CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8015 – Telerik Report Server Insecure Type Resolution
https://notcve.org/view.php?id=CVE-2024-8015
09 Oct 2024 — In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability. • https://docs.telerik.com/report-server/knowledge-base/insecure-type-resolution-cve-2024-8015 • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •
CVSS: 10.0EPSS: 4%CPEs: 1EXPL: 0CVE-2024-6096 – Unsafe Deserialization Vulnerability
https://notcve.org/view.php?id=CVE-2024-6096
24 Jul 2024 — In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability. • https://docs.telerik.com/reporting/knowledge-base/unsafe-reflection-CVE-2024-6096 • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4200 – Progress Telerik Reporting Local Deserialization Vulnerability
https://notcve.org/view.php?id=CVE-2024-4200
15 May 2024 — In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.2.514), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability. En las versiones de Progress® Telerik® Reporting anteriores al segundo trimestre de 2024 (18.1.24.2.514), un actor de amenazas local puede realizar un ataque de ejecución de código a través de una vulnerabilidad de deserialización insegura. • https://docs.telerik.com/reporting/knowledge-base/deserialization-vulnerability-cve-2024-4200 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4202 – Progress Telerik Reporting Local Instantiation Vulnerability
https://notcve.org/view.php?id=CVE-2024-4202
15 May 2024 — In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure instantiation vulnerability. En las versiones de Progress® Telerik® Reporting anteriores al segundo trimestre de 2024 (18.1.24.514), es posible un ataque de ejecución de código a través de una vulnerabilidad de instanciación insegura. • https://docs.telerik.com/reporting/knowledge-base/instantiation-vulnerability-cve-2024-4202 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1856 – Progress Telerik Reporting Remote Deserialization Vulnerability
https://notcve.org/view.php?id=CVE-2024-1856
20 Mar 2024 — In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a remote threat actor through an insecure deserialization vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Telerik Reporting. Authentication is required to exploit this vulnerability. The specific flaw exists within the ObjectReader class. The issue results from the lack of proper validation of user-supplied data, wh... • https://docs.telerik.com/reporting/knowledge-base/deserialization-vulnerability-cve-2024-1801-cve-2024-1856 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1801 – Progress Telerik Reporting Local Deserialization Vulnerability
https://notcve.org/view.php?id=CVE-2024-1801
20 Mar 2024 — In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Telerik Reporting. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ObjectReader class. The i... • https://docs.telerik.com/reporting/knowledge-base/deserialization-vulnerability-cve-2024-1801-cve-2024-1856 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0832 – Privilege Elevation via Telerik Reporting Installer
https://notcve.org/view.php?id=CVE-2024-0832
31 Jan 2024 — In Telerik Reporting versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik Reporting install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system. En las versiones de Telerik Reporting anteriores a 2024 R1, se identificó una vulnerabilidad de elevación de privilegios en el componente del instalad... • https://docs.telerik.com/reporting/knowledge-base/legacy-installer-vulnerability • CWE-269: Improper Privilege Management •
CVSS: 6.1EPSS: 5%CPEs: 2EXPL: 0CVE-2017-9140
https://notcve.org/view.php?id=CVE-2017-9140
22 May 2017 — Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd. Fue encontrada una vulnerabilidad de tipo Cross-Site Scripting (XSS) en el archivo Telerik.ReportViewer.WebForms.dll en Telerik Reporting para el control Report Viewer de ASP.NET WebForms anterior a R1 2017 SP2 versión ... • http://www.telerik.com/support/whats-new/reporting/release-history/telerik-reporting-r1-2017-sp2-%28version-11-0-17-406%29 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •