Vulnerabilities > Telerik
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-11 | CVE-2021-28141 | Missing Authorization vulnerability in Telerik UI for Asp.Net Ajax 2021.1.224 An issue was discovered in Progress Telerik UI for ASP.NET AJAX 2021.1.224. | 9.8 |
| 2020-11-05 | CVE-2020-13661 | Unspecified vulnerability in Telerik Fiddler 5.0.20202.18177 Telerik Fiddler through 5.0.20202.18177 allows attackers to execute arbitrary programs via a hostname with a trailing space character, followed by --utility-and-browser --utility-cmd-prefix= and the pathname of a locally installed program. network telerik | 6.8 |
| 2020-03-31 | CVE-2020-11414 | Path Traversal vulnerability in Telerik UI FOR Silverlight An issue was discovered in Progress Telerik UI for Silverlight before 2020.1.330. | 5.0 |
| 2019-12-13 | CVE-2019-19790 | Path Traversal vulnerability in Telerik Radchart and UI FOR Asp.Net Ajax Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a remote attacker to read and delete an image with extension .BMP, .EXIF, .GIF, .ICON, .JPEG, .PNG, .TIFF, or .WMF on the server through a specially crafted request. | 7.5 |
| 2019-12-11 | CVE-2019-18935 | Deserialization of Untrusted Data vulnerability in Telerik UI for Asp.Net Ajax Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. | 9.8 |
| 2018-08-16 | CVE-2018-15122 | Improper Input Validation vulnerability in Telerik Justassembly and Justdecompile An issue found in Progress Telerik JustAssembly through 2018.1.323.2 and JustDecompile through 2018.2.605.0 makes it possible to execute code by decompiling a compiled .NET object (such as DLL or EXE) with an embedded resource file by clicking on the resource. | 6.8 |
| 2017-08-23 | CVE-2017-11357 | Improper Input Validation vulnerability in Telerik UI FOR Asp.Net Ajax Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code. | 7.5 |
| 2017-08-23 | CVE-2017-11317 | Inadequate Encryption Strength vulnerability in Telerik UI FOR Asp.Net Ajax Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code. | 7.5 |
| 2017-07-03 | CVE-2017-9248 | Insufficiently Protected Credentials vulnerability in Telerik Sitefinity CMS and UI for Asp.Net Ajax Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leading to a MachineKey leak, arbitrary file uploads or downloads, XSS, or ASP.NET ViewState compromise. | 7.5 |
| 2015-03-13 | CVE-2015-2264 | Unspecified vulnerability in Telerik Analytics Monitor Library 3.2.122 Multiple untrusted search path vulnerabilities in (1) EQATEC.Analytics.Monitor.Win32_vc100.dll and (2) EQATEC.Analytics.Monitor.Win32_vc100-x64.dll in Telerik Analytics Monitor Library before 3.2.125 allow local users to gain privileges via a Trojan horse (a) csunsapi.dll, (b) swift.dll, (c) nfhwcrhk.dll, or (d) surewarehook.dll file in an unspecified directory. local telerik | 6.9 |