Lucene search
K

286 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 11:39 a.m.16 views

CVE-2024-7292

In Progress® Telerik® Report Server versions prior to 2024 Q3 10.2.24.806, a credential stuffing attack is possible through improper restriction of excessive login attempts...

8.8CVSS6.7AI score0.00317EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 5:28 a.m.12 views

CVE-2024-1800

In Progress® Telerik® Report Server versions prior to 2024 Q1 10.0.24.130, a remote code execution attack is possible through an insecure deserialization vulnerability...

9.9CVSS9.7AI score0.40375EPSS
Exploits8References1
RedhatCVE
RedhatCVE
added 2025/02/05 2:57 a.m.8 views

CVE-2024-6327

In Progress® Telerik® Report Server versions prior to 2024 Q2 10.1.24.709, a remote code execution attack is possible through an insecure deserialization vulnerability...

9.9CVSS7.8AI score0.01997EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/04 10:33 p.m.9 views

CVE-2024-8015

In Progress Telerik Report Server versions prior to 2024 Q3 10.2.24.924, a remote code execution attack is possible through object injection via an insecure type resolution vulnerability...

9.1CVSS8AI score0.00822EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/11/15 12:0 a.m.14 views

Progress Telerik Report Server <= 10.2.24.924 Encryption Weakness (CVE-2024-7295)

The version of Progress Telerik Report Server installed on the remote host is affected by an encryption weakness vulnerability: - The encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information. CVE-2024-7295 Note that Nessus has not...

7.1CVSS5.5AI score0.00106EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/11/14 12:0 a.m.13 views

The vulnerability of the Telerik Report Server software’s reporting control tool lies in its reliance on external controls for selecting classes. This allows an attacker to execute arbitrary code.

The vulnerability of the Telerik Report Server reporting management software lies in the use of external control for selecting classes when input data is provided. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

9CVSS5.9AI score0.00602EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2024/11/14 12:0 a.m.11 views

The vulnerability of the Telerik Report Server software’s reporting control tool lies in its reliance on external controls for selecting classes. This allows an attacker to execute arbitrary code.

The vulnerability of the Telerik Report Server reporting management software lies in the use of external control for selecting classes when input data is provided. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

7.8CVSS5.8AI score0.00221EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2024/11/14 12:0 a.m.4 views

The vulnerability of the Telerik Report Server software’s reporting control tool lies in its reliance on external controls for selecting classes. This allows an attacker to execute arbitrary code.

The vulnerability of the Telerik Report Server reporting control software lies in the use of external control for selecting classes when input data is provided. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

9.1CVSS5.8AI score0.00822EPSS
Exploits0References4
OSV
OSV
added 2024/11/13 4:15 p.m.2 views

CVE-2024-7295

In Progress® Telerik® Report Server versions prior to 2024 Q4 10.3.24.1112, the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information...

6.2CVSS5.8AI score0.00106EPSS
Exploits0References1
NVD
NVD
added 2024/11/13 4:15 p.m.30 views

CVE-2024-7295

In Progress® Telerik® Report Server versions prior to 2024 Q4 10.3.24.1112, the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information...

7.1CVSS0.00106EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/13 3:22 p.m.12 views

CVE-2024-7295 Hard-coded credentials used for temporary and cache data encryption

In Progress® Telerik® Report Server versions prior to 2024 Q4 10.3.24.1112, the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information...

7.1CVSS6.6AI score0.00106EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/13 3:22 p.m.37 views

CVE-2024-7295 Hard-coded credentials used for temporary and cache data encryption

In Progress® Telerik® Report Server versions prior to 2024 Q4 10.3.24.1112, the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information...

7.1CVSS0.00106EPSS
Exploits0References1
CVE
CVE
added 2024/11/13 3:22 p.m.50 views

CVE-2024-7295

CVE-2024-7295 affects Progress Telerik Report Server and is tied to an encryption weakness in the local asset data protection. Versions prior to 2024 Q4 (10.3.24.1112) reportedly use an older encryption algorithm, which may allow a sophisticated actor to decrypt local asset data. The vulnerabilit...

7.1CVSS6.3AI score0.00106EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/11/13 12:0 a.m.5 views

PT-2024-38244 · Telerik · Telerik Report Server

Name of the Vulnerable Software and Affected Versions: In Progress Telerik Report Server versions prior to 2024 Q4 10.3.24.1112 Description: The encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information. Recommendations: For versions...

7.1CVSS7.1AI score0.00106EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/11/13 12:0 a.m.4 views

Progress Telerik Report Server 信任管理问题漏洞

Progress Telerik Report Server is an enterprise-class report management and distribution solution from Progress, Inc. A trust management issue vulnerability exists in versions of Progress Telerik Report Server prior to 2024 Q4, which stems from an older algorithm used to encrypt local asset data,...

7.1CVSS6.4AI score0.00106EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/11/01 12:0 a.m.11 views

Progress Telerik Report Server <= 10.2.24.806 Insecure Type Resolution (CVE-2024-8015)

The version of Progress Telerik Report Server installed on the remote host is affected by an insecure type resolution vulnerability: - A remote code execution attack is possible through object injection via an insecure type resolution vulnerability. CVE-2024-8015 Note that Nessus has not tested f...

9.1CVSS6.4AI score0.00822EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/10/14 12:0 a.m.9 views

The vulnerability of Power BI report servers, related to the lack of protective measures for website structures, allows attackers to execute cross-site scripting attacks.

The vulnerability of the Power BI report server is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks remotely...

6.8CVSS5.2AI score0.01855EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/10/11 12:0 a.m.90 views

Security Update for Microsoft Power BI Report Server (October 2024)

The Microsoft Power BI Report Server on the remote host is missing the October 2024 security update. It is, therefore, affected by a server spoofing vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

8.8CVSS5.4AI score0.01855EPSS
Exploits0References5
OSV
OSV
added 2024/10/09 3:15 p.m.2 views

CVE-2024-8015

In Progress Telerik Report Server versions prior to 2024 Q3 10.2.24.924, a remote code execution attack is possible through object injection via an insecure type resolution vulnerability...

7.2CVSS6.3AI score0.00822EPSS
Exploits0References1
NVD
NVD
added 2024/10/09 3:15 p.m.18 views

CVE-2024-8015

In Progress Telerik Report Server versions prior to 2024 Q3 10.2.24.924, a remote code execution attack is possible through object injection via an insecure type resolution vulnerability...

9.1CVSS0.00822EPSS
Exploits0References1
Rows per page
Query Builder