CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-0589
https://notcve.org/view.php?id=CVE-2024-0589
31 Jan 2024 — Cross-site scripting (XSS) vulnerability in the entry overview tab in Devolutions Remote Desktop Manager 2023.3.36 and earlier on Windows allows an attacker with access to a data source to inject a malicious script via a specially crafted input in an entry. Vulnerabilidad de cross site scripting (XSS) en la pestaña de descripción general de la entrada en Devolutions Remote Desktop Manager 2023.3.36 y versiones anteriores en Windows permite a un atacante con acceso a una fuente de datos inyectar un script ma... • https://devolutions.net/security/advisories/DEVO-2024-0001 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-7047
https://notcve.org/view.php?id=CVE-2023-7047
21 Dec 2023 — Inadequate validation of permissions when employing remote tools and macros via the context menu within Devolutions Remote Desktop Manager versions 2023.3.31 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature. This affects only SQL data sources. La validación inadecuada de permisos al emplear herramientas remotas y macros a través del menú contextual dentro de las versiones 2023.3.31 y anteriores de Devolutions Remote Desktop Manager permite a un... • https://devolutions.net/security/advisories/DEVO-2023-0024 • CWE-863: Incorrect Authorization •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-6593
https://notcve.org/view.php?id=CVE-2023-6593
12 Dec 2023 — Client side permission bypass in Devolutions Remote Desktop Manager 2023.3.4.0 and earlier on iOS allows an attacker that has access to the application to execute entries in a SQL data source without restriction. La omisión de permisos del lado del cliente en Devolutions Remote Desktop Manager 2023.3.4.0 y versiones anteriores en iOS permite a un atacante que tiene acceso a la aplicación ejecutar entradas en una fuente de datos SQL sin restricciones. • https://devolutions.net/security/advisories/DEVO-2023-0023 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-6288
https://notcve.org/view.php?id=CVE-2023-6288
06 Dec 2023 — Code injection in Remote Desktop Manager 2023.3.9.3 and earlier on macOS allows an attacker to execute code via the DYLIB_INSERT_LIBRARIES environment variable. La inyección de código en Remote Desktop Manager 2023.3.9.3 y versiones anteriores en macOS permite a un atacante ejecutar código a través de la variable de entorno DYLIB_INSERT_LIBRARIES. • https://devolutions.net/security/advisories/DEVO-2023-0021 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-5765
https://notcve.org/view.php?id=CVE-2023-5765
01 Nov 2023 — Improper access control in the password analyzer feature in Devolutions Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to bypass permissions via data source switching. El control de acceso inadecuado en la función de analizador de contraseñas en Devolutions Remote Desktop Manager 2023.2.33 y versiones anteriores en Windows permite a un atacante omitir los permisos mediante el cambio de fuente de datos. • https://devolutions.net/security/advisories/DEVO-2023-0019 •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-5766
https://notcve.org/view.php?id=CVE-2023-5766
01 Nov 2023 — A remote code execution vulnerability in Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to remotely execute code from another windows user session on the same host via a specially crafted TCP packet. Una vulnerabilidad de ejecución remota de código en Remote Desktop Manager 2023.2.33 y versiones anteriores en Windows permite a un atacante ejecutar código de forma remota desde otra sesión de usuario de Windows en el mismo host a través de un paquete TCP especialmente manipulado. • https://devolutions.net/security/advisories/DEVO-2023-0019 •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4417
https://notcve.org/view.php?id=CVE-2023-4417
21 Aug 2023 — Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 2023.2.19 and earlier versions on Windows allows an authenticated user, under specific circumstances, to inadvertently share their personal vault entry with shared vaults via an incorrect vault in the duplication write process. • https://devolutions.net/security/advisories/DEVO-2023-0015 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4373
https://notcve.org/view.php?id=CVE-2023-4373
21 Aug 2023 — Inadequate validation of permissions when employing remote tools and macros within Devolutions Remote Desktop Manager versions 2023.2.19 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature. • https://devolutions.net/security/advisories/DEVO-2023-0015 • CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-2282
https://notcve.org/view.php?id=CVE-2023-2282
25 Apr 2023 — Improper access control in the Web Login listener in Devolutions Remote Desktop Manager 2023.1.22 and earlier on Windows allows an authenticated user to bypass administrator-enforced Web Login restrictions and gain access to entries via an unexpected vector. • https://devolutions.net/security/advisories/DEVO-2023-0012 •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-1939 – No access control for the OTP key on OTP entries
https://notcve.org/view.php?id=CVE-2023-1939
11 Apr 2023 — No access control for the OTP key on OTP entries in Devolutions Remote Desktop Manager Windows 2022.3.33.0 and prior versions and Remote Desktop Manager Linux 2022.3.2.0 and prior versions allows non admin users to see OTP keys via the user interface. • https://devolutions.net/security/advisories/DEVO-2023-0009 • CWE-732: Incorrect Permission Assignment for Critical Resource •