Skip to main content

Versiondog

17 CVEs product

Monthly

CVE-2021-38481 CRITICAL Act Now

The scheduler service running on a specific TCP port enables the user to start and stop jobs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Versiondog
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2021-38479 HIGH PATCH This Week

Many API function codes receive raw pointers remotely from the user and trust these pointers as valid in-bound memory regions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Versiondog
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-38477 CRITICAL PATCH Act Now

There are multiple API function codes that permit reading and writing data to or from files and directories, which could lead to the manipulation and/or the deletion of files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Versiondog
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-38475 HIGH PATCH This Week

The database connection to the server is performed by calling a specific API, which could allow an unprivileged user to gain SYSDBA permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Versiondog
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-38473 HIGH PATCH This Week

The affected product’s code base doesn’t properly control arguments for specific functions, which could lead to a stack overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Versiondog
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-38471 CRITICAL PATCH Act Now

There are multiple API function codes that permit data writing to any file, which may allow an attacker to modify existing files or create new files. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Versiondog
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2021-38469 HIGH PATCH This Week

Many of the services used by the affected product do not specify full paths for the DLLs they are loading. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Versiondog
NVD
CVSS 3.1
7.1
EPSS
0.6%
CVE-2021-38467 HIGH PATCH This Week

A specific function code receives a raw pointer supplied by the user and deallocates this pointer. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Versiondog
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2021-38465 MEDIUM PATCH This Month

The webinstaller is a Golang web server executable that enables the generation of an Auvesy image agent. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Versiondog
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-38463 HIGH PATCH This Week

The affected product does not properly control the allocation of resources. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Versiondog
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2021-38461 HIGH PATCH This Week

The affected product uses a hard-coded blowfish key for encryption/decryption processes. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Versiondog
NVD
CVSS 3.1
8.2
EPSS
0.5%
CVE-2021-38459 CRITICAL PATCH Act Now

The data of a network capture of the initial handshake phase can be used to authenticate at a SYSDBA level. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Versiondog
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-38457 CRITICAL PATCH Act Now

The server permits communication without any authentication procedure, allowing the attacker to initiate a session with the server without providing any form of authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Versiondog
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-38455 MEDIUM PATCH This Month

The affected product’s OS Service does not verify any given parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Versiondog
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-38453 CRITICAL PATCH Act Now

Some API functions allow interaction with the registry, which includes reading values as well as data modification. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Versiondog
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2021-38451 MEDIUM PATCH This Month

The affected product’s proprietary protocol CSC allows for calling numerous function codes. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Versiondog
NVD
CVSS 3.1
5.7
EPSS
0.6%
CVE-2021-38449 CRITICAL Act Now

Some API functions permit by-design writing or copying data into a given buffer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Versiondog
NVD
CVSS 3.1
9.8
EPSS
1.2%
EPSS 1% CVSS 9.8
CRITICAL Act Now

The scheduler service running on a specific TCP port enables the user to start and stop jobs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Versiondog
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Many API function codes receive raw pointers remotely from the user and trust these pointers as valid in-bound memory regions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Versiondog
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

There are multiple API function codes that permit reading and writing data to or from files and directories, which could lead to the manipulation and/or the deletion of files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Versiondog
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

The database connection to the server is performed by calling a specific API, which could allow an unprivileged user to gain SYSDBA permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Versiondog
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

The affected product’s code base doesn’t properly control arguments for specific functions, which could lead to a stack overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Versiondog
NVD
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

There are multiple API function codes that permit data writing to any file, which may allow an attacker to modify existing files or create new files. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Versiondog
NVD
EPSS 1% CVSS 7.1
HIGH PATCH This Week

Many of the services used by the affected product do not specify full paths for the DLLs they are loading. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Versiondog
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

A specific function code receives a raw pointer supplied by the user and deallocates this pointer. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

The webinstaller is a Golang web server executable that enables the generation of an Auvesy image agent. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Versiondog
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

The affected product does not properly control the allocation of resources. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Versiondog
NVD
EPSS 1% CVSS 8.2
HIGH PATCH This Week

The affected product uses a hard-coded blowfish key for encryption/decryption processes. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Versiondog
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

The data of a network capture of the initial handshake phase can be used to authenticate at a SYSDBA level. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Versiondog
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

The server permits communication without any authentication procedure, allowing the attacker to initiate a session with the server without providing any form of authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Versiondog
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

The affected product’s OS Service does not verify any given parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Versiondog
NVD
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

Some API functions allow interaction with the registry, which includes reading values as well as data modification. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Versiondog
NVD
EPSS 1% CVSS 5.7
MEDIUM PATCH This Month

The affected product’s proprietary protocol CSC allows for calling numerous function codes. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Versiondog
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Some API functions permit by-design writing or copying data into a given buffer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Versiondog
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy