CVE-2021-43982

Delta Electronics CNCSoft Versions 1.01.30 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code...

Stack overflow

Delta Electronics CNCSoft Versions 1.01.30 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code...

CVE-2021-43982

Delta Electronics CNCSoft (CNCSoft) vulnerable to a stack-based buffer overflow in the DPB file parsing within the ScreenEditor module. Affects CNCSoft versions 1.01.30 and earlier. Root cause: insufficient length validation before copying data to a fixed-size stack buffer, enabling arbitrary cod...

CVE-2021-43982 Delta Electronics CNCSoft

Delta Electronics CNCSoft Versions 1.01.30 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code...

Delta Electronics CNCSoft 安全漏洞

Delta Electronics CNCSoft is a CNC machine simulation system software from Delta Electronics, China. The software provides high-performance motion control, rich human-machine interface functions, user-friendly operation, high stability to meet the needs of high-speed cutting, and good flexibility...

Delta Electronics CNCSoft

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: CNCSoft Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow for arbitrary code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED...

The vulnerability of the DOPSoft software, designed for programming operator panels of Delta Electronics, arises from buffer overflows in the stack. This allows an attacker to execute arbitrary code.

The vulnerability of the DOPSoft software, designed for programming operator panels by Delta Electronics, is due to a buffer overflow in the stack. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

Weak Password Vulnerability in Golden Dragon Card Water Control Management System

Harbin Xinzhongxin Electronics Co., Ltd. is a leading provider of campus card system solutions in China. A weak password vulnerability exists in the Golden Dragon Card Water Control Management System, which can be exploited by attackers to obtain sensitive information...

CVE-2021-30321

Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity...

Information disclosure

Information disclosure through timing and power side-channels during mod exponentiation for RSA-CRT in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice &...

Buffer overflow

Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity...

CVE-2021-30321

Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity...

CVE-2021-38424

The tag interface of Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to an attacker injecting formulas into the tag data. Those formulas may then be executed when it is opened with a spreadsheet application...

CVE-2021-38428

Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API schedule, which may allow an attacker to remotely execute code...

CVE-2021-38407

Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API devices, which may allow an attacker to remotely execute code...

CVE-2021-38416

Delta Electronics DIALink versions 1.2.4.0 and prior insecurely loads libraries, which may allow an attacker to use DLL hijacking and takeover the system where the software is installed...

CVE-2021-38420

Delta Electronics DIALink versions 1.2.4.0 and prior default permissions give extensive permissions to low-privileged user accounts, which may allow an attacker to modify the installation directory and upload malicious files...

CVE-2021-38418

Delta Electronics DIALink versions 1.2.4.0 and prior runs by default on HTTP, which may allow an attacker to be positioned between the traffic and perform a machine-in-the-middle attack to access information without authorization...

CVE-2021-38422

Delta Electronics DIALink versions 1.2.4.0 and prior stores sensitive information in cleartext, which may allow an attacker to have extensive access to the application directory and escalate privileges...

CVE-2021-38403

Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter supplier of the API maintenance, which may allow an attacker to remotely execute code...