Lucene search
K

3858 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 8:15 a.m.4 views

CVE-2024-47131

If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetObjectInfo can be exploited, allowing the attacker to remotely execute arbitrary code...

8.4CVSS7.8AI score0.00298EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 3:2 a.m.10 views

CVE-2024-6003

A vulnerability was found in Guangdong Baolun Electronics IP Network Broadcasting Service Platform 2.0. It has been classified as critical. Affected is an unknown function of the file /api/v2/maps. The manipulation of the argument orderColumn leads to sql injection. It is possible to launch the...

7.5CVSS7.5AI score0.00526EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 2:29 a.m.15 views

CVE-2024-42417

Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script HandlerCFG.ashx. An authenticated attacker may be able to exploit this issue to cause delay in the targeted product...

8.8CVSS7.5AI score0.06585EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 12:13 a.m.7 views

CVE-2024-4548

An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message, which is split into 4 fields using the '' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field...

9.8CVSS7AI score0.29425EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2025/02/05 12:9 a.m.7 views

CVE-2024-4549

A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. When processing an 'ICS Restart!' message, CEBC.exe restarts the system...

7.5CVSS6.7AI score0.01109EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 12:3 a.m.4 views

CVE-2024-4547

A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the '' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field...

9.8CVSS7.1AI score0.01895EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/04 11:59 p.m.2 views

CVE-2024-4192

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process...

7.8CVSS6.8AI score0.00322EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/04 11:30 p.m.6 views

CVE-2024-39605

If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetParameter can be exploited, allowing the attacker to remotely execute arbitrary code...

8.4CVSS7.7AI score0.02878EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/04 11:17 p.m.6 views

CVE-2024-39880

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the curren...

8.8CVSS6.8AI score0.00738EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/04 11:15 p.m.18 views

CVE-2024-39354

If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in CEtherIPTagItem can be exploited, allowing the attacker to remotely execute arbitrary code...

8.4CVSS7.8AI score0.00298EPSS
Exploits0
CNVD
CNVD
added 2025/01/17 12:0 a.m.6 views

TOTOLINK X5000R switch parameter command injection vulnerability in the setScheduleCfg function

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X5000R version V9.1.0cu.2350B20230313, which stems from the failure of the "switch" parameter in setScheduleCfg to correctly filter for constructor command special...

8.8CVSS7.4AI score0.01573EPSS
Exploits1References1
CNVD
CNVD
added 2025/01/17 12:0 a.m.4 views

TOTOLINK X5000R setVpnAccountCfg function pass parameter command injection vulnerability

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X5000R version V9.1.0cu.2350B20230313, which stems from the "pass" parameter in setVpnAccountCfg failing to correctly filter constructor special characters, commands,...

8.8CVSS7.4AI score0.01573EPSS
Exploits1References1
CNVD
CNVD
added 2025/01/17 12:0 a.m.6 views

TOTOLINK X5000R sHour Parameter Command Injection Vulnerability in the setWiFiScheduleCfg Function

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in TOTOLINK X5000R version V9.1.0cu.2350B20230313, which stems from the "sHour" parameter in setWiFiScheduleCfg failing to correctly filter constructed command special characters,...

8.8CVSS7.4AI score0.01573EPSS
Exploits1References1
CNVD
CNVD
added 2025/01/17 12:0 a.m.7 views

TOTOLINK X5000R setScheduleCfg function week parameter command injection vulnerability

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X5000R version V9.1.0cu.2350B20230313, which stems from the failure of the "week" parameter in setScheduleCfg to correctly filter for constructed command special...

8.8CVSS7.4AI score0.01573EPSS
Exploits1References1
CNVD
CNVD
added 2025/01/17 12:0 a.m.12 views

TOTOLINK X5000R setVpnAccountCfg function user parameter command injection vulnerability

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. The TOTOLINK X5000R suffers from a command injection vulnerability that stems from the "user" parameter in setVpnAccountCfg failing to properly filter constructed command special characters, commands, etc. This vulnerability...

8.8CVSS9.5AI score0.01573EPSS
Exploits1References1
CNVD
CNVD
added 2025/01/17 12:0 a.m.6 views

TOTOLINK X5000R setScheduleCfg function's hour parameter command injection vulnerability

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X5000R version V9.1.0cu.2350B20230313, which stems from the "hour" parameter in setScheduleCfg failing to correctly filter constructed command special characters,...

8.8CVSS7.4AI score0.01573EPSS
Exploits1References1
CISA
CISA
added 2025/01/16 12:0 p.m.8 views

CISA Releases Twelve Industrial Control Systems Advisories

CISA released twelve Industrial Control Systems ICS advisories on January 16, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-016-01 Siemens Mendix LDAP ICSA-25-016-02 Siemens Industrial Edge Management...

7AI score
Exploits0References12
ICS
ICS
added 2025/01/09 7:0 a.m.5 views

Delta Electronics DRASimuCAD (Update A)

RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device or potentially allow remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA reminds organizations to...

7.8CVSS7.4AI score0.00351EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2025/01/04 2:2 a.m.2 views

SUSE CVE-2022-49035

In the Linux kernel, the following vulnerability has been resolved: media: s5pcec: limit msg.len to CECMAXMSGSIZE I expect that the hardware will have limited this to 16, but just in case it hasn't, check for this corner case...

7.8CVSS6.5AI score0.00203EPSS
Exploits0References12
OSV
OSV
added 2024/12/30 5:15 p.m.1 views

CVE-2024-12836

Delta Electronics DRASimuCAD STP File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is required to exploit this vulnerability in that the...

7.8CVSS6.2AI score
Exploits0References1
Rows per page
Query Builder