CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2021-28157
https://notcve.org/view.php?id=CVE-2021-28157
14 Apr 2021 — An SQL Injection issue in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows an administrative user to execute arbitrary SQL commands via a username in api/security/userinfo/delete. Un problema de inyección SQL en Devolutions Server versiones anteriores a 2021.1 y Devolutions Server LTS versiones anteriores a 2020.3.18, permite a un usuario administrativo ejecutar comandos SQL arbitrarios por medio de un nombre de usuario en api/security/userinfo/delete • https://devolutions.net/security/advisories/DEVO-2021-0004 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-28048
https://notcve.org/view.php?id=CVE-2021-28048
14 Apr 2021 — An overly permissive CORS policy in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows a remote attacker to leak cross-origin data via a crafted HTML page. Una política CORS demasiado permisiva en Devolutions Server versiones anteriores a 2021.1 y Devolutions Server LTS versiones anteriores a 2020.3.18, permite a un atacante remoto filtrar datos de origen cruzado por medio de una página HTML diseñada • https://devolutions.net/security/advisories/DEVO-2021-0004 • CWE-346: Origin Validation Error •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23922
https://notcve.org/view.php?id=CVE-2021-23922
01 Apr 2021 — An issue was discovered in Devolutions Remote Desktop Manager before 2020.2.12. There is a cross-site scripting (XSS) vulnerability in webviews. Se detectó un problema en Devolutions Remote Desktop Manager versiones anteriores a 2020.2.12. Se presenta una vulnerabilidad de tipo cross-site scripting en las vistas web. • https://devolutions.net/security/advisories/devo-2021-0001 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23925
https://notcve.org/view.php?id=CVE-2021-23925
01 Apr 2021 — An issue was discovered in Devolutions Server before 2020.3. There is a cross-site scripting (XSS) vulnerability in entries of type Document. Se detectó un problema en Devolutions Server versiones anteriores a 2020.3. Se presenta una vulnerabilidad de tipo cross-site scripting en las entradas de tipo Documento. • https://devolutions.net/security/advisories/devo-2021-0002 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23924
https://notcve.org/view.php?id=CVE-2021-23924
01 Apr 2021 — An issue was discovered in Devolutions Server before 2020.3. There is an exposure of sensitive information in diagnostic files. Se detectó un problema en Devolutions Server versiones anteriores a 2020.3. Se presenta una exposición de información confidencial en archivos de diagnóstico. • https://devolutions.net/security/advisories/devo-2021-0002 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23921
https://notcve.org/view.php?id=CVE-2021-23921
01 Apr 2021 — An issue was discovered in Devolutions Server before 2020.3. There is broken access control on Password List entry elements. Se detectó un problema en Devolutions Server versiones anteriores a 2020.3. Se presenta un control de acceso roto en los elementos de entrada de la Lista de Contraseñas. • https://devolutions.net/security/advisories/devo-2021-0002 •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23923
https://notcve.org/view.php?id=CVE-2021-23923
01 Apr 2021 — An issue was discovered in Devolutions Server before 2020.3. There is Broken Authentication with Windows domain users. Se detectó un problema en Devolutions Server versiones anteriores a 2020.3. Se presenta una autenticación rota con los usuarios del dominio de Windows. • https://devolutions.net/security/advisories/devo-2021-0002 • CWE-287: Improper Authentication •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-28047
https://notcve.org/view.php?id=CVE-2021-28047
01 Apr 2021 — Cross-Site Scripting (XSS) in Administrative Reports in Devolutions Remote Desktop Manager before 2021.1 allows remote authenticated users to inject arbitrary web script or HTML via multiple input fields. Cross-Site Scripting (XSS) en Administrative Reports en Devolutions Remote Desktop Manager versiones anteriores a 2021.1, permite a los usuarios autenticados remotamente inyectar scripts web o HTML arbitrarios a través de múltiples campos de entrada. • https://devolutions.net/security/advisories/devo-2021-0003 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36211
https://notcve.org/view.php?id=CVE-2020-36211
22 Jan 2021 — An issue was discovered in the gfwx crate before 0.3.0 for Rust. Because ImageChunkMut does not have bounds on its Send trait or Sync trait, a data race and memory corruption can occur. Se detectó un problema en la crate gfwx versiones anteriores a 0.3.0 para Rust. Debido a que ImageChunkMut no posee límites en su atributo Send o Sync, una carrera de datos y corrupción de la memoria puede ocurrir • https://rustsec.org/advisories/RUSTSEC-2020-0104.html • CWE-662: Improper Synchronization CWE-787: Out-of-bounds Write •