Vulnerabilities > Auvesy > Versiondog > 6.5.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-22 | CVE-2021-38449 | Write-what-where Condition vulnerability in Auvesy Versiondog Some API functions permit by-design writing or copying data into a given buffer. | 7.5 |
| 2021-10-22 | CVE-2021-38451 | Out-of-bounds Read vulnerability in Auvesy Versiondog The affected product’s proprietary protocol CSC allows for calling numerous function codes. | 3.5 |
| 2021-10-22 | CVE-2021-38453 | External Control of System or Configuration Setting vulnerability in Auvesy Versiondog Some API functions allow interaction with the registry, which includes reading values as well as data modification. | 6.4 |
| 2021-10-22 | CVE-2021-38455 | Improper Input Validation vulnerability in Auvesy Versiondog The affected product’s OS Service does not verify any given parameter. | 4.0 |
| 2021-10-22 | CVE-2021-38457 | Missing Authentication for Critical Function vulnerability in Auvesy Versiondog The server permits communication without any authentication procedure, allowing the attacker to initiate a session with the server without providing any form of authentication. | 9.8 |
| 2021-10-22 | CVE-2021-38459 | Authentication Bypass by Capture-replay vulnerability in Auvesy Versiondog The data of a network capture of the initial handshake phase can be used to authenticate at a SYSDBA level. | 7.5 |
| 2021-10-22 | CVE-2021-38461 | Use of Hard-coded Credentials vulnerability in Auvesy Versiondog The affected product uses a hard-coded blowfish key for encryption/decryption processes. | 8.2 |
| 2021-10-22 | CVE-2021-38463 | Allocation of Resources Without Limits or Throttling vulnerability in Auvesy Versiondog The affected product does not properly control the allocation of resources. | 8.1 |
| 2021-10-22 | CVE-2021-38465 | Allocation of Resources Without Limits or Throttling vulnerability in Auvesy Versiondog The webinstaller is a Golang web server executable that enables the generation of an Auvesy image agent. | 6.5 |
| 2021-10-22 | CVE-2021-38467 | Use After Free vulnerability in Auvesy Versiondog A specific function code receives a raw pointer supplied by the user and deallocates this pointer. | 5.5 |