Delta Electronics DIAEnergie SQL注入漏洞

Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.Delta Electronics...

Delta Electronics DIAEnergie (Update C)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: DIAEnergie Vulnerabilities: Path Traversal, Incorrect Default Permissions, SQL Injection, Uncontrolled Search Path Element 2. UPDATE INFORMATION This updated advisory is a...

Totolink X5000R Command Injection Vulnerability

Totolink X5000R is a router from China-based Jion Electronics Totolink. a command injection vulnerability exists in Totolink X5000R v9.1.0u.6118B20201102, which stems from a failure of the tz parameter in the setNtpCfg function to properly filter the special element of the constructed command. An...

Lg Electronics Lg WebOs 安全漏洞

Lg Electronics Lg WebOs is a Linux kernel-based smart TV operating system from Lg Electronics, a South Korean company. A security vulnerability exists in Lg Electronics Lg WebOs that originates from a local elevation of privilege via a V8 engine vulnerability heap vulnerability...

Samsung Confirms Lapsus$ Ransomware Hit, Source Code Leak

Just days after leaking data it claims to have exfiltrated from chipmaker NVIDIA, ransomware group Lapsus$ is claiming another international company among its victims — this time releasing data purportedly stolen from Samsung Electronics. The consumer electronics giant confirmed in a media...

hilpert-electronics.de Improper Access Control vulnerability OBB-2398404

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

PT-2022-13861 · Delta Electronics · Cncsoft

Name of the Vulnerable Software and Affected Versions: Delta Electronics CNCSoft versions prior to 1.01.32 Description: The issue arises from improper input sanitization when processing a specific project file, leading to a possible out-of-bounds read condition. This can potentially result in...

Command Execution Vulnerability in TOTOLINK N302R Plus

Ltd. is a high-tech foreign enterprise located in Shajing, Baoan, Shenzhen. A command execution vulnerability exists in TOTOLINK N302R Plus, which can be exploited by attackers to execute commands...

Totolink X5000R Command Injection Vulnerability

Totolink X5000R is a router from China's Gion Electronics Totolink. TOTOLINK X5000R v9.1.0u.6118B20201102 suffers from a command injection vulnerability that can be exploited by an attacker to execute arbitrary commands by parameterizing the host time...

CVE-2021-30317

Improper validation of program headers containing ELF metadata can lead to image verification bypass in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voi...

Conti, DeadBolt Target Delta, QNAP

Two Taiwanese companies were affected by separate ransomware incidents this week, forcing one to scramble to restore crippled systems and another to push out an emergency update to mitigate attacks on its customers. Delta Electronics, an electronics company that provides products for Apple, Tesla...

Information Disclosure Vulnerability in TOTOLINK-N302RE

TOTOLINK is a brand held by Gion Electronics Shenzhen Co., Ltd, founded in 1999, is a high-tech foreign-funded enterprises, one of the global network equipment suppliers. An information disclosure vulnerability exists in TOTOLINK-N302RE, which can be exploited by attackers to obtain sensitive...

Integer overflow

Possible integer overflow due to improper validation of command length parameters while processing WMI command in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,...

CVE-2021-30319

CVE-2021-30319 describes a possible integer overflow due to improper validation of command length parameters while processing WMI commands in Qualcomm Snapdragon components (Auto, Compute, Connectivity, Consumer Electronics Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music). The r...

PT-2022-9984 · Qualcomm · Snapdragon Connectivity +7

Name of the Vulnerable Software and Affected Versions: Snapdragon Auto affected versions not specified Snapdragon Compute affected versions not specified Snapdragon Connectivity affected versions not specified Snapdragon Consumer Electronics Connectivity affected versions not specified Snapdragon...

CVE-2021-30348

Improper validation of LLM utility timers availability can lead to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music...

CVE-2021-30272

Possible null pointer dereference in thread cache operation handler due to lack of validation of user provided input in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice ...

CVE-2021-30271

Possible null pointer dereference in trap handler due to lack of thread ID validation before dereferencing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music...

CVE-2021-30303

Possible buffer overflow due to lack of buffer length check when segmented WMI command is received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice...

CVE-2021-30269

Possible null pointer dereference due to lack of TLB validation for user provided address in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired...