21 matches found
EUVD-2024-43993
Malicious code in bioql PyPI...
Progress Telerik Report Server <= 10.2.24.924 Encryption Weakness (CVE-2024-7295)
The version of Progress Telerik Report Server installed on the remote host is affected by an encryption weakness vulnerability: - The encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information. CVE-2024-7295 Note that Nessus has not...
CVE-2024-7295
In Progress® Telerik® Report Server versions prior to 2024 Q4 10.3.24.1112, the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information...
CVE-2024-7295
CVE-2024-7295 affects Progress Telerik Report Server and is tied to an encryption weakness in the local asset data protection. Versions prior to 2024 Q4 (10.3.24.1112) reportedly use an older encryption algorithm, which may allow a sophisticated actor to decrypt local asset data. The vulnerabilit...
Progress Telerik Report Server <= 10.2.24.806 Insecure Type Resolution (CVE-2024-8015)
The version of Progress Telerik Report Server installed on the remote host is affected by an insecure type resolution vulnerability: - A remote code execution attack is possible through object injection via an insecure type resolution vulnerability. CVE-2024-8015 Note that Nessus has not tested f...
CVE-2024-7294
In Progress® Telerik® Report Server versions prior to 2024 Q3 10.2.24.806, an HTTP DoS attack is possible on anonymous endpoints without rate limiting...
CVE-2024-7292 Account Controller allows high count of login attempts
In Progress® Telerik® Report Server versions prior to 2024 Q3 10.2.24.806, a credential stuffing attack is possible through improper restriction of excessive login attempts...
CVE-2024-7294 Uncontrolled resource consumption of anonymous endpoints
In Progress® Telerik® Report Server versions prior to 2024 Q3 10.2.24.806, an HTTP DoS attack is possible on anonymous endpoints without rate limiting...
CVE-2024-7294 Uncontrolled resource consumption of anonymous endpoints
In Progress® Telerik® Report Server versions prior to 2024 Q3 10.2.24.806, an HTTP DoS attack is possible on anonymous endpoints without rate limiting...
CVE-2024-7293 Password policy for new users is not strong enough
In Progress® Telerik® Report Server versions prior to 2024 Q3 10.2.24.806, a password brute forcing attack is possible through weak password requirements...
CVE-2024-7293
Affected product: Progress Telerik Report Server. Vulnerability: Password brute forcing possible due to weak password requirements in versions prior to 2024 Q3 (10.2.24.806). Root cause / details: Weak password policy enables brute-force attempts; attack vector is network-based. Impact: High conf...
Progress Telerik Report Server Insecure Deserialization (CVE-2024-1800)
The version of Progress Telerik Report Server installed on the remote host is affected by an insecure deserialization vulnerability, as follows: - In Progress Telerik Report Server versions prior to 2024 Q1 10.0.24.130, a remote code execution attack is possible through an insecure deserializatio...
Progress Telerik Report Server Authentication Bypass (CVE-2024-4358)
The version of Progress Telerik Report Server installed on the remote host is affected by an authentication bypass vulnerability, as follows: - In Progress Telerik Report Server, version 2024 Q1 10.0.24.305 or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server...
CVE-2024-4358
In Progress Telerik Report Server, version 2024 Q1 10.0.24.305 or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability...
CVE-2024-4358 Registration Authentication Bypass Vulnerability
In Progress Telerik Report Server, version 2024 Q1 10.0.24.305 or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability...
CVE-2024-4837
In Progress Telerik Report Server, version 2024 Q1 10.0.24.305 or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via a trust boundary violation vulnerability...
CVE-2024-4837
CVE-2024-4837 affects Progress Telerik Report Server (Progress) on IIS, with the 2024 Q1 release (10.0.24.305) or earlier vulnerable to a trust boundary violation that lets an unauthenticated attacker access restricted functionality. Connected sources identify the affected product, version range,...
CVE-2024-4837 Trust Boundary Violation Vulnerability
In Progress Telerik Report Server, version 2024 Q1 10.0.24.305 or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via a trust boundary violation vulnerability...
CVE-2024-4357
Progress Telerik Report Server (versions 10.0.24.305 and earlier, i.e., 2024 Q1) suffers an XML External Entity Processing (XXE) information-disclosure vulnerability in the ValidateMetadaUri path. A low-privilege attacker could read system files; an authenticated context is required but may be by...
CVE-2024-4357 XML External Entity Processing Information Disclosure
An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 10.0.24.305 or earlier, allows low-privilege attacker to read systems file via XML External Entity Processing...