5.4.1.0 ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds write condition. | 7.8 |
| 2022-04-01 | CVE-2022-1098 | Uncontrolled Search Path Element vulnerability in Deltaww Diaenergie 1.08.00/1.7.5/1.8.0 Delta Electronics DIAEnergie (all versions prior to 1.8.02.004) are vulnerable to a DLL hijacking condition. | 7.8 |
| 2022-03-29 | CVE-2022-25347 | Path Traversal vulnerability in Deltaww Diaenergie 1.08.00/1.7.5/1.8.0 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to path traversal attacks, which may allow an attacker to write arbitrary files to locations on the file system. | 7.5 |
| 2022-03-29 | CVE-2022-26839 | Incorrect Default Permissions vulnerability in Deltaww Diaenergie 1.08.00/1.7.5/1.8.0 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to an incorrect default permission in the DIAEnergie application, which may allow an attacker to plant new files (such as DLLs) or replace existing executable files. | 7.8 |
| 2022-03-25 | CVE-2022-0988 | Cleartext Transmission of Sensitive Information vulnerability in Deltaww Diaenergie 1.7.5 Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable to cleartext transmission as the web application runs by default on HTTP. | 7.5 |
| 2021-12-09 | CVE-2021-43982 | Unspecified vulnerability in Deltaww Cncsoft 1.00.83/1.01.30 Delta Electronics CNCSoft Versions 1.01.30 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. | 7.8 |
| 2021-11-03 | CVE-2021-38416 | Unspecified vulnerability in Deltaww Dialink 1.2.4.0 Delta Electronics DIALink versions 1.2.4.0 and prior insecurely loads libraries, which may allow an attacker to use DLL hijacking and takeover the system where the software is installed. | 7.8 |
| 2021-11-03 | CVE-2021-38420 | Incorrect Default Permissions vulnerability in Deltaww Dialink 1.2.4.0 Delta Electronics DIALink versions 1.2.4.0 and prior default permissions give extensive permissions to low-privileged user accounts, which may allow an attacker to modify the installation directory and upload malicious files. | 7.8 |
| 2021-11-03 | CVE-2021-38422 | Unspecified vulnerability in Deltaww Dialink 1.2.4.0 Delta Electronics DIALink versions 1.2.4.0 and prior stores sensitive information in cleartext, which may allow an attacker to have extensive access to the application directory and escalate privileges. | 7.8 |