CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-6288
https://notcve.org/view.php?id=CVE-2023-6288
06 Dec 2023 — Code injection in Remote Desktop Manager 2023.3.9.3 and earlier on macOS allows an attacker to execute code via the DYLIB_INSERT_LIBRARIES environment variable. La inyección de código en Remote Desktop Manager 2023.3.9.3 y versiones anteriores en macOS permite a un atacante ejecutar código a través de la variable de entorno DYLIB_INSERT_LIBRARIES. • https://devolutions.net/security/advisories/DEVO-2023-0021 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6264
https://notcve.org/view.php?id=CVE-2023-6264
22 Nov 2023 — Information leak in Content-Security-Policy header in Devolutions Server 2023.3.7.0 allows an unauthenticated attacker to list the configured Devolutions Gateways endpoints. La fuga de información en el encabezado Content-Security-Policy en Devolutions Server 2023.3.7.0 permite a un atacante no autenticado enumerar los endpoints de Devolutions Gateways configurados. • https://devolutions.net/security/advisories/DEVO-2023-0020 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5358
https://notcve.org/view.php?id=CVE-2023-5358
01 Nov 2023 — Improper access control in Report log filters feature in Devolutions Server 2023.2.10.0 and earlier allows attackers to retrieve logs from vaults or entries they are not allowed to access via the report request url query parameters. El control de acceso inadecuado en la función de filtros de registro de informes en Devolutions Server 2023.2.10.0 y versiones anteriores permite a los atacantes recuperar registros de bóvedas o entradas a las que no pueden acceder a través de los parámetros de consulta de la UR... • https://devolutions.net/security/advisories/DEVO-2023-0019 •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-5765
https://notcve.org/view.php?id=CVE-2023-5765
01 Nov 2023 — Improper access control in the password analyzer feature in Devolutions Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to bypass permissions via data source switching. El control de acceso inadecuado en la función de analizador de contraseñas en Devolutions Remote Desktop Manager 2023.2.33 y versiones anteriores en Windows permite a un atacante omitir los permisos mediante el cambio de fuente de datos. • https://devolutions.net/security/advisories/DEVO-2023-0019 •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-5766
https://notcve.org/view.php?id=CVE-2023-5766
01 Nov 2023 — A remote code execution vulnerability in Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to remotely execute code from another windows user session on the same host via a specially crafted TCP packet. Una vulnerabilidad de ejecución remota de código en Remote Desktop Manager 2023.2.33 y versiones anteriores en Windows permite a un atacante ejecutar código de forma remota desde otra sesión de usuario de Windows en el mismo host a través de un paquete TCP especialmente manipulado. • https://devolutions.net/security/advisories/DEVO-2023-0019 •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5575
https://notcve.org/view.php?id=CVE-2023-5575
16 Oct 2023 — Improper access control in the permission inheritance in Devolutions Server 2022.3.13.0 and earlier allows an attacker that compromised a low privileged user to access entries via a specific combination of permissions in the entry and in its parent. El control de acceso inadecuado en la herencia de permisos en Devolutions Server 2022.3.13.0 y versiones anteriores permite que un atacante que comprometió a un usuario con pocos privilegios acceda a las entradas a través de una combinación específica de permiso... • https://devolutions.net/security/advisories/DEVO-2023-0018 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5240
https://notcve.org/view.php?id=CVE-2023-5240
13 Oct 2023 — Improper access control in PAM propagation scripts in Devolutions Server 2023.2.8.0 and ealier allows an attack with permission to manage PAM propagation scripts to retrieve passwords stored in it via a GET request. El control de acceso inadecuado en los scripts de propagación de PAM en Devolutions Server 2023.2.8.0 y anteriores permite un ataque con permiso para administrar los scripts de propagación de PAM para recuperar las contraseñas almacenadas en él mediante una solicitud GET. • https://devolutions.net/security/advisories/DEVO-2023-0017 • CWE-284: Improper Access Control •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4417
https://notcve.org/view.php?id=CVE-2023-4417
21 Aug 2023 — Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 2023.2.19 and earlier versions on Windows allows an authenticated user, under specific circumstances, to inadvertently share their personal vault entry with shared vaults via an incorrect vault in the duplication write process. • https://devolutions.net/security/advisories/DEVO-2023-0015 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4373
https://notcve.org/view.php?id=CVE-2023-4373
21 Aug 2023 — Inadequate validation of permissions when employing remote tools and macros within Devolutions Remote Desktop Manager versions 2023.2.19 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature. • https://devolutions.net/security/advisories/DEVO-2023-0015 • CWE-287: Improper Authentication •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2400
https://notcve.org/view.php?id=CVE-2023-2400
20 Jun 2023 — Improper deletion of resource in the user management feature in Devolutions Server 2023.1.8 and earlier allows an administrator to view users vaults of deleted users via database access. • https://devolutions.net/security/advisories/DEVO-2023-0014 • CWE-459: Incomplete Cleanup •