Vulnerabilities > Auvesy > Versiondog

DATE CVE VULNERABILITY TITLE RISK
2021-10-22 CVE-2021-38449 Write-what-where Condition vulnerability in Auvesy Versiondog
Some API functions permit by-design writing or copying data into a given buffer.
network
low complexity
auvesy CWE-123
7.5
2021-10-22 CVE-2021-38451 Out-of-bounds Read vulnerability in Auvesy Versiondog
The affected product’s proprietary protocol CSC allows for calling numerous function codes.
network
auvesy CWE-125
3.5
2021-10-22 CVE-2021-38453 External Control of System or Configuration Setting vulnerability in Auvesy Versiondog
Some API functions allow interaction with the registry, which includes reading values as well as data modification.
network
low complexity
auvesy CWE-15
6.4
2021-10-22 CVE-2021-38455 Improper Input Validation vulnerability in Auvesy Versiondog
The affected product’s OS Service does not verify any given parameter.
network
low complexity
auvesy CWE-20
4.0
2021-10-22 CVE-2021-38457 Missing Authentication for Critical Function vulnerability in Auvesy Versiondog
The server permits communication without any authentication procedure, allowing the attacker to initiate a session with the server without providing any form of authentication.
network
low complexity
auvesy CWE-306
critical
9.8
2021-10-22 CVE-2021-38459 Authentication Bypass by Capture-replay vulnerability in Auvesy Versiondog
The data of a network capture of the initial handshake phase can be used to authenticate at a SYSDBA level.
network
low complexity
auvesy CWE-294
7.5
2021-10-22 CVE-2021-38461 Use of Hard-coded Credentials vulnerability in Auvesy Versiondog
The affected product uses a hard-coded blowfish key for encryption/decryption processes.
network
low complexity
auvesy CWE-798
8.2
2021-10-22 CVE-2021-38463 Allocation of Resources Without Limits or Throttling vulnerability in Auvesy Versiondog
The affected product does not properly control the allocation of resources.
network
low complexity
auvesy CWE-770
8.1
2021-10-22 CVE-2021-38465 Allocation of Resources Without Limits or Throttling vulnerability in Auvesy Versiondog
The webinstaller is a Golang web server executable that enables the generation of an Auvesy image agent.
network
low complexity
auvesy CWE-770
6.5
2021-10-22 CVE-2021-38467 Use After Free vulnerability in Auvesy Versiondog
A specific function code receives a raw pointer supplied by the user and deallocates this pointer.
network
low complexity
auvesy CWE-416
5.5