Vulnerabilities > Devolutions > Remote Desktop Manager > High

DATE CVE VULNERABILITY TITLE RISK
2023-12-06 CVE-2023-6288 Code Injection vulnerability in Devolutions Remote Desktop Manager
Code injection in Remote Desktop Manager 2023.3.9.3 and earlier on macOS allows an attacker to execute code via the DYLIB_INSERT_LIBRARIES environment variable.
local
low complexity
devolutions CWE-94
7.8
2022-12-26 CVE-2022-26964 Improper Restriction of Excessive Authentication Attempts vulnerability in Devolutions Remote Desktop Manager
Weak password derivation for export in Devolutions Remote Desktop Manager before 2022.1 allows information disclosure via a password brute-force attack.
network
low complexity
devolutions CWE-307
7.5
2022-12-21 CVE-2022-4287 Unspecified vulnerability in Devolutions Remote Desktop Manager
Authentication bypass in local application lock feature in Devolutions Remote Desktop Manager  2022.3.26 and earlier on Windows allows malicious user to access the application.
network
low complexity
devolutions
8.8
2022-12-12 CVE-2022-3641 Unspecified vulnerability in Devolutions Remote Desktop Manager
Elevation of privilege in the Azure SQL Data Source in Devolutions Remote Desktop Manager 2022.3.13 to 2022.3.24 allows an authenticated user to spoof a privileged account.
network
low complexity
devolutions
8.8
2022-11-01 CVE-2022-3780 Unspecified vulnerability in Devolutions Remote Desktop Manager
Database connections on deleted users could stay active on MySQL data sources in Remote Desktop Manager 2022.3.7 and below which allow deleted users to access unauthorized data.
network
low complexity
devolutions
7.5
2022-09-13 CVE-2022-3182 Unspecified vulnerability in Devolutions Remote Desktop Manager
Improper Access Control vulnerability in the Duo SMS two-factor of Devolutions Remote Desktop Manager 2022.2.14 and earlier allows attackers to bypass the application lock.
local
high complexity
devolutions
7.0
2022-06-21 CVE-2022-33995 Path Traversal vulnerability in Devolutions Remote Desktop Manager
A path traversal issue in entry attachments in Devolutions Remote Desktop Manager before 2022.2 allows attackers to create or overwrite files in an arbitrary location.
network
low complexity
devolutions CWE-22
7.5
2021-10-18 CVE-2021-42098 Incorrect Default Permissions vulnerability in Devolutions Remote Desktop Manager
An incomplete permission check on entries in Devolutions Remote Desktop Manager before 2021.2.16 allows attackers to bypass permissions via batch custom PowerShell.
network
low complexity
devolutions CWE-276
8.8