Filtered by vendor Devolutions
Subscriptions
Filtered by product Devolutions Server
Subscriptions
Total
27 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-36382 | 1 Devolutions | 1 Devolutions Server | 2024-11-21 | 2.6 Low |
| Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint (which accepts cleartext). | ||||
| CVE-2021-28157 | 1 Devolutions | 1 Devolutions Server | 2024-11-21 | 7.2 High |
| An SQL Injection issue in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows an administrative user to execute arbitrary SQL commands via a username in api/security/userinfo/delete. | ||||
| CVE-2021-28048 | 1 Devolutions | 1 Devolutions Server | 2024-11-21 | 6.5 Medium |
| An overly permissive CORS policy in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2021-23925 | 1 Devolutions | 1 Devolutions Server | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Devolutions Server before 2020.3. There is a cross-site scripting (XSS) vulnerability in entries of type Document. | ||||
| CVE-2021-23924 | 1 Devolutions | 1 Devolutions Server | 2024-11-21 | 7.5 High |
| An issue was discovered in Devolutions Server before 2020.3. There is an exposure of sensitive information in diagnostic files. | ||||
| CVE-2021-23923 | 1 Devolutions | 1 Devolutions Server | 2024-11-21 | 8.1 High |
| An issue was discovered in Devolutions Server before 2020.3. There is Broken Authentication with Windows domain users. | ||||
| CVE-2021-23921 | 1 Devolutions | 1 Devolutions Server | 2024-11-21 | 9.1 Critical |
| An issue was discovered in Devolutions Server before 2020.3. There is broken access control on Password List entry elements. | ||||