CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-3947
https://notcve.org/view.php?id=CVE-2019-3947
Fuji Electric V-Server before 6.0.33.0 stores database credentials in project files as plaintext. An attacker that can gain access to the project file can recover the database credentials and gain access to the database server. Fuji Electric V-Server anterior 6.0.33.0 almacena credenciales en archivos de proyecto como plaintext un atacante que puede obtener accesos para los archivos de proyecto puede recuperar las credenciales de bases de datos y conseguir acceso a la base de datos del servidor • http://www.securityfocus.com/bid/108740 https://www.tenable.com/security/research/tra-2019-27 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-3946
https://notcve.org/view.php?id=CVE-2019-3946
Fuji Electric V-Server before 6.0.33.0 is vulnerable to denial of service via a crafted UDP message sent to port 8005. An unauthenticated, remote attacker can crash vserver.exe due to an integer overflow in the UDP message handling logic. El Fuji Electric V-Server anterior a versión 6.0.33.0, es vulnerable a la denegación de servicio por medio de un mensaje UDP creado en el puerto 8005. Un atacante remoto no identificado puede bloquear el archivo vserver.exe debido a un desbordamiento de enteros en la lógica de manejo de mensajes UDP. • http://www.securityfocus.com/bid/108740 https://www.tenable.com/security/research/tra-2019-27 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-14817
https://notcve.org/view.php?id=CVE-2018-14817
Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow vulnerability has been identified, which may allow remote code execution. En Fuji Electric V-Server en versiones 4.0.3.0 y anteriores, se ha identificado una vulnerabilidad de subdesbordamiento de enteros que podría permitir la ejecución remota de código. • http://www.securityfocus.com/bid/105341 https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2018-14815 – Fuji Electric V-Server VPR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-14815
Fuji Electric V-Server 4.0.3.0 and prior, Several out-of-bounds write vulnerabilities have been identified, which may allow remote code execution. En Fuji Electric V-Server en versiones 4.0.3.0 y anteriores, se han identificado múltiples vulnerabilidades de escritura fuera de límites que podrían permitir la ejecución remota de código. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Fuji Electric V-Server. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of a VPR file. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. • http://www.securityfocus.com/bid/105341 https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2018-14811 – Fuji Electric V-Server VPR File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-14811
Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer dereference vulnerabilities have been identified, which may allow remote code execution. En Fuji Electric V-Server en versiones 4.0.3.0 y anteriores, se han identificado múltiples vulnerabilidades de desreferencia de puntero no fiable que podrían permitir la ejecución remota de código. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Fuji Electric V-Server. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of a VPR file. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. • http://www.securityfocus.com/bid/105341 https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01 • CWE-476: NULL Pointer Dereference CWE-822: Untrusted Pointer Dereference •