Filtered by vendor Devolutions
Subscribe
Total
100 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-2499 | 1 Devolutions | 1 Remote Desktop Manager | 2025-07-02 | N/A | 5.4 MEDIUM |
| Client side access control bypass in the permission component in Devolutions Remote Desktop Manager on Windows. An authenticated user can exploit this flaw to bypass certain permission restrictions—specifically View Password, Edit Asset, and Edit Permissions by performing specific actions. This issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29. | |||||
| CVE-2025-2528 | 1 Devolutions | 1 Remote Desktop Manager | 2025-07-02 | N/A | 3.6 LOW |
| Improper authorization in application password policy in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a configuration different from the one mandated by the system administrators. This issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29. | |||||
| CVE-2025-2562 | 1 Devolutions | 1 Remote Desktop Manager | 2025-07-02 | N/A | 5.4 MEDIUM |
| Insufficient logging in the autotyping feature in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a stored password without generating a corresponding log event, via the use of the autotyping functionality. This issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29. | |||||
| CVE-2025-2600 | 1 Devolutions | 1 Remote Desktop Manager | 2025-07-02 | N/A | 6.8 MEDIUM |
| Improper authorization in the variable component in Devolutions Remote Desktop Manager on Windows allows an authenticated password to use the ELEVATED_PASSWORD variable even though not allowed by the "Allow password in variable policy". This issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29. | |||||
| CVE-2025-5334 | 1 Devolutions | 1 Remote Desktop Manager | 2025-07-02 | N/A | 7.5 HIGH |
| Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager allows an authenticated user to gain unauthorized access to private personal information. Under specific circumstances, entries may be unintentionally moved from user vaults to shared vaults when edited by their owners, making them accessible to other users. This issue affects the following versions : * Remote Desktop Manager Windows 2025.1.34.0 and earlier * Remote Desktop Manager macOS 2025.1.16.3 and earlier * Remote Desktop Manager Android 2025.1.3.3 and earlier * Remote Desktop Manager iOS 2025.1.6.0 and earlier | |||||
| CVE-2025-4433 | 1 Devolutions | 1 Devolutions Server | 2025-07-02 | N/A | 8.8 HIGH |
| Improper access control in user group management in Devolutions Server 2025.1.7.0 and earlier allows a non-administrative user with both "User Management" and "User Group Management" permissions to perform privilege escalation by adding users to groups with administrative privileges. | |||||
| CVE-2025-5382 | 1 Devolutions | 1 Devolutions Server | 2025-07-02 | N/A | 6.8 MEDIUM |
| Improper access control in users MFA feature in Devolutions Server 2025.1.7.0 and earlier allows a user with user management permission to remove or change administrators MFA. | |||||
| CVE-2025-0691 | 1 Devolutions | 1 Devolutions Server | 2025-07-02 | N/A | 5.0 MEDIUM |
| Improper access control in permissions component in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the "Edit permission" permission by bypassing the client side validation. | |||||
| CVE-2025-3768 | 1 Devolutions | 1 Devolutions Server | 2025-07-02 | N/A | 5.0 MEDIUM |
| Improper access control in Tor network blocking feature in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the tor blocking feature when the Devolutions hosted endpoint is not reachable. | |||||
| CVE-2024-10971 | 1 Devolutions | 1 Devolutions Server | 2025-06-27 | N/A | 4.3 MEDIUM |
| Improper access control in the Password History feature in Devolutions DVLS 2024.3.6 and earlier allows a malicious authenticated user to obtain sensitive data via faulty permission. | |||||
| CVE-2024-2241 | 1 Devolutions | 1 Workspace | 2025-06-27 | N/A | 6.3 MEDIUM |
| Improper access control in the user interface in Devolutions Workspace 2024.1.0 and earlier allows an authenticated user to perform unintended actions via specific permissions | |||||
| CVE-2025-4493 | 1 Devolutions | 1 Devolutions Server | 2025-06-25 | N/A | 6.5 MEDIUM |
| Improper privilege assignment in PAM JIT privilege sets in Devolutions Server allows a PAM user to perform PAM JIT requests on unauthorized groups by exploiting a user interface issue. This issue affects the following versions : * Devolutions Server 2025.1.3.0 through 2025.1.7.0 * Devolutions Server 2024.3.15.0 and earlier | |||||
| CVE-2025-3517 | 1 Devolutions | 1 Devolutions Server | 2025-06-17 | N/A | 6.3 MEDIUM |
| Incorrect privilege assignment in PAM JIT elevation feature in Devolutions Server 2025.1.5.0 and earlier allows a PAM user to elevate a previously configured user configured in a PAM JIT account via failure to update the internal account’s SID when updating the username. | |||||
| CVE-2025-4316 | 1 Devolutions | 1 Devolutions Server | 2025-06-17 | N/A | 4.3 MEDIUM |
| Improper access control in PAM feature in Devolutions Server allows a PAM user to self approve their PAM requests even if disallowed by the configured policy via specific user interface actions. This issue affects Devolutions Server versions from 2025.1.3.0 through 2025.1.6.0, and all versions up to 2024.3.15.0. | |||||
| CVE-2024-0589 | 2 Devolutions, Microsoft | 2 Remote Desktop Manager, Windows | 2025-06-09 | N/A | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the entry overview tab in Devolutions Remote Desktop Manager 2023.3.36 and earlier on Windows allows an attacker with access to a data source to inject a malicious script via a specially crafted input in an entry. | |||||
| CVE-2022-3781 | 1 Devolutions | 2 Devolutions Server, Remote Desktop Manager | 2025-05-05 | N/A | 6.5 MEDIUM |
| Dashlane password and Keepass Server password in My Account Settings are not encrypted in the database in Devolutions Remote Desktop Manager 2022.2.26 and prior versions and Devolutions Server 2022.3.1 and prior versions which allows database users to read the data. This issue affects : Remote Desktop Manager 2022.2.26 and prior versions. Devolutions Server 2022.3.1 and prior versions. | |||||
| CVE-2022-3780 | 1 Devolutions | 1 Remote Desktop Manager | 2025-05-05 | N/A | 7.5 HIGH |
| Database connections on deleted users could stay active on MySQL data sources in Remote Desktop Manager 2022.3.7 and below which allow deleted users to access unauthorized data. This issue affects : Remote Desktop Manager 2022.3.7 and prior versions. | |||||
| CVE-2022-3641 | 1 Devolutions | 1 Remote Desktop Manager | 2025-04-23 | N/A | 8.8 HIGH |
| Elevation of privilege in the Azure SQL Data Source in Devolutions Remote Desktop Manager 2022.3.13 to 2022.3.24 allows an authenticated user to spoof a privileged account. | |||||
| CVE-2022-4287 | 1 Devolutions | 1 Remote Desktop Manager | 2025-04-14 | N/A | 8.8 HIGH |
| Authentication bypass in local application lock feature in Devolutions Remote Desktop Manager 2022.3.26 and earlier on Windows allows malicious user to access the application. | |||||
| CVE-2022-26964 | 1 Devolutions | 1 Remote Desktop Manager | 2025-04-14 | N/A | 7.4 HIGH |
| Weak password derivation for export in Devolutions Remote Desktop Manager before 2022.1 allows information disclosure via a password brute-force attack. An error caused base64 to be decoded. | |||||