Vulnerabilities > Telerik

DATE	CVE	VULNERABILITY TITLE	RISK
2017-08-23	CVE-2017-11317	Inadequate Encryption Strength vulnerability in Telerik UI for Asp.Net Ajax Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code. network low complexity telerik CWE-326 critical	9.8
2017-07-03	CVE-2017-9248	Insufficiently Protected Credentials vulnerability in multiple products Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leading to a MachineKey leak, arbitrary file uploads or downloads, XSS, or ASP.NET ViewState compromise. network low complexity telerik progress CWE-522 critical	9.8

Vulnerabilities > Telerik {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Telerik"}]}