Filtered by vendor Devolutions
Subscribe
Total
54 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1342 | 1 Devolutions | 1 Remote Desktop Manager | 2024-02-28 | 2.1 LOW | 4.6 MEDIUM |
| A lack of password masking in Devolutions Remote Desktop Manager allows physically proximate attackers to observe sensitive data. A caching issue can cause sensitive fields to sometimes stay revealed when closing and reopening a panel, which could lead to involuntarily disclosing sensitive information. This issue affects: Devolutions Remote Desktop Manager 2022.1.24 version and prior versions. | |||||
| CVE-2022-33995 | 1 Devolutions | 1 Remote Desktop Manager | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| A path traversal issue in entry attachments in Devolutions Remote Desktop Manager before 2022.2 allows attackers to create or overwrite files in an arbitrary location. | |||||
| CVE-2022-2221 | 1 Devolutions | 1 Remote Desktop Manager | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager before 2022.1.8 allows authenticated users to access credentials of other users. This issue affects: Devolutions Remote Desktop Manager versions prior to 2022.1.8. | |||||
| CVE-2021-42098 | 1 Devolutions | 1 Remote Desktop Manager | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| An incomplete permission check on entries in Devolutions Remote Desktop Manager before 2021.2.16 allows attackers to bypass permissions via batch custom PowerShell. | |||||
| CVE-2021-36382 | 1 Devolutions | 1 Devolutions Server | 2024-02-28 | 4.3 MEDIUM | 3.7 LOW |
| Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint (which accepts cleartext). | |||||
| CVE-2021-23922 | 1 Devolutions | 1 Remote Desktop Manager | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Devolutions Remote Desktop Manager before 2020.2.12. There is a cross-site scripting (XSS) vulnerability in webviews. | |||||
| CVE-2021-28157 | 1 Devolutions | 1 Devolutions Server | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
| An SQL Injection issue in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows an administrative user to execute arbitrary SQL commands via a username in api/security/userinfo/delete. | |||||
| CVE-2021-23925 | 1 Devolutions | 1 Devolutions Server | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Devolutions Server before 2020.3. There is a cross-site scripting (XSS) vulnerability in entries of type Document. | |||||
| CVE-2021-23924 | 1 Devolutions | 1 Devolutions Server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Devolutions Server before 2020.3. There is an exposure of sensitive information in diagnostic files. | |||||
| CVE-2021-23923 | 1 Devolutions | 1 Devolutions Server | 2024-02-28 | 4.9 MEDIUM | 8.1 HIGH |
| An issue was discovered in Devolutions Server before 2020.3. There is Broken Authentication with Windows domain users. | |||||
| CVE-2021-28048 | 1 Devolutions | 1 Devolutions Server | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| An overly permissive CORS policy in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2021-23921 | 1 Devolutions | 1 Devolutions Server | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in Devolutions Server before 2020.3. There is broken access control on Password List entry elements. | |||||
| CVE-2021-28047 | 1 Devolutions | 1 Remote Desktop Manager | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-Site Scripting (XSS) in Administrative Reports in Devolutions Remote Desktop Manager before 2021.1 allows remote authenticated users to inject arbitrary web script or HTML via multiple input fields. | |||||
| CVE-2020-36211 | 1 Devolutions | 1 Gfwx | 2024-02-28 | 4.4 MEDIUM | 7.0 HIGH |
| An issue was discovered in the gfwx crate before 0.3.0 for Rust. Because ImageChunkMut does not have bounds on its Send trait or Sync trait, a data race and memory corruption can occur. | |||||