Filtered by vendor Progress
Subscriptions
Filtered by product Telerik Report Server
Subscriptions
Total
9 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-0556 | 1 Progress | 1 Telerik Report Server | 2025-02-20 | 8.8 High |
| In Progress® Telerik® Report Server, versions prior to 2025 Q1 (11.0.25.211) when using the older .NET Framework implementation, communication of non-sensitive information between the service agent process and app host process occurs over an unencrypted tunnel, which can be subjected to local network traffic sniffing. | ||||
| CVE-2024-1800 | 1 Progress | 1 Telerik Report Server | 2025-01-16 | 9.9 Critical |
| In Progress® Telerik® Report Server versions prior to 2024 Q1 (10.0.24.130), a remote code execution attack is possible through an insecure deserialization vulnerability. | ||||
| CVE-2024-4837 | 1 Progress | 1 Telerik Report Server | 2025-01-16 | 5.3 Medium |
| In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via a trust boundary violation vulnerability. | ||||
| CVE-2024-6327 | 1 Progress | 1 Telerik Report Server | 2024-11-21 | 9.9 Critical |
| In Progress® Telerik® Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code execution attack is possible through an insecure deserialization vulnerability. | ||||
| CVE-2024-7295 | 1 Progress | 1 Telerik Report Server | 2024-11-18 | 7.1 High |
| In Progress® Telerik® Report Server versions prior to 2024 Q4 (10.3.24.1112), the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information. | ||||
| CVE-2024-7292 | 2 Progress, Progress Software | 2 Telerik Report Server, Telerik Report Server | 2024-10-16 | 7.5 High |
| In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a credential stuffing attack is possible through improper restriction of excessive login attempts. | ||||
| CVE-2024-8015 | 2 Progress, Progress Software | 2 Telerik Report Server, Telerik Reporting | 2024-10-15 | 9.1 Critical |
| In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability. | ||||
| CVE-2024-7294 | 1 Progress | 2 Telerik Report Server, Telerik Reporting | 2024-10-15 | 7.5 High |
| In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), an HTTP DoS attack is possible on anonymous endpoints without rate limiting. | ||||
| CVE-2024-7293 | 1 Progress | 2 Telerik Report Server, Telerik Reporting | 2024-10-15 | 7.5 High |
| In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a password brute forcing attack is possible through weak password requirements. | ||||
Page 1 of 1.