VYPR

Vendor CVEs

Process Software

All CVEs

23 total · sorted by risk
  • CVE-2015-9245CriOct 31, 2017
    risk 0.64cvss 9.8epss 0.02

    Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via port 20931.

  • CVE-2014-8555Nov 12, 2014
    risk 0.04cvss epss 0.07

    Directory traversal vulnerability in report/reportViewAction.jsp in Progress Software OpenEdge 11.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the selection parameter.

  • CVE-2008-5120Nov 18, 2008
    risk 0.04cvss epss 0.10

    Stack-based buffer overflow in the Process Software MultiNet finger service (aka FINGERD) for HP OpenVMS 8.3 allows remote attackers to execute arbitrary code via a long request string.

  • CVE-2007-2506May 4, 2007
    risk 0.03cvss epss 0.04

    WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service (infinite loop and daemon hang) via a messenger URL that invokes _edit.r with no additional parameters, as demonstrated by…

  • CVE-2007-2417Jul 15, 2007
    risk 0.01cvss epss 0.16

    Heap-based buffer overflow in _mprosrv.exe in Progress Software Progress 9.1E and OpenEdge 10.1x, as used by the RSA Authentication Manager 6.0 and 6.1, SecurID Appliance 2.0, ACE/Server 5.2, and possibly other products, allows remote attackers to execute arbitrary code via…

  • CVE-2026-2878Feb 25, 2026
    risk 0.00cvss epss 0.00

    In Progress® Telerik® UI for AJAX, versions prior to 2026.1.225, an insufficient entropy vulnerability exists in RadAsyncUpload, where a predictable temporary identifier, based on timestamp and filename, can enable collisions and file content tampering.

  • CVE-2025-6505Jul 29, 2025
    risk 0.00cvss epss 0.00

    Unauthorized access and impersonation can occur in versions 4.6.2.3226 and below of Progress Software's Hybrid Data Pipeline Server on Linux. This vulnerability allows attackers to combine credentials from different sources, potentially leading to client impersonation and…

  • CVE-2025-6504Jul 29, 2025
    risk 0.00cvss epss 0.00

    In HDP Server versions below 4.6.2.2978 on Linux, unauthorized access could occur via IP spoofing using the X-Forwarded-For header.  Since XFF is a client-controlled header, it could be spoofed, allowing unauthorized access if the spoofed IP matched a whitelisted range. This…

  • CVE-2025-3600May 14, 2025
    risk 0.00cvss epss 0.19

    In Progress® Telerik® UI for AJAX, versions 2011.2.712 to 2025.1.218, an unsafe reflection vulnerability exists that may lead to an unhandled exception resulting in a crash of the hosting process and denial of service.

  • CVE-2024-8015Oct 9, 2024
    risk 0.00cvss epss 0.01

    In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability.

  • CVE-2024-7840Oct 9, 2024
    risk 0.00cvss epss 0.01

    In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is possible through improper neutralization of hyperlink elements.

  • CVE-2024-8048Oct 9, 2024
    risk 0.00cvss epss 0.00

    In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evaluation.

  • CVE-2024-8014Oct 9, 2024
    risk 0.00cvss epss 0.01

    In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability.

  • CVE-2024-7654Sep 3, 2024
    risk 0.00cvss epss 0.00

    An ActiveMQ Discovery service was reachable by default from an OpenEdge Management installation when an OEE/OEM auto-discovery feature was activated.  Unauthorized access to the discovery service's UDP port allowed content injection into parts of the OEM web interface making it…

  • CVE-2024-6096Jul 24, 2024
    risk 0.00cvss epss 0.01

    In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability.

  • CVE-2024-4200May 15, 2024
    risk 0.00cvss epss 0.00

    In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.2.514), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability.

  • CVE-2024-4202May 15, 2024
    risk 0.00cvss epss 0.00

    In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure instantiation vulnerability.

  • CVE-2024-1856Mar 20, 2024
    risk 0.00cvss epss 0.01

    In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a remote threat actor through an insecure deserialization vulnerability.

  • CVE-2024-1801Mar 20, 2024
    risk 0.00cvss epss 0.00

    In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability.

  • CVE-2024-0832Jan 31, 2024
    risk 0.00cvss epss 0.00

    In Telerik Reporting versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component.  In an environment where an existing Telerik Reporting install is present, a lower privileged user has the ability to manipulate the…

  • CVE-2024-0219Jan 31, 2024
    risk 0.00cvss epss 0.00

    In Telerik JustDecompile versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component.  In an environment where an existing Telerik JustDecompile install is present, a lower privileged user has the ability to…

  • CVE-2007-3491Jun 29, 2007
    risk 0.00cvss epss 0.03

    Buffer overflow in _mprosrv in Progress Software OpenEdge before 9.1E0422, and 10.x before 10.1B01, allows remote attackers to have an unknown impact via a malformed TCP/IP message.

  • CVE-1999-0143Feb 21, 1996
    risk 0.00cvss epss 0.00

    Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys.