Fujielectric V-Server vulnerabilities
29 known vulnerabilities affecting fujielectric/v-server.
Total CVEs
29
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH27
Vulnerabilities
Page 1 of 2
CVE-2019-18240P2CRITICALCVSS 9.8≤ 4.0.62019-11-13
CVE-2019-18240 [CRITICAL] CWE-122 CVE-2019-18240: In Fuji Electric V-Server 4.0.6 and prior, several heap-based buffer overflows have been identified,
In Fuji Electric V-Server 4.0.6 and prior, several heap-based buffer overflows have been identified, which may allow an attacker to remotely execute arbitrary code.
nvd
CVE-2019-3947P3CRITICALCVSS 9.8fixed in 6.0.33.02019-06-12
CVE-2019-3947 [CRITICAL] CWE-522 CVE-2019-3947: Fuji Electric V-Server before 6.0.33.0 stores database credentials in project files as plaintext. An
Fuji Electric V-Server before 6.0.33.0 stores database credentials in project files as plaintext. An attacker that can gain access to the project file can recover the database credentials and gain access to the database server.
nvd
CVE-2017-9639P3HIGHCVSS 7.3≤ 3.3.22.02017-07-17
CVE-2017-9639 [HIGH] CWE-119 CVE-2017-9639: An issue was discovered in Fuji Electric V-Server Version 3.3.22.0 and prior. A memory corruption vu
An issue was discovered in Fuji Electric V-Server Version 3.3.22.0 and prior. A memory corruption vulnerability has been identified (aka improper restriction of operations within the bounds of a memory buffer), which may allow remote code execution.
nvd
CVE-2021-22639P3HIGHCVSS 7.8fixed in 4.0.10.02021-01-27
CVE-2021-22639 [HIGH] CWE-824 CVE-2021-22639: An uninitialized pointer issue has been identified in the way the application processes project file
An uninitialized pointer issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).
nvd
CVE-2019-3946P3HIGHCVSS 7.5fixed in 6.0.33.02019-06-12
CVE-2019-3946 [HIGH] CWE-190 CVE-2019-3946: Fuji Electric V-Server before 6.0.33.0 is vulnerable to denial of service via a crafted UDP message
Fuji Electric V-Server before 6.0.33.0 is vulnerable to denial of service via a crafted UDP message sent to port 8005. An unauthenticated, remote attacker can crash vserver.exe due to an integer overflow in the UDP message handling logic.
nvd
CVE-2021-22637P3HIGHCVSS 7.8fixed in 4.0.10.02021-01-27
CVE-2021-22637 [HIGH] CWE-121 CVE-2021-22637: Multiple stack-based buffer overflow issues have been identified in the way the application processe
Multiple stack-based buffer overflow issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).
nvd
CVE-2021-22653P3HIGHCVSS 7.8fixed in 4.0.10.02021-01-27
CVE-2021-22653 [HIGH] CWE-787 CVE-2021-22653: Multiple out-of-bounds write issues have been identified in the way the application processes projec
Multiple out-of-bounds write issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).
nvd
CVE-2020-25171P3HIGHCVSS 7.8fixed in 3.3.24.02021-02-19
CVE-2020-25171 [HIGH] CWE-787 CVE-2020-25171: The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 are vulnerable to an out-of-boun
The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code.
nvd
CVE-2023-47586P3HIGHCVSS 7.8≤ 4.0.18.02023-11-15
CVE-2023-47586 [HIGH] CWE-787 CVE-2023-47586: Multiple heap-based buffer overflow vulnerabilities exist in V-Server V4.0.18.0 and earlier and V-Se
Multiple heap-based buffer overflow vulnerabilities exist in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be executed.
nvd
CVE-2021-22641P3HIGHCVSS 7.8fixed in 4.0.10.02021-01-27
CVE-2021-22641 [HIGH] CWE-122 CVE-2021-22641: A heap-based buffer overflow issue has been identified in the way the application processes project
A heap-based buffer overflow issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).
nvd
CVE-2021-22655P3HIGHCVSS 7.8fixed in 4.0.10.02021-01-27
CVE-2021-22655 [HIGH] CWE-125 CVE-2021-22655: Multiple out-of-bounds read issues have been identified in the way the application processes project
Multiple out-of-bounds read issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).
nvd
CVE-2021-38419P3HIGHCVSS 7.8fixed in 4.0.12.02021-12-20
CVE-2021-38419 [HIGH] CWE-787 CVE-2021-38419: Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-o
Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds write, which can result in data corruption, a system crash, or code execution.
nvd
CVE-2022-29524P3HIGHCVSS 7.8≤ 4.0.11.0≤ 4.0.13.02022-06-14
CVE-2022-29524 [HIGH] CWE-787 CVE-2022-29524: Out-of-bounds write vulnerability exists in V-Server v4.0.11.0 and earlier and V-Server Lite v4.0.13
Out-of-bounds write vulnerability exists in V-Server v4.0.11.0 and earlier and V-Server Lite v4.0.13.0 and earlier, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.
nvd
CVE-2023-47584P3HIGHCVSS 7.8≤ 4.0.18.02023-11-15
CVE-2023-47584 [HIGH] CWE-787 CVE-2023-47584: Out-of-bounds write vulnerability exists in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18
Out-of-bounds write vulnerability exists in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be executed.
nvd
CVE-2018-10637P3HIGHCVSS 7.8≤ 4.0.3.02018-09-13
CVE-2018-10637 [HIGH] CWE-120 CVE-2018-10637: A maliciously crafted project file may cause a buffer overflow, which may allow the attacker to exec
A maliciously crafted project file may cause a buffer overflow, which may allow the attacker to execute arbitrary code that affects Fuji Electric V-Server Lite 4.0.3.0 and prior.
nvd
CVE-2021-38413P3HIGHCVSS 7.8fixed in 4.0.12.02021-12-20
CVE-2021-38413 [HIGH] CWE-121 CVE-2021-38413: Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to a stack-
Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to a stack-based buffer overflow, which may allow an attacker to achieve code execution.
nvd
CVE-2021-38415P3HIGHCVSS 7.8fixed in 4.0.12.02021-12-20
CVE-2021-38415 [HIGH] CWE-122 CVE-2021-38415: Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable a heap-base
Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable a heap-based buffer overflow when parsing a specially crafted project file, which may allow an attacker to execute arbitrary code.
nvd
CVE-2022-30549P3HIGHCVSS 7.8≤ 4.0.11.0≤ 4.0.13.02022-06-16
CVE-2022-30549 [HIGH] CWE-125 CVE-2022-30549: Out-of-bounds read vulnerability exists in V-Server v4.0.11.0 and earlier and V-Server Lite v4.0.13.
Out-of-bounds read vulnerability exists in V-Server v4.0.11.0 and earlier and V-Server Lite v4.0.13.0 and earlier, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.
nvd
CVE-2022-29522P3HIGHCVSS 7.8fixed in 4.0.12.0fixed in 4.0.13.0a2022-06-14
CVE-2022-29522 [HIGH] CWE-416 CVE-2022-29522: Use after free vulnerability exists in the simulator module contained in the graphic editor 'V-SFT'
Use after free vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.
nvd
CVE-2023-31239P3HIGHCVSS 7.8v4.0.15.02023-06-19
CVE-2023-31239 [HIGH] CWE-125 CVE-2023-31239: Stack-based buffer overflow vulnerability in V-Server v4.0.15.0 and V-Server Lite v4.0.15.0 and earl
Stack-based buffer overflow vulnerability in V-Server v4.0.15.0 and V-Server Lite v4.0.15.0 and earlier allows an attacker to execute arbitrary code by having user open a specially crafted VPR file.
nvd
1 / 2Next →