Vulnerabilities > Auvesy

DATE CVE VULNERABILITY TITLE RISK
2021-10-22 CVE-2021-38469 Uncontrolled Search Path Element vulnerability in Auvesy Versiondog
Many of the services used by the affected product do not specify full paths for the DLLs they are loading.
local
low complexity
auvesy CWE-427
7.1
2021-10-22 CVE-2021-38471 Unrestricted Upload of File with Dangerous Type vulnerability in Auvesy Versiondog
There are multiple API function codes that permit data writing to any file, which may allow an attacker to modify existing files or create new files.
network
low complexity
auvesy CWE-434
critical
9.1
2021-10-22 CVE-2021-38473 Out-of-bounds Write vulnerability in Auvesy Versiondog
The affected product’s code base doesn’t properly control arguments for specific functions, which could lead to a stack overflow.
network
low complexity
auvesy CWE-787
8.8
2021-10-22 CVE-2021-38475 Unspecified vulnerability in Auvesy Versiondog
The database connection to the server is performed by calling a specific API, which could allow an unprivileged user to gain SYSDBA permissions.
network
low complexity
auvesy
8.8
2021-10-22 CVE-2021-38477 External Control of File Name or Path vulnerability in Auvesy Versiondog
There are multiple API function codes that permit reading and writing data to or from files and directories, which could lead to the manipulation and/or the deletion of files.
network
low complexity
auvesy CWE-73
critical
9.8
2021-10-22 CVE-2021-38479 Out-of-bounds Write vulnerability in Auvesy Versiondog
Many API function codes receive raw pointers remotely from the user and trust these pointers as valid in-bound memory regions.
network
low complexity
auvesy CWE-787
7.5
2021-10-22 CVE-2021-38481 SQL Injection vulnerability in Auvesy Versiondog
The scheduler service running on a specific TCP port enables the user to start and stop jobs.
network
low complexity
auvesy CWE-89
critical
9.8