Vulnerabilidades en DevExpress
5 resultadosCVE-2022-28684HIGHThis vulnerability allows remote attackers to execute arbitrary code on affected installations of DevExpress. Authentication is required to EPSS 2.5%CVE-2023-35815LOWDevExpress before 23.1.3 has a data-source protection mechanism bypass during deserialization on XML data.EPSS 0.4%CVE-2023-35814LOWDevExpress before 23.1.3 does not properly protect XtraReport serialized data in ASP.NET web forms.EPSS 0.4%CVE-2023-35816LOWDevExpress before 23.1.3 allows arbitrary TypeConverter conversion.EPSS 0.4%CVE-2023-35817MEDIUMDevExpress before 23.1.3 allows AsyncDownloader SSRF.EPSS 0.3%