Vulnerabilities > Progress
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-13 | CVE-2024-7295 | Use of Hard-coded Credentials vulnerability in Progress Telerik Report Server In Progress® Telerik® Report Server versions prior to 2024 Q4 (10.3.24.1112), the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information. | 6.2 |
| 2024-11-13 | CVE-2024-8049 | Unspecified vulnerability in Progress Telerik Document Processing Libraries In Progress Telerik Document Processing Libraries, versions prior to 2024 Q4 (2024.4.1106), importing a document with unsupported features can lead to excessive processing, leading to excessive use of computing resources leaving the application process unavailable. | 6.5 |
| 2024-10-24 | CVE-2024-7763 | Unspecified vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2024.0.0, an Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials. | 7.5 |
| 2024-10-09 | CVE-2024-7292 | Improper Restriction of Excessive Authentication Attempts vulnerability in Progress Telerik Report Server In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a credential stuffing attack is possible through improper restriction of excessive login attempts. | 8.8 |
| 2024-10-09 | CVE-2024-7293 | Weak Password Requirements vulnerability in Progress Telerik Reporting In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a password brute forcing attack is possible through weak password requirements. | 8.8 |
| 2024-10-09 | CVE-2024-7294 | Unspecified vulnerability in Progress Telerik Reporting In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), an HTTP DoS attack is possible on anonymous endpoints without rate limiting. | 6.5 |
| 2024-10-09 | CVE-2024-7840 | Command Injection vulnerability in Progress Telerik Reporting 12.0.18.125 In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is possible through improper neutralization of hyperlink elements. | 7.8 |
| 2024-10-09 | CVE-2024-8014 | Unsafe Reflection vulnerability in Progress Telerik Reporting 12.0.18.125 In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability. | 8.8 |
| 2024-10-09 | CVE-2024-8015 | Unsafe Reflection vulnerability in Progress Telerik Report Server In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability. | 7.2 |
| 2024-10-09 | CVE-2024-8048 | Unsafe Reflection vulnerability in Progress Telerik Reporting 12.0.18.125 In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evaluation. | 7.8 |