CVE-2019-3946
https://notcve.org/view.php?id=CVE-2019-3946
Fuji Electric V-Server before 6.0.33.0 is vulnerable to denial of service via a crafted UDP message sent to port 8005. An unauthenticated, remote attacker can crash vserver.exe due to an integer overflow in the UDP message handling logic. El Fuji Electric V-Server anterior a versión 6.0.33.0, es vulnerable a la denegación de servicio por medio de un mensaje UDP creado en el puerto 8005. Un atacante remoto no identificado puede bloquear el archivo vserver.exe debido a un desbordamiento de enteros en la lógica de manejo de mensajes UDP. • http://www.securityfocus.com/bid/108740 https://www.tenable.com/security/research/tra-2019-27 • CWE-190: Integer Overflow or Wraparound •
CVE-2018-10637 – Fuji Electric V-Server Lite File Parsing Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-10637
A maliciously crafted project file may cause a buffer overflow, which may allow the attacker to execute arbitrary code that affects Fuji Electric V-Server Lite 4.0.3.0 and prior. Un archivo de proyecto maliciosamente manipulado podría provocar un desbordamiento de búfer, lo que podría permitir que el atacante ejecute código arbitrario que afecta a Fuji Electric V-Server Lite 4.0.3.0 y anteriores. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of VPR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer. • http://www.securityfocus.com/bid/105328 https://ics-cert.us-cert.gov/advisories/ICSA-18-254-02 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2017-9639 – Fuji Electric V-Server VPR File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-9639
An issue was discovered in Fuji Electric V-Server Version 3.3.22.0 and prior. A memory corruption vulnerability has been identified (aka improper restriction of operations within the bounds of a memory buffer), which may allow remote code execution. Un problema fue descubierto en Fuji Electric V-Server en su versión 3.3.22.0 y anteriores. Una vulnerabilidad de corrupción de memoria ha sido identificada (También conocido como restricción de operaciones inapropiada dentro de los límites del buffer de la memoria), lo que podría permitir ejecución de código remoto. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Fuji Electric V-Server. • http://www.securityfocus.com/bid/99544 https://ics-cert.us-cert.gov/advisories/ICSA-17-192-02 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •