Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
Progress Software Corporation

Telerik Report Server

2 Versions 7 CVEs

Versions

1.0.0

SEMANTIC 5 CVEs

1.00

MAJOR_MINOR 2 CVEs

Recent CVEs

CVE-2024-7295

In Progress® Telerik® Report Server versions prior to 2024 Q4 (10.3.24.1112), the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information.

HIGH Nov 13, 2024

CVE-2024-7292

In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a credential stuffing attack is possible through improper restriction of excessive login attempts.

HIGH Oct 09, 2024

CVE-2024-7294

In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), an HTTP DoS attack is possible on anonymous endpoints without rate limiting.

HIGH Oct 09, 2024

CVE-2024-7293

In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a password brute forcing attack is possible through weak password requirements.

HIGH Oct 09, 2024

CVE-2024-4358

In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.

CRITICAL May 29, 2024