Progress Telerik_reporting
14 CVEs affecting Progress Telerik_reporting. Latest disclosed: 2025-02-12. Critical: 0, High: 11.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-8014 | High | 8.8 | 2024-10-09 | In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolu… |
CVE-2024-6096 | High | 8.8 | 2024-07-24 | In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vul… |
CVE-2024-1856 | High | 8.5 | 2024-03-20 | In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a remote threat actor through an insecure dese… |
CVE-2024-8048 | High | 7.8 | 2024-10-09 | In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evalu… |
CVE-2024-7840 | High | 7.8 | 2024-10-09 | In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is possible through improper neutralization of hyperlink elem… |
CVE-2024-0832 | High | 7.8 | 2024-01-31 | In Telerik Reporting versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component. In an environ… |
CVE-2024-4202 | High | 7.7 | 2024-05-15 | In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure instantiation vulnerability. |
CVE-2024-4200 | High | 7.7 | 2024-05-15 | In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.2.514), a code execution attack is possible by a local threat actor through an insecure dese… |
CVE-2024-1801 | High | 7.7 | 2024-03-20 | In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a local threat actor through an insecure deser… |
CVE-2024-7294 | High | 7.5 | 2024-10-09 | In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), an HTTP DoS attack is possible on anonymous endpoints without rate limiting. |
CVE-2024-7293 | High | 7.5 | 2024-10-09 | In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a password brute forcing attack is possible through weak password requirements. |
CVE-2024-4357 | Medium | 6.5 | 2024-05-15 | An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, allows low-privilege attacker to re… |
CVE-2017-9140 | Medium | 6.1 | 2017-05-22 | Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP… |
CVE-2024-6097 | Medium | 5.3 | 2025-02-12 | In Progress® Telerik® Reporting versions prior to 2025 Q1 (19.0.25.211), information disclosure is possible by a local threat actor through an absolute path vu… |