Filtered by vendor Progress
Subscribe
Total
205 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-34362 | 1 Progress | 2 Moveit Cloud, Moveit Transfer | 2024-12-20 | N/A | 9.8 CRITICAL |
| In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions. | |||||
| CVE-2024-1636 | 1 Progress | 1 Sitefinity | 2024-12-16 | N/A | 5.4 MEDIUM |
| Potential Cross-Site Scripting (XSS) in the page editing area. | |||||
| CVE-2024-1632 | 1 Progress | 1 Sitefinity | 2024-12-16 | N/A | 6.5 MEDIUM |
| Low-privileged users with access to the Sitefinity backend may obtain sensitive information from the site's administrative area. | |||||
| CVE-2024-46907 | 1 Progress | 1 Whatsup Gold | 2024-12-10 | N/A | 8.8 HIGH |
| In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account. | |||||
| CVE-2024-46908 | 1 Progress | 1 Whatsup Gold | 2024-12-10 | N/A | 8.8 HIGH |
| In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account. | |||||
| CVE-2024-46909 | 1 Progress | 1 Whatsup Gold | 2024-12-10 | N/A | 9.8 CRITICAL |
| In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the service account. | |||||
| CVE-2024-8785 | 1 Progress | 1 Whatsup Gold | 2024-12-09 | N/A | 5.3 MEDIUM |
| In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch\. | |||||
| CVE-2024-4562 | 1 Progress | 1 Whatsup Gold | 2024-12-09 | N/A | 5.4 MEDIUM |
| In WhatsUp Gold versions released before 2023.1.2 , an SSRF vulnerability exists in Whatsup Gold's Issue exists in the HTTP Monitoring functionality. Due to the lack of proper authorization, any authenticated user can access the HTTP monitoring functionality, what leads to the Server Side Request Forgery. | |||||
| CVE-2024-4561 | 1 Progress | 1 Whatsup Gold | 2024-12-09 | N/A | 5.3 MEDIUM |
| In WhatsUp Gold versions released before 2023.1.2 , a blind SSRF vulnerability exists in Whatsup Gold's FaviconController that allows an attacker to send arbitrary HTTP requests on behalf of the vulnerable server. | |||||
| CVE-2024-46906 | 1 Progress | 1 Whatsup Gold | 2024-12-06 | N/A | 8.8 HIGH |
| In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account. | |||||
| CVE-2024-46905 | 1 Progress | 1 Whatsup Gold | 2024-12-03 | N/A | 8.8 HIGH |
| In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated lower-privileged user (at least Network Manager permissions required) to achieve privilege escalation to the admin account. | |||||
| CVE-2024-8049 | 1 Progress | 1 Telerik Document Processing Libraries | 2024-11-18 | N/A | 6.5 MEDIUM |
| In Progress Telerik Document Processing Libraries, versions prior to 2024 Q4 (2024.4.1106), importing a document with unsupported features can lead to excessive processing, leading to excessive use of computing resources leaving the application process unavailable. | |||||
| CVE-2024-7295 | 1 Progress | 1 Telerik Report Server | 2024-11-18 | N/A | 6.2 MEDIUM |
| In Progress® Telerik® Report Server versions prior to 2024 Q4 (10.3.24.1112), the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information. | |||||
| CVE-2024-7763 | 1 Progress | 1 Whatsup Gold | 2024-10-30 | N/A | 7.5 HIGH |
| In WhatsUp Gold versions released before 2024.0.0, an Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials. | |||||
| CVE-2024-0833 | 1 Progress | 1 Telerik Test Studio | 2024-10-17 | N/A | 7.8 HIGH |
| In Telerik Test Studio versions prior to v2023.3.1330, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik Test Studio install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system. | |||||
| CVE-2023-6595 | 1 Progress | 1 Whatsup Gold | 2024-10-16 | N/A | 5.3 MEDIUM |
| In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate ancillary credential information stored within WhatsUp Gold. | |||||
| CVE-2023-6368 | 1 Progress | 1 Whatsup Gold | 2024-10-16 | N/A | 5.3 MEDIUM |
| In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate information related to a registered device being monitored by WhatsUp Gold. | |||||
| CVE-2024-8048 | 1 Progress | 1 Telerik Reporting | 2024-10-15 | N/A | 7.8 HIGH |
| In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evaluation. | |||||
| CVE-2024-8015 | 1 Progress | 1 Telerik Report Server | 2024-10-15 | N/A | 7.2 HIGH |
| In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability. | |||||
| CVE-2024-8014 | 1 Progress | 1 Telerik Reporting | 2024-10-15 | N/A | 8.8 HIGH |
| In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability. | |||||