Show filters
228 Total Results
Displaying 21-30 of 228
Sort by:
Attacker Value
Unknown
CVE-2024-32039
Disclosure Date: April 22, 2024 (last updated April 23, 2024)
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use `/gfx` options (e.g. deactivate with `/bpp:32` or `/rfx` as it is on by default).
0
Attacker Value
Unknown
CVE-2024-3545
Disclosure Date: April 09, 2024 (last updated April 11, 2024)
Improper permission handling in the vault offline cache feature in Devolutions Remote Desktop Manager 2024.1.20 and earlier on windows and Devolutions Server 2024.1.8 and earlier allows an attacker to access sensitive informations contained in the offline cache file by gaining access to a computer where the software is installed even though the offline mode is disabled.
0
Attacker Value
Unknown
CVE-2024-0589
Disclosure Date: January 31, 2024 (last updated February 03, 2024)
Cross-site scripting (XSS) vulnerability in the entry overview tab in Devolutions Remote Desktop Manager 2023.3.36 and earlier on Windows allows an attacker with access to a data source to inject a malicious script via a specially crafted input in an entry.
0
Attacker Value
Unknown
CVE-2024-22211
Disclosure Date: January 19, 2024 (last updated January 27, 2024)
FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in `freerdp_bitmap_planar_context_reset` leads to heap-buffer overflow. This affects FreeRDP based clients. FreeRDP based server implementations and proxy are not affected. A malicious server could prepare a `RDPGFX_RESET_GRAPHICS_PDU` to allocate too small buffers, possibly triggering later out of bound read/write. Data extraction over network is not possible, the buffers are used to display an image. This issue has been addressed in version 2.11.5 and 3.2.0. Users are advised to upgrade. there are no know workarounds for this vulnerability.
0
Attacker Value
Unknown
CVE-2023-7047
Disclosure Date: December 21, 2023 (last updated January 05, 2024)
Inadequate validation of permissions when employing remote tools and
macros via the context menu within Devolutions Remote Desktop Manager versions 2023.3.31 and
earlier permits a user to initiate a connection without proper execution
rights via the remote tools feature. This affects only SQL data sources.
0
Attacker Value
Unknown
CVE-2023-6593
Disclosure Date: December 12, 2023 (last updated December 16, 2023)
Client side permission bypass in Devolutions Remote Desktop Manager 2023.3.4.0 and earlier on iOS allows an attacker that has access to the application to execute entries in a SQL data source without restriction.
0
Attacker Value
Unknown
CVE-2023-6288
Disclosure Date: December 06, 2023 (last updated December 13, 2023)
Code injection in Remote Desktop Manager 2023.3.9.3 and earlier on macOS allows an attacker to execute code via the DYLIB_INSERT_LIBRARIES environment variable.
0
Attacker Value
Unknown
CVE-2023-5766
Disclosure Date: November 01, 2023 (last updated November 09, 2023)
A remote code execution vulnerability in Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to remotely execute code from another windows user session on the same host via a specially crafted TCP packet.
0
Attacker Value
Unknown
CVE-2023-5765
Disclosure Date: November 01, 2023 (last updated November 09, 2023)
Improper access control in the password analyzer feature in Devolutions Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to bypass permissions via data source switching.
0
Attacker Value
Unknown
CVE-2023-29348
Disclosure Date: October 10, 2023 (last updated December 14, 2023)
Windows Remote Desktop Gateway (RD Gateway) Information Disclosure Vulnerability
0