Filtered by vendor Progress
Subscriptions
Total
191 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-1212 | 2 Kemptechnologies, Progress | 2 Loadmaster, Loadmaster | 2025-01-27 | 10 Critical |
| Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution. | ||||
| CVE-2024-4200 | 1 Progress | 1 Telerik Reporting | 2025-01-16 | 7.7 High |
| In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.2.514), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability. | ||||
| CVE-2024-1856 | 1 Progress | 1 Telerik Reporting | 2025-01-16 | 8.5 High |
| In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a remote threat actor through an insecure deserialization vulnerability. | ||||
| CVE-2024-1801 | 1 Progress | 1 Telerik Reporting | 2025-01-16 | 7.7 High |
| In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability. | ||||
| CVE-2024-2291 | 1 Progress | 1 Moveit Transfer | 2025-01-16 | 4.3 Medium |
| In Progress MOVEit Transfer versions released before 2022.0.11 (14.0.11), 2022.1.12 (14.1.12), 2023.0.9 (15.0.9), 2023.1.4 (15.1.4), a logging bypass vulnerability has been discovered. An authenticated user could manipulate a request to bypass the logging mechanism within the web application which results in user activity not being logged properly. | ||||
| CVE-2024-4202 | 1 Progress | 1 Telerik Reporting | 2025-01-16 | 7.7 High |
| In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure instantiation vulnerability. | ||||
| CVE-2024-1800 | 1 Progress | 1 Telerik Report Server | 2025-01-16 | 9.9 Critical |
| In Progress® Telerik® Report Server versions prior to 2024 Q1 (10.0.24.130), a remote code execution attack is possible through an insecure deserialization vulnerability. | ||||
| CVE-2024-4357 | 1 Progress | 1 Telerik Reporting | 2025-01-16 | 6.5 Medium |
| An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, allows low-privilege attacker to read systems file via XML External Entity Processing. | ||||
| CVE-2024-4837 | 1 Progress | 1 Telerik Report Server | 2025-01-16 | 5.3 Medium |
| In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via a trust boundary violation vulnerability. | ||||
| CVE-2024-5806 | 1 Progress | 1 Moveit Transfer | 2025-01-16 | 9.1 Critical |
| Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2. | ||||
| CVE-2024-4563 | 1 Progress | 1 Moveit Automation | 2025-01-08 | 6.1 Medium |
| The Progress MOVEit Automation configuration export function prior to 2024.0.0 uses a cryptographic method with insufficient bit length. | ||||
| CVE-2024-12105 | 1 Progress | 1 Whatsup Gold | 2025-01-08 | 6.5 Medium |
| In WhatsUp Gold versions released before 2024.0.2, an authenticated user can use a specially crafted HTTP request that can lead to information disclosure. | ||||
| CVE-2023-34364 | 1 Progress | 1 Datadirect Odbc Oracle Wire Protocol Driver | 2025-01-06 | 9.8 Critical |
| A buffer overflow was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. An overly large value for certain options of a connection string may overrun the buffer allocated to process the string value. This allows an attacker to execute code of their choice on an affected host by copying carefully selected data that will be executed as code. | ||||
| CVE-2023-34363 | 1 Progress | 1 Datadirect Odbc Oracle Wire Protocol Driver | 2025-01-06 | 5.9 Medium |
| An issue was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. When using Oracle Advanced Security (OAS) encryption, if an error is encountered initializing the encryption object used to encrypt data, the code falls back to a different encryption mechanism that uses an insecure random number generator to generate the private key. It is possible for a well-placed attacker to predict the output of this random number generator, which could lead to an attacker decrypting traffic between the driver and the database server. The vulnerability does not exist if SSL / TLS encryption is used. | ||||
| CVE-2024-12106 | 1 Progress | 1 Whatsup Gold | 2025-01-06 | 9.4 Critical |
| In WhatsUp Gold versions released before 2024.0.2, an unauthenticated attacker can configure LDAP settings. | ||||
| CVE-2024-12108 | 2 Microsoft, Progress | 2 Windows, Whatsup Gold | 2025-01-06 | 9.6 Critical |
| In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API. | ||||
| CVE-2023-35036 | 1 Progress | 1 Moveit Transfer | 2025-01-03 | 9.1 Critical |
| In Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.2), SQL injection vulnerabilities have been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content. | ||||
| CVE-2024-1474 | 1 Progress | 1 Ws Ftp Server | 2025-01-02 | 7.5 High |
| In WS_FTP Server versions before 8.8.5, reflected cross-site scripting issues have been identified on various user supplied inputs on the WS_FTP Server administrative interface. | ||||
| CVE-2023-34362 | 1 Progress | 2 Moveit Cloud, Moveit Transfer | 2024-12-20 | 9.8 Critical |
| In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions. | ||||
| CVE-2024-1636 | 1 Progress | 1 Sitefinity | 2024-12-16 | 8 High |
| Potential Cross-Site Scripting (XSS) in the page editing area. | ||||