Page 10 of 54 results (0.005 seconds)

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0

CVE-2021-28157

https://notcve.org/view.php?id=CVE-2021-28157

An SQL Injection issue in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows an administrative user to execute arbitrary SQL commands via a username in api/security/userinfo/delete. Un problema de inyección SQL en Devolutions Server versiones anteriores a 2021.1 y Devolutions Server LTS versiones anteriores a 2020.3.18, permite a un usuario administrativo ejecutar comandos SQL arbitrarios por medio de un nombre de usuario en api/security/userinfo/delete • https://devolutions.net/security/advisories/DEVO-2021-0004 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2021-28048

https://notcve.org/view.php?id=CVE-2021-28048

An overly permissive CORS policy in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows a remote attacker to leak cross-origin data via a crafted HTML page. Una política CORS demasiado permisiva en Devolutions Server versiones anteriores a 2021.1 y Devolutions Server LTS versiones anteriores a 2020.3.18, permite a un atacante remoto filtrar datos de origen cruzado por medio de una página HTML diseñada • https://devolutions.net/security/advisories/DEVO-2021-0004 • CWE-346: Origin Validation Error •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-23922

https://notcve.org/view.php?id=CVE-2021-23922

An issue was discovered in Devolutions Remote Desktop Manager before 2020.2.12. There is a cross-site scripting (XSS) vulnerability in webviews. Se detectó un problema en Devolutions Remote Desktop Manager versiones anteriores a 2020.2.12. Se presenta una vulnerabilidad de tipo cross-site scripting en las vistas web. • https://devolutions.net/security/advisories/devo-2021-0001 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-23925

https://notcve.org/view.php?id=CVE-2021-23925

An issue was discovered in Devolutions Server before 2020.3. There is a cross-site scripting (XSS) vulnerability in entries of type Document. Se detectó un problema en Devolutions Server versiones anteriores a 2020.3. Se presenta una vulnerabilidad de tipo cross-site scripting en las entradas de tipo Documento. • https://devolutions.net/security/advisories/devo-2021-0002 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-23924

https://notcve.org/view.php?id=CVE-2021-23924

An issue was discovered in Devolutions Server before 2020.3. There is an exposure of sensitive information in diagnostic files. Se detectó un problema en Devolutions Server versiones anteriores a 2020.3. Se presenta una exposición de información confidencial en archivos de diagnóstico. • https://devolutions.net/security/advisories/devo-2021-0002 • CWE-532: Insertion of Sensitive Information into Log File •