CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-1758 – Progress Software Kemp LoadMaster mangle Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-1758
18 Mar 2025 — Improper Input Validation vulnerability in Progress LoadMaster allows : Buffer OverflowThis issue affects: * LoadMaster: 7.2.40.0 and above * ECS: All versions * Multi-Tenancy: 7.1.35.4 and above This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mangle executable. The issue results from the lack of proper validation of the length... • https://docs.progress.com/bundle/release-notes_loadmaster-7-2-61-1/page/Security-Updates.html • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56135 – Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.
https://notcve.org/view.php?id=CVE-2024-56135
05 Feb 2025 — Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.2.49.0 to 7.2.54.12 (inclusive) 7.2.48.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive) • https://community.progress.com/s/article/LoadMaster-Security-Vulnerability-CVE-2024-56131-CVE-2024-56132-CVE-2024-56133-CVE-2024-56134-CVE-2024-56135 • CWE-20: Improper Input Validation •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56133 – Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.
https://notcve.org/view.php?id=CVE-2024-56133
05 Feb 2025 — Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.2.49.0 to 7.2.54.12 (inclusive) 7.2.48.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive) • https://community.progress.com/s/article/LoadMaster-Security-Vulnerability-CVE-2024-56131-CVE-2024-56132-CVE-2024-56133-CVE-2024-56134-CVE-2024-56135 • CWE-20: Improper Input Validation •
CVSS: 8.4EPSS: 1%CPEs: 1EXPL: 0CVE-2024-8755 – Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.
https://notcve.org/view.php?id=CVE-2024-8755
11 Oct 2024 — Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.2.49.0 to 7.2.54.12 (inclusive) 7.2.48.12 and all prior versions Multi-Tenant Hypervisor 7.1.35.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.This issue ... • https://support.kemptechnologies.com/hc/en-us/articles/30297374715661-LoadMaster-Security-Vulnerability-CVE-2024-8755 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 12%CPEs: 1EXPL: 0CVE-2024-7591 – Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection
https://notcve.org/view.php?id=CVE-2024-7591
05 Sep 2024 — Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects: * LoadMaster: 7.2.40.0 and above * ECS: All versions * Multi-Tenancy: 7.1.35.4 and above • https://support.kemptechnologies.com/hc/en-us/articles/29196371689613-LoadMaster-Security-Vulnerability-CVE-2024-7591 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-3544 – LoadMaster Hardcoded SSH Key
https://notcve.org/view.php?id=CVE-2024-3544
02 May 2024 — Unauthenticated attackers can perform actions, using SSH private keys, by knowing the IP address and having access to the same network of one of the machines in the HA or Cluster group. This vulnerability has been closed by enhancing LoadMaster partner communications to require a shared secret that must be exchanged between the partners before communication can proceed. Los atacantes no autenticados pueden realizar acciones utilizando claves privadas SSH conociendo la dirección IP y teniendo acceso a la mis... • https://kemptechnologies.com • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-3543 – LoadMaster Reversible Password Encryption Algorithm
https://notcve.org/view.php?id=CVE-2024-3543
02 May 2024 — Use of reversible password encryption algorithm allows attackers to decrypt passwords. Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system. El uso de un algoritmo de cifrado de contraseña reversible permite a los atacantes descifrar contraseñas. El atacante puede descifrar fácilmente la información confidencial y las credenciales robadas pueden usarse para acciones arbitrarias que corrompan el sistema. • https://kemptechnologies.com • CWE-257: Storing Passwords in a Recoverable Format •
CVSS: 7.6EPSS: 0%CPEs: 4EXPL: 0CVE-2024-2449 – LoadMaster Cross-Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2024-2449
22 Mar 2024 — A cross-site request forgery vulnerability has been identified in LoadMaster. It is possible for a malicious actor, who has prior knowledge of the IP or hostname of a specific LoadMaster, to direct an authenticated LoadMaster administrator to a third-party site. In such a scenario, the CSRF payload hosted on the malicious site would execute HTTP transactions on behalf of the LoadMaster administrator. Se ha identificado una vulnerabilidad de Cross-Site Request Forgery en LoadMaster. Es posible que un actor m... • https://progress.com/loadmaster • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.0EPSS: 60%CPEs: 4EXPL: 1CVE-2024-2448 – LoadMaster Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-2448
22 Mar 2024 — An OS command injection vulnerability has been identified in LoadMaster. An authenticated UI user with any permission settings may be able to inject commands into a UI component using a shell command resulting in OS command injection. Se ha identificado una vulnerabilidad de inyección de comandos del sistema operativo en LoadMaster. Un usuario de UI autenticado con cualquier configuración de permisos puede inyectar comandos en un componente de UI usando un comando de shell, lo que resulta en la inyección de... • https://github.com/minj-ae/CVE-2024-24488 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 92%CPEs: 3EXPL: 5CVE-2024-1212 – Progress Kemp LoadMaster OS Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-1212
21 Feb 2024 — Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution. Los atacantes remotos no autenticados pueden acceder al sistema a través de la interfaz de administración de LoadMaster, lo que permite la ejecución arbitraria de comandos del sistema. Progress Kemp LoadMaster contains an OS command injection vulnerability that allows an unauthenticated, remote attacker to access the system through the LoadMaster management interfa... • https://packetstorm.news/files/id/178305 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •