CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3851 matches found

NVD•added 2023/03/27 3:15 p.m.•14 views

CVE-2023-1140

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability that could allow an attacker to achieve unauthenticated remote code execution in the context of an administrator...

9.8CVSS9.8AI score0.01079EPSS

Exploits0References1

OSV•added 2023/03/27 3:15 p.m.•4 views

CVE-2023-1133

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which the Device-status service listens on port 10100/ UDP by default. The service accepts the unverified UDP packets and deserializes the content, which could allow an unauthenticated attacker to remote...

9.8CVSS6AI score0.5005EPSS

Exploits3References2

Prion•added 2023/03/27 3:15 p.m.•21 views

Code injection

7.5CVSS9.6AI score0.5005EPSS

Exploits3References2Affected Software1

Prion•added 2023/03/27 3:15 p.m.•20 views

Code injection

In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code...

6.5CVSS8.8AI score0.00835EPSS

Exploits0References1Affected Software1

Prion•added 2023/03/27 3:15 p.m.•17 views

Privilege escalation

In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could set incorrect directory permissions, which could result in local privilege escalation...

4.3CVSS7.6AI score0.00164EPSS

Exploits0References1Affected Software1

Prion•added 2023/03/27 3:15 p.m.•16 views

Improper access control

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contains an improper access control vulnerability in which an attacker can use the Device-Gateway service and bypass authorization, which could result in privilege escalation...

6.5CVSS8.6AI score0.00645EPSS

Exploits0References1Affected Software1

Prion•added 2023/03/27 3:15 p.m.•22 views

Deserialization of untrusted data

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-DataCollect service, which could allow deserialization of requests prior to authentication, resulting in remote code execution...

4.3CVSS8AI score0.00314EPSS

Exploits0References1Affected Software1

Prion•added 2023/03/27 3:15 p.m.•18 views

Improper access control

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain an improper access control vulnerability, which could allow an attacker to retrieve Gateway configuration files to obtain plaintext credentials...

5CVSS7.5AI score0.00571EPSS

Exploits0References1Affected Software1

Prion•added 2023/03/27 3:15 p.m.•16 views

Deserialization of untrusted data

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-gateway service, which could allow deserialization of requests prior to authentication, resulting in remote code execution...

6.5CVSS8.9AI score0.01255EPSS

Exploits0References1Affected Software1

Prion•added 2023/03/27 3:15 p.m.•20 views

Path traversal

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a path traversal vulnerability, which could allow an attacker to read local files, disclose plaintext credentials, and escalate privileges...

6.5CVSS8.5AI score0.00659EPSS

Exploits0References1Affected Software1

Prion•added 2023/03/27 3:15 p.m.•12 views

Privilege escalation

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which a low-level user could extract files and plaintext credentials of administrator users, resulting in privilege escalation...

6.5CVSS8.6AI score0.0055EPSS

Exploits0References1Affected Software1

Prion•added 2023/03/27 3:15 p.m.•19 views

Authentication flaw

In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an unauthenticated attacker could generate a valid token, which would lead to authentication bypass...

5CVSS7.7AI score0.00736EPSS

Exploits0References1Affected Software1

Prion•added 2023/03/27 3:15 p.m.•16 views

Command injection

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a command injection vulnerability that could allow an attacker to inject arbitrary commands, which could result in remote code execution...

6.5CVSS9AI score0.01583EPSS

Exploits0References1Affected Software1

Prion•added 2023/03/27 3:15 p.m.•19 views

Authentication flaw

In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use URL decoding to retrieve system files, credentials, and bypass authentication resulting in privilege escalation...

7.5CVSS9.5AI score0.0109EPSS

Exploits0References1Affected Software1

CVE•added 2023/03/27 2:59 p.m.•57 views

CVE-2023-1135

Delta Electronics InfraSuite Device Master prior to version 1.0.5 contains an incorrect permission assignment issue in the installer, enabling local privilege escalation by a non-authenticated or low-privileged attacker who can execute code on the target system. Connected advisories corroborate t...

7.8CVSS7.4AI score0.00164EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2023/03/27 2:59 p.m.•6 views

CVE-2023-1135

In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could set incorrect directory permissions, which could result in local privilege escalation...

7.8CVSS6.6AI score0.00164EPSS

Exploits0References1

Cvelist•added 2023/03/27 2:59 p.m.•25 views

CVE-2023-1135

In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could set incorrect directory permissions, which could result in local privilege escalation...

7.8CVSS7.7AI score0.00164EPSS

Exploits0References1

Cvelist•added 2023/03/27 2:56 p.m.•19 views

CVE-2023-1145

7.8CVSS8AI score0.00314EPSS

Exploits0References1

CVE•added 2023/03/27 2:56 p.m.•60 views

CVE-2023-1145

Delta Electronics InfraSuite Device Master (Linux/Windows real-time device monitoring software) versions prior to 1.0.5 are affected by a deserialization vulnerability in the Device-DataCollect service that can deserialize requests before authentication, enabling remote code execution. The issue,...

7.8CVSS7.7AI score0.00314EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2023/03/27 2:56 p.m.•5 views

CVE-2023-1145

7.8CVSS7.3AI score0.00314EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by