Vulnerabilities > Auvesy > Versiondog > 6.5.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-22 | CVE-2021-38469 | Uncontrolled Search Path Element vulnerability in Auvesy Versiondog Many of the services used by the affected product do not specify full paths for the DLLs they are loading. | 4.3 |
| 2021-10-22 | CVE-2021-38471 | Unrestricted Upload of File with Dangerous Type vulnerability in Auvesy Versiondog There are multiple API function codes that permit data writing to any file, which may allow an attacker to modify existing files or create new files. | 6.4 |
| 2021-10-22 | CVE-2021-38473 | Out-of-bounds Write vulnerability in Auvesy Versiondog The affected product’s code base doesn’t properly control arguments for specific functions, which could lead to a stack overflow. | 6.5 |
| 2021-10-22 | CVE-2021-38475 | Unspecified vulnerability in Auvesy Versiondog The database connection to the server is performed by calling a specific API, which could allow an unprivileged user to gain SYSDBA permissions. | 8.8 |
| 2021-10-22 | CVE-2021-38477 | External Control of File Name or Path vulnerability in Auvesy Versiondog There are multiple API function codes that permit reading and writing data to or from files and directories, which could lead to the manipulation and/or the deletion of files. | 6.4 |
| 2021-10-22 | CVE-2021-38479 | Out-of-bounds Write vulnerability in Auvesy Versiondog Many API function codes receive raw pointers remotely from the user and trust these pointers as valid in-bound memory regions. | 5.0 |
| 2021-10-22 | CVE-2021-38481 | SQL Injection vulnerability in Auvesy Versiondog The scheduler service running on a specific TCP port enables the user to start and stop jobs. | 7.5 |