1223 matches found
CVE-2021-42098
An incomplete permission check on entries in Devolutions Remote Desktop Manager before 2021.2.16 allows attackers to bypass permissions via batch custom PowerShell...
Design/Logic Flaw
An incomplete permission check on entries in Devolutions Remote Desktop Manager before 2021.2.16 allows attackers to bypass permissions via batch custom PowerShell...
CVE-2021-42098
CVE-2021-42098 affects Devolutions Remote Desktop Manager; there is an incomplete permission check on entries prior to version 2021.2.16, allowing permission bypass via batch custom PowerShell. The available connected documents indicate the issue stems from improper access control rather than a v...
CVE-2021-42098
An incomplete permission check on entries in Devolutions Remote Desktop Manager before 2021.2.16 allows attackers to bypass permissions via batch custom PowerShell...
Devolutions Remote Desktop Manager 安全漏洞
Devolutions Remote Desktop Manager is an application from Devolutions Canada. It provides remote desktop management functionality. A security vulnerability exists in Devolutions Remote Desktop Manager, which stems from incomplete permission checking of entries in the "Transfer Remote Desktop...
CVE-2021-36382
Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint which accepts cleartext...
CVE-2021-36382
Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint which accepts cleartext...
Design/Logic Flaw
Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint which accepts cleartext...
CVE-2021-36382
Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint which accepts cleartext...
CVE-2021-36382
Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint which accepts cleartext...
CVE-2021-36382
CVE-2021-36382 affects Devolutions Server prior to 2021.1.18 and LTS prior to 2020.3.20. The issue allows interception of private keys via a man-in-the-middle attack against the connections/partial endpoint, which accepts plaintext. Affected components and exact root cause are described across mu...
Devolutions Server 信任管理问题漏洞
Devolutions Server is an application from Devolutions Canada. It provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server that originates in Devolutions Server prior to 2021.1.18 and LTS prior to 2020.3.20 that intercepts...
Devolutions Server Authorization Issues Vulnerability
Devolutions Server is an application from Devolutions Canada. It provides a full-featured shared account and password management solution. An authorization issue vulnerability exists in Devolutions Server versions prior to 2020.3 that stems from an authentication outage for Windows domain users. ...
Devolutions Server SQL Injection Vulnerability
Devolutions Server is an application from Devolutions Canada. It provides a full-featured shared account and password management solution. A SQL injection vulnerability exists in Devolutions Server versions prior to 2021.1and Devolutions Server LTS versions prior to 2020.3.18, which can be...
CVE-2021-28157
An SQL Injection issue in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows an administrative user to execute arbitrary SQL commands via a username in api/security/userinfo/delete...
CVE-2021-28048
An overly permissive CORS policy in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows a remote attacker to leak cross-origin data via a crafted HTML page...
CVE-2021-28157
An SQL Injection issue in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows an administrative user to execute arbitrary SQL commands via a username in api/security/userinfo/delete...
CVE-2021-28048
An overly permissive CORS policy in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows a remote attacker to leak cross-origin data via a crafted HTML page...
Design/Logic Flaw
An overly permissive CORS policy in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows a remote attacker to leak cross-origin data via a crafted HTML page...
Sql injection
An SQL Injection issue in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows an administrative user to execute arbitrary SQL commands via a username in api/security/userinfo/delete...