CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8316 – Progress UI for WPF format provider unsafe deserialization vulnerability
https://notcve.org/view.php?id=CVE-2024-8316
25 Sep 2024 — In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is possible through an insecure deserialization vulnerability. • https://docs.telerik.com/devtools/wpf/knowledge-base/unsafe-deserialization-cve-2024-8316 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7576 – Progress UI for WPF format provider unsafe deserialization vulnerability
https://notcve.org/view.php?id=CVE-2024-7576
25 Sep 2024 — In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is possible through an insecure deserialization vulnerability. • https://docs.telerik.com/devtools/wpf/knowledge-base/unsafe-deserialization-cve-2024-7576 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7575 – Improper neutralization special element in hyperlinks
https://notcve.org/view.php?id=CVE-2024-7575
25 Sep 2024 — In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements. • https://docs.telerik.com/devtools/wpf/knowledge-base/command-injection-cve-2024-7575 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-7679 – Improper neutralization special element in hyperlinks
https://notcve.org/view.php?id=CVE-2024-7679
25 Sep 2024 — In Progress Telerik UI for WinForms versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements. • https://docs.telerik.com/devtools/winforms/knowledge-base/command-injection-cve-2024-7679 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •