Filtered by vendor Progress Subscriptions
Total 168 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2003-0485 1 Progress 1 4gl Compiler 2024-11-21 N/A
Buffer overflow in Progress 4GL Compiler 9.1D06 and earlier allows attackers to execute arbitrary code via source code containing a long, invalid data type.
CVE-2003-0449 1 Progress 1 Database 2024-11-21 N/A
Progress Database 9.1 to 9.1D06 trusts user input to find and load libraries using dlopen, which allows local users to gain privileges via (1) a PATH environment variable that points to malicious libraries, as demonstrated using libjutil.so in_proapsv, or (2) the -installdir command line parameter, as demonstrated using librocket_r.so in _dbagent.
CVE-2002-0826 1 Progress 1 Ws Ftp Server 2024-11-21 N/A
Buffer overflow in WS_FTP FTP Server 3.1.1 allows remote authenticated users to execute arbitrary code via a long SITE CPWD command.
CVE-2001-1129 1 Progress 1 Progress 2024-11-21 N/A
Format string vulnerabilities in (1) _probuild, (2) _dbutil, (3) _mprosrv, (4) _mprshut, (5) _proapsv, (6) _progres, (7) _proutil, (8) _rfutil and (9) prolib in Progress database 9.1C allows a local user to execute arbitrary code via format string specifiers in the file used by the PROMSGS environment variable.
CVE-2001-1128 1 Progress 1 Progress 2024-11-21 N/A
Buffer overflow in Progress database 8.3D and 9.1C allows local users to execute arbitrary code via long entries in files that are specified by the (1) PROMSGS or (2) PROTERMCAP environment variables.
CVE-2001-1127 1 Progress 1 Progress 2024-11-21 N/A
Buffer overflow in Progress database 8.3D and 9.1C could allow a local user to execute arbitrary code via (1) _proapsv, (2) _mprosrv, (3) _mprshut, (4) orarx, (5) sqlcpp, (6) _probrkr, (7) _sqlschema and (8) _sqldump.
CVE-2001-1021 1 Progress 1 Ws Ftp Server 2024-11-21 N/A
Buffer overflows in WS_FTP 2.02 allow remote attackers to execute arbitrary code via long arguments to (1) DELE, (2) MDTM, (3) MLST, (4) MKD, (5) RMD, (6) RNFR, (7) RNTO, (8) SIZE, (9) STAT, (10) XMKD, or (11) XRMD.
CVE-2000-0127 1 Progress 1 Webspeed 2024-11-21 N/A
The Webspeed configuration program does not properly disable access to the WSMadmin utility, which allows remote attackers to gain privileges via wsisa.dll.
CVE-1999-1171 2 Ipswitch, Progress 2 Imail, Ws Ftp Server 2024-11-21 N/A
IPswitch WS_FTP allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920.
CVE-1999-1170 2 Ipswitch, Progress 2 Imail, Ws Ftp Server 2024-11-21 N/A
IPswitch IMail allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920.
CVE-2024-8049 1 Progress 1 Telerik Document Processing Libraries 2024-11-18 6.5 Medium
In Progress Telerik Document Processing Libraries, versions prior to 2024 Q4 (2024.4.1106), importing a document with unsupported features can lead to excessive processing, leading to excessive use of computing resources leaving the application process unavailable.
CVE-2024-7295 1 Progress 1 Telerik Report Server 2024-11-18 7.1 High
In Progress® Telerik® Report Server versions prior to 2024 Q4 (10.3.24.1112), the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information.
CVE-2024-7763 1 Progress 1 Whatsup Gold 2024-10-30 9.8 Critical
In WhatsUp Gold versions released before 2024.0.0,  an Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials.
CVE-2024-7292 2 Progress, Progress Software 2 Telerik Report Server, Telerik Report Server 2024-10-16 7.5 High
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a credential stuffing attack is possible through improper restriction of excessive login attempts.
CVE-2024-8048 2 Progress, Progress Software 2 Telerik Reporting, Telerik Reporting 2024-10-15 7.8 High
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evaluation.
CVE-2024-8015 2 Progress, Progress Software 2 Telerik Report Server, Telerik Reporting 2024-10-15 9.1 Critical
In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability.
CVE-2024-8014 2 Progress, Progress Software 2 Telerik Reporting, Telerik Reporting 2024-10-15 8.8 High
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability.
CVE-2024-7840 1 Progress 1 Telerik Reporting 2024-10-15 7.8 High
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is possible through improper neutralization of hyperlink elements.
CVE-2024-7294 1 Progress 2 Telerik Report Server, Telerik Reporting 2024-10-15 7.5 High
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), an HTTP DoS attack is possible on anonymous endpoints without rate limiting.
CVE-2024-7293 1 Progress 2 Telerik Report Server, Telerik Reporting 2024-10-15 7.5 High
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a password brute forcing attack is possible through weak password requirements.