CVE-2024-12151

Incorrect permission assignment in the user migration feature in Devolutions Server 2024.3.8.0 and earlier allows users to retain their old permission sets...

CVE-2024-12196

Incorrect authorization in the permission component in Devolutions Server 2024.3.7.0 and earlier allows an authenticated user to view the password history of an entry without the view password permission...

CVE-2024-12196

CVE-2024-12196 affects Devolutions Server 2024.3.7.0 and earlier due to incorrect authorization in the permissions component, allowing an authenticated user to view the password history of an entry without the view password permission. Documents identify the affected software and the underlying c...

CVE-2024-12196

Incorrect authorization in the permission component in Devolutions Server 2024.3.7.0 and earlier allows an authenticated user to view the password history of an entry without the view password permission...

Devolutions Server 产品安全漏洞

Devolutions Server is an application from Devolutions Canada Inc. which provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server version 2024.3.8.0 and prior versions, which stems from an incorrect assignment of privileges in...

Devolutions Remote Desktop Manager 安全漏洞

Devolutions Remote Desktop Manager is an application from Devolutions Canada Inc. It provides remote desktop management functionality. A security vulnerability exists in Devolutions Remote Desktop Manager version 2024.3.19.0 and prior versions, which stems from an incorrect assignment of privileg...

Devolutions Server 安全漏洞

Devolutions Server is an application from Devolutions Canada Inc. which provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server version 2024.3.6.0 and prior versions, which stems from incorrect authorization of the Privilege...

PT-2024-17483 · Devolutions · Devolutions Server

Name of the Vulnerable Software and Affected Versions: Devolutions Server versions 2024.3.7.0 and earlier Description: The issue is related to incorrect authorization in the permission component, allowing an authenticated user to view the password history of an entry without having the necessary...

PT-2024-17457 · Devolutions · Devolutions Remote Desktop Manager

Name of the Vulnerable Software and Affected Versions: Devolutions Remote Desktop Manager versions 2024.3.19.0 and earlier Description: The issue is related to incorrect permission assignment in the temporary access requests component, allowing an authenticated user to obtain more privileges than...

PT-2024-17459 · Devolutions · Devolutions Server

Name of the Vulnerable Software and Affected Versions: Devolutions Server versions 2024.3.8.0 and earlier Description: The issue is related to incorrect permission assignment in the user migration feature, allowing users to retain their old permission sets. This affects the security of the system...

Devolutions Server 安全漏洞

Devolutions Server is an application from Devolutions Canada Inc. which provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server version 2024.3.7.0 and prior versions, which stems from incorrect authorization of the permission...

CVE-2024-11862

Non constant time cryptographic operation in Devolutions.XTS.NET 2024.11.19 and earlier allows an attacker to render half of the encryption key obsolete via a timing attacks...

Devolutions XTS.NET 安全漏洞

Devolutions XTS.NET is a pure C implementation of the XTS encryption model from Devolutions Canada, primarily used for disk encryption. A security vulnerability exists in Devolutions XTS.NET version 2024.11.19 and earlier versions that stems from the use of non-constant time encryption operations...

PT-2024-17301 · Devolutions · Devolutions.Xts.Net

Name of the Vulnerable Software and Affected Versions: Devolutions.XTS.NET versions 2024.11.19 and earlier Description: The issue concerns a non-constant time cryptographic operation, which can be exploited via timing attacks. This allows an attacker to render half of the encryption key obsolete...

CVE-2024-11671

Improper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager 2024.3.17 and earlier on Windows allows an authenticated user to bypass the MFA validation via data source switching...

CVE-2024-11671

Improper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager 2024.3.17 and earlier on Windows allows an authenticated user to bypass the MFA validation via data source switching...

CVE-2024-11672

Incorrect authorization in the add permission component in Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows an authenticated malicious user to bypass the "Add" permission via the import in vault feature...

CVE-2024-11670

Incorrect authorization in the permission validation component of Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows a malicious authenticated user to bypass the "View Password" permission via specific actions...

CVE-2024-11670

Incorrect authorization in the permission validation component of Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows a malicious authenticated user to bypass the "View Password" permission via specific actions...

CVE-2024-11670

The CVE-2024-11670 issue affects Devolutions Remote Desktop Manager (Windows) versions 2024.2.21 and earlier, due to incorrect authorization in the permission validation component that lets an authenticated user bypass the View Password permission. Documents from Red Hat, Tenable Nessus, CVE list...