809 matches found
CVE-2021-28048
The CVE-2021-28048 entry concerns Devolutions Server (versions prior to 2021.1 and Devolutions Server LTS prior to 2020.3.18). The root cause is an overly permissive Cross-Origin Resource Sharing (CORS) policy that allows a remote attacker to leak cross-origin data via a specially crafted HTML pa...
CVE-2021-28048
An overly permissive CORS policy in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows a remote attacker to leak cross-origin data via a crafted HTML page...
Devolutions Server SQL注入漏洞
Devolutions Server is an application from Devolutions Canada. It provides a full-featured shared account and password management solution. A SQL injection vulnerability exists in Devolutions Server versions prior to 2021.1and Devolutions Server LTS versions prior to 2020.3.18, which can be...
Devolutions Server 访问控制错误漏洞
Devolutions Server is an application from Devolutions Canada. It provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server versions prior to 2021.1 and Devolutions Server LTS versions prior to 2020.3.18, which allows remote...
Devolutions Server Cross-Site Scripting Vulnerability
Devolutions Server is a local management solution that helps organizations control access to privileged accounts and business user passwords. A cross-site scripting vulnerability exists in Devolutions Server versions prior to 2020.3 in entries of type "Document", which can be exploited by an...
Devolutions Server Information Disclosure Vulnerability
Devolutions Server is a local management solution that helps organizations control access to privileged accounts and business user passwords. An information disclosure vulnerability exists in Devolutions Server versions prior to 2020.3, which can be exploited by an attacker to obtain sensitive...
CVE-2021-23924
An issue was discovered in Devolutions Server before 2020.3. There is an exposure of sensitive information in diagnostic files...
CVE-2021-23925
An issue was discovered in Devolutions Server before 2020.3. There is a cross-site scripting XSS vulnerability in entries of type Document...
CVE-2021-23921
An issue was discovered in Devolutions Server before 2020.3. There is broken access control on Password List entry elements...
CVE-2021-23925
An issue was discovered in Devolutions Server before 2020.3. There is a cross-site scripting XSS vulnerability in entries of type Document...
CVE-2021-23924
An issue was discovered in Devolutions Server before 2020.3. There is an exposure of sensitive information in diagnostic files...
CVE-2021-23923
An issue was discovered in Devolutions Server before 2020.3. There is Broken Authentication with Windows domain users...
CVE-2021-23923
An issue was discovered in Devolutions Server before 2020.3. There is Broken Authentication with Windows domain users...
CVE-2021-23921
An issue was discovered in Devolutions Server before 2020.3. There is broken access control on Password List entry elements...
Cross site scripting
An issue was discovered in Devolutions Server before 2020.3. There is a cross-site scripting XSS vulnerability in entries of type Document...
Authentication flaw
An issue was discovered in Devolutions Server before 2020.3. There is Broken Authentication with Windows domain users...
Information disclosure
An issue was discovered in Devolutions Server before 2020.3. There is an exposure of sensitive information in diagnostic files...
Improper access control
An issue was discovered in Devolutions Server before 2020.3. There is broken access control on Password List entry elements...
CVE-2021-23925
Devolutions Server (prior to version 2020.3) contains a cross-site scripting (XSS) vulnerability in Document entries. The issue affects the Document-type data handling and allows injecting JavaScript code, as described across multiple CVE references (CVE-2021-23925) with CVSS v3.1 base score 6.1 ...
CVE-2021-23924
An issue was discovered in Devolutions Server before 2020.3. There is an exposure of sensitive information in diagnostic files...