Every CVE whose affected-product data names Auvesy Versiondog, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (17)
CVE-2021-38477 — CVSS 9.8 (critical): There are multiple API function codes that permit reading and writing data to or from files and directories, which could lead to the…
CVE-2021-38457 — CVSS 9.8 (critical): The server permits communication without any authentication procedure, allowing the attacker to initiate a session with the server without…
CVE-2021-38449 — CVSS 9.8 (critical): Some API functions permit by-design writing or copying data into a given buffer. Since the client controls these parameters, an attacker…
CVE-2021-38471 — CVSS 9.1 (critical): There are multiple API function codes that permit data writing to any file, which may allow an attacker to modify existing files or create…
CVE-2021-38469 — CVSS 9.1 (critical): Many of the services used by the affected product do not specify full paths for the DLLs they are loading. An attacker can exploit the…
CVE-2021-38453 — CVSS 9.1 (critical): Some API functions allow interaction with the registry, which includes reading values as well as data modification.
CVE-2021-38461 — CVSS 8.2 (high): The affected product uses a hard-coded blowfish key for encryption/decryption processes. The key can be easily extracted from binaries.
CVE-2021-38481 — CVSS 8.1 (high): The scheduler service running on a specific TCP port enables the user to start and stop jobs. There is no sanitation of the supplied JOB ID…
CVE-2021-38459 — CVSS 8.1 (high): The data of a network capture of the initial handshake phase can be used to authenticate at a SYSDBA level. If a specific .exe is not…
CVE-2021-38465 — CVSS 8.0 (high): The webinstaller is a Golang web server executable that enables the generation of an Auvesy image agent. Resource consumption can be…
CVE-2021-38473 — CVSS 8.0 (high): The affected product’s code base doesn’t properly control arguments for specific functions, which could lead to a stack overflow.
CVE-2021-38475 — CVSS 7.3 (high): The database connection to the server is performed by calling a specific API, which could allow an unprivileged user to gain SYSDBA…
CVE-2021-38455 — CVSS 7.3 (high): The affected product’s OS Service does not verify any given parameter. A user can supply any type of parameter that will be passed to…
CVE-2021-38467 — CVSS 7.3 (high): A specific function code receives a raw pointer supplied by the user and deallocates this pointer. The user can then control what memory…
CVE-2021-38463 — CVSS 7.3 (high): The affected product does not properly control the allocation of resources. A user may be able to allocate unlimited memory buffers using…
CVE-2021-38479 — CVSS 6.5 (medium): Many API function codes receive raw pointers remotely from the user and trust these pointers as valid in-bound memory regions. An attacker…
CVE-2021-38451 — CVSS 4.8 (medium): The affected product’s proprietary protocol CSC allows for calling numerous function codes. In order to call those function codes, the…