CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3780
https://notcve.org/view.php?id=CVE-2022-3780
01 Nov 2022 — Database connections on deleted users could stay active on MySQL data sources in Remote Desktop Manager 2022.3.7 and below which allow deleted users to access unauthorized data. This issue affects : Remote Desktop Manager 2022.3.7 and prior versions. Las conexiones de bases de datos de usuarios eliminados podrían permanecer activas en fuentes de datos MySQL en Remote Desktop Manager 2022.3.7 y versiones anteriores, lo que permite a los usuarios eliminados acceder a datos no autorizados. Este problema afecta... • https://devolutions.net/security/advisories/DEVO-2022-0008 • CWE-284: Improper Access Control •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3182
https://notcve.org/view.php?id=CVE-2022-3182
13 Sep 2022 — Improper Access Control vulnerability in the Duo SMS two-factor of Devolutions Remote Desktop Manager 2022.2.14 and earlier allows attackers to bypass the application lock. This issue affects: Devolutions Remote Desktop Manager version 2022.2.14 and prior versions. Una vulnerabilidad de Control de Acceso Inapropiado en el doble factor Duo SMS de Devolutions Remote Desktop Manager 2022.2.14 y anteriores, permite a atacantes omitir un bloqueo de la aplicación. Este problema afecta a: Devolutions Remote Deskto... • https://devolutions.net/security/advisories/DEVO-2022-0007 • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33996
https://notcve.org/view.php?id=CVE-2022-33996
07 Jul 2022 — Incorrect permission management in Devolutions Server before 2022.2 allows a new user with a preexisting username to inherit the permissions of that previous user. Una administración incorrecta de permisos en Devolutions Server versiones anteriores a 2022.2, permite que un nuevo usuario con un nombre de usuario preexistente herede los permisos de ese usuario anterior • https://devolutions.net • CWE-276: Incorrect Default Permissions •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2316
https://notcve.org/view.php?id=CVE-2022-2316
06 Jul 2022 — HTML injection vulnerability in secure messages of Devolutions Server before 2022.2 allows attackers to alter the rendering of the page or redirect a user to another site. Una vulnerabilidad de inyección de HTML en los mensajes seguros de Devolutions Server versiones anteriores a 2022.2 permite a atacantes alterar la representación de la página o redirigir a un usuario a otro sitio • https://devolutions.net/security/advisories/DEVO-2022-0006 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2221
https://notcve.org/view.php?id=CVE-2022-2221
27 Jun 2022 — Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager before 2022.1.8 allows authenticated users to access credentials of other users. This issue affects: Devolutions Remote Desktop Manager versions prior to 2022.1.8. Una vulnerabilidad de exposición de información en My Account Settings de Devolutions Remote Desktop Manager versiones anteriores a 2022.1.8 permite a usuarios autenticados acceder a las credenciales de otros usuarios. Este problema afecta a: Devolutio... • https://devolutions.net/security/advisories/DEVO-2022-0004 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33995
https://notcve.org/view.php?id=CVE-2022-33995
21 Jun 2022 — A path traversal issue in entry attachments in Devolutions Remote Desktop Manager before 2022.2 allows attackers to create or overwrite files in an arbitrary location. Un problema de salto de ruta en los archivos adjuntos de entrada en Devolutions Remote Desktop Manager versiones anteriores a 2022.2, permite a atacantes crear o sobrescribir archivos en una ubicación arbitraria • https://devolutions.net • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-1342
https://notcve.org/view.php?id=CVE-2022-1342
15 Jun 2022 — A lack of password masking in Devolutions Remote Desktop Manager allows physically proximate attackers to observe sensitive data. A caching issue can cause sensitive fields to sometimes stay revealed when closing and reopening a panel, which could lead to involuntarily disclosing sensitive information. This issue affects: Devolutions Remote Desktop Manager 2022.1.24 version and prior versions. Una falta de enmascaramiento de contraseñas en Devolutions Remote Desktop Manager permite a atacantes físicamente p... • https://devolutions.net/security/advisories/DEVO-2022-0003 • CWE-522: Insufficiently Protected Credentials CWE-549: Missing Password Field Masking •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23849
https://notcve.org/view.php?id=CVE-2022-23849
03 Mar 2022 — The biometric lock in Devolutions Password Hub for iOS before 2021.3.4 allows attackers to access the application because of authentication bypass. An attacker must rapidly make failed biometric authentication attempts. • https://devolutions.net/security/advisories •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42098
https://notcve.org/view.php?id=CVE-2021-42098
18 Oct 2021 — An incomplete permission check on entries in Devolutions Remote Desktop Manager before 2021.2.16 allows attackers to bypass permissions via batch custom PowerShell. Una comprobación de permisos incompleta en las entradas de Devolutions Remote Desktop Manager versiones anteriores a 2021.2.16, permite a atacantes omitir los permisos por medio de PowerShell personalizado por lotes • https://devolutions.net • CWE-276: Incorrect Default Permissions •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-36382
https://notcve.org/view.php?id=CVE-2021-36382
12 Jul 2021 — Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint (which accepts cleartext). Devolutions Server versiones anteriores a 2021.1.18, y LTS versiones anteriores a 2020.3.20, permite a atacantes interceptar claves privadas por medio de un ataque man-in-the-middle contra el endpoint de conexiones/parcial (que acepta texto sin cifrar) • https://devolutions.net/security/advisories/DEVO-2021-0005 • CWE-319: Cleartext Transmission of Sensitive Information CWE-522: Insufficiently Protected Credentials •