Vulnerabilities > Auvesy > Versiondog > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-22 | CVE-2021-38449 | Write-what-where Condition vulnerability in Auvesy Versiondog Some API functions permit by-design writing or copying data into a given buffer. | 7.5 |
| 2021-10-22 | CVE-2021-38459 | Authentication Bypass by Capture-replay vulnerability in Auvesy Versiondog The data of a network capture of the initial handshake phase can be used to authenticate at a SYSDBA level. | 7.5 |
| 2021-10-22 | CVE-2021-38461 | Use of Hard-coded Credentials vulnerability in Auvesy Versiondog The affected product uses a hard-coded blowfish key for encryption/decryption processes. | 8.2 |
| 2021-10-22 | CVE-2021-38463 | Allocation of Resources Without Limits or Throttling vulnerability in Auvesy Versiondog The affected product does not properly control the allocation of resources. | 8.1 |
| 2021-10-22 | CVE-2021-38475 | Unspecified vulnerability in Auvesy Versiondog The database connection to the server is performed by calling a specific API, which could allow an unprivileged user to gain SYSDBA permissions. | 8.8 |
| 2021-10-22 | CVE-2021-38481 | SQL Injection vulnerability in Auvesy Versiondog The scheduler service running on a specific TCP port enables the user to start and stop jobs. | 7.5 |