VYPR
Vendor

Inedo

Products
3
CVEs
10
Across products
10
Status
Private

Products

3

Recent CVEs

10
  • CVE-2017-17086CriDec 1, 2017
    risk 0.64cvss 9.8epss 0.01

    Indeo Otter through 1.7.4 mishandles a "" substring in an initial DP payload, which allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact, as demonstrated by the Plan Editor.

  • CVE-2017-15607CriDec 1, 2017
    risk 0.64cvss 9.8epss 0.02

    Inedo Otter before 1.7.4 has directory traversal in filesystem-based rafts via vectors involving '/' characters or initial '.' characters, aka OT-181.

  • CVE-2017-16521CriNov 10, 2017
    risk 0.64cvss 9.8epss 0.02

    In Inedo BuildMaster before 5.8.2, XslTransform was used where XslCompiledTransform should have been used.

  • CVE-2017-16520HigNov 11, 2017
    risk 0.49cvss 7.5epss 0.01

    Inedo BuildMaster before 5.8.2 does not properly restrict creation of RequireManageAllPrivileges event listeners.

  • CVE-2017-14944HigSep 30, 2017
    risk 0.49cvss 7.5epss 0.01

    Inedo ProGet before 4.7.14 does not properly address dangerous package IDs during package addition, aka PG-1060.

  • CVE-2025-47244HigMay 3, 2025
    risk 0.48cvss 7.3epss 0.00

    Inedo ProGet through 2024.22 allows remote attackers to reach restricted functionality through the C# reflection layer, as demonstrated by causing a denial of service (when an attacker executes a loop calling RestartWeb) or obtaining potentially sensitive information.…

  • CVE-2017-15608MedSep 26, 2018
    risk 0.42cvss 6.5epss 0.00

    Inedo ProGet before 5.0 Beta5 has CSRF, allowing an attacker to change advanced settings.

  • CVE-2017-16761MedNov 10, 2017
    risk 0.40cvss 6.1epss 0.01

    An Open Redirect vulnerability in Inedo BuildMaster before 5.8.2 allows remote attackers to redirect users to arbitrary web sites.

  • CVE-2017-16760MedNov 10, 2017
    risk 0.40cvss 6.1epss 0.01

    Inedo BuildMaster before 5.8.2 has XSS.

  • CVE-2023-2288May 30, 2023
    risk 0.00cvss epss 0.18

    The Otter WordPress plugin before 2.2.6 does not sanitize some user-controlled file paths before performing file operations on them. This leads to a PHAR deserialization vulnerability on PHP < 8.0 using the phar:// stream wrapper.