CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0951
https://notcve.org/view.php?id=CVE-2023-0951
22 Feb 2023 — Improper access controls on some API endpoints in Devolutions Server 2022.3.12 and earlier could allow a standard privileged user to perform privileged actions. • https://devolutions.net/security/advisories/DEVO-2023-0003 •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0953
https://notcve.org/view.php?id=CVE-2023-0953
22 Feb 2023 — Insufficient input sanitization in the documentation feature of Devolutions Server 2022.3.12 and earlier allows an authenticated attacker to perform an SQL Injection, potentially resulting in unauthorized access to system resources. • https://devolutions.net/security/advisories/DEVO-2023-0003 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0661
https://notcve.org/view.php?id=CVE-2023-0661
03 Feb 2023 — Improper access control in Devolutions Server allows an authenticated user to access unauthorized sensitive data. • https://devolutions.net/security/advisories/DEVO-2023-0002 •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-3781
https://notcve.org/view.php?id=CVE-2022-3781
01 Nov 2022 — Dashlane password and Keepass Server password in My Account Settings are not encrypted in the database in Devolutions Remote Desktop Manager 2022.2.26 and prior versions and Devolutions Server 2022.3.1 and prior versions which allows database users to read the data. This issue affects : Remote Desktop Manager 2022.2.26 and prior versions. Devolutions Server 2022.3.1 and prior versions. La contraseña de Dashlane y la contraseña del Keepass Server en My Account Settings no están cifradas en la base de datos e... • https://devolutions.net/security/advisories/DEVO-2022-0009 • CWE-311: Missing Encryption of Sensitive Data CWE-522: Insufficiently Protected Credentials •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33996
https://notcve.org/view.php?id=CVE-2022-33996
07 Jul 2022 — Incorrect permission management in Devolutions Server before 2022.2 allows a new user with a preexisting username to inherit the permissions of that previous user. Una administración incorrecta de permisos en Devolutions Server versiones anteriores a 2022.2, permite que un nuevo usuario con un nombre de usuario preexistente herede los permisos de ese usuario anterior • https://devolutions.net • CWE-276: Incorrect Default Permissions •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2316
https://notcve.org/view.php?id=CVE-2022-2316
06 Jul 2022 — HTML injection vulnerability in secure messages of Devolutions Server before 2022.2 allows attackers to alter the rendering of the page or redirect a user to another site. Una vulnerabilidad de inyección de HTML en los mensajes seguros de Devolutions Server versiones anteriores a 2022.2 permite a atacantes alterar la representación de la página o redirigir a un usuario a otro sitio • https://devolutions.net/security/advisories/DEVO-2022-0006 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-36382
https://notcve.org/view.php?id=CVE-2021-36382
12 Jul 2021 — Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint (which accepts cleartext). Devolutions Server versiones anteriores a 2021.1.18, y LTS versiones anteriores a 2020.3.20, permite a atacantes interceptar claves privadas por medio de un ataque man-in-the-middle contra el endpoint de conexiones/parcial (que acepta texto sin cifrar) • https://devolutions.net/security/advisories/DEVO-2021-0005 • CWE-319: Cleartext Transmission of Sensitive Information CWE-522: Insufficiently Protected Credentials •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2021-28157
https://notcve.org/view.php?id=CVE-2021-28157
14 Apr 2021 — An SQL Injection issue in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows an administrative user to execute arbitrary SQL commands via a username in api/security/userinfo/delete. Un problema de inyección SQL en Devolutions Server versiones anteriores a 2021.1 y Devolutions Server LTS versiones anteriores a 2020.3.18, permite a un usuario administrativo ejecutar comandos SQL arbitrarios por medio de un nombre de usuario en api/security/userinfo/delete • https://devolutions.net/security/advisories/DEVO-2021-0004 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-28048
https://notcve.org/view.php?id=CVE-2021-28048
14 Apr 2021 — An overly permissive CORS policy in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows a remote attacker to leak cross-origin data via a crafted HTML page. Una política CORS demasiado permisiva en Devolutions Server versiones anteriores a 2021.1 y Devolutions Server LTS versiones anteriores a 2020.3.18, permite a un atacante remoto filtrar datos de origen cruzado por medio de una página HTML diseñada • https://devolutions.net/security/advisories/DEVO-2021-0004 • CWE-346: Origin Validation Error •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23925
https://notcve.org/view.php?id=CVE-2021-23925
01 Apr 2021 — An issue was discovered in Devolutions Server before 2020.3. There is a cross-site scripting (XSS) vulnerability in entries of type Document. Se detectó un problema en Devolutions Server versiones anteriores a 2020.3. Se presenta una vulnerabilidad de tipo cross-site scripting en las entradas de tipo Documento. • https://devolutions.net/security/advisories/devo-2021-0002 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •