Inedo
Products
3- 4 CVEs
- 3 CVEs
- 3 CVEs
Recent CVEs
10| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-17086 | Cri | 0.64 | 9.8 | 0.01 | Dec 1, 2017 | Indeo Otter through 1.7.4 mishandles a "" substring in an initial DP payload, which allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact, as demonstrated by the Plan Editor. | ||
| CVE-2017-15607 | Cri | 0.64 | 9.8 | 0.02 | Dec 1, 2017 | Inedo Otter before 1.7.4 has directory traversal in filesystem-based rafts via vectors involving '/' characters or initial '.' characters, aka OT-181. | ||
| CVE-2017-16521 | Cri | 0.64 | 9.8 | 0.02 | Nov 10, 2017 | In Inedo BuildMaster before 5.8.2, XslTransform was used where XslCompiledTransform should have been used. | ||
| CVE-2017-16520 | Hig | 0.49 | 7.5 | 0.01 | Nov 11, 2017 | Inedo BuildMaster before 5.8.2 does not properly restrict creation of RequireManageAllPrivileges event listeners. | ||
| CVE-2017-14944 | Hig | 0.49 | 7.5 | 0.01 | Sep 30, 2017 | Inedo ProGet before 4.7.14 does not properly address dangerous package IDs during package addition, aka PG-1060. | ||
| CVE-2025-47244 | Hig | 0.48 | 7.3 | 0.00 | May 3, 2025 | Inedo ProGet through 2024.22 allows remote attackers to reach restricted functionality through the C# reflection layer, as demonstrated by causing a denial of service (when an attacker executes a loop calling RestartWeb) or obtaining potentially sensitive information.… | ||
| CVE-2017-15608 | Med | 0.42 | 6.5 | 0.00 | Sep 26, 2018 | Inedo ProGet before 5.0 Beta5 has CSRF, allowing an attacker to change advanced settings. | ||
| CVE-2017-16761 | Med | 0.40 | 6.1 | 0.01 | Nov 10, 2017 | An Open Redirect vulnerability in Inedo BuildMaster before 5.8.2 allows remote attackers to redirect users to arbitrary web sites. | ||
| CVE-2017-16760 | Med | 0.40 | 6.1 | 0.01 | Nov 10, 2017 | Inedo BuildMaster before 5.8.2 has XSS. | ||
| CVE-2023-2288 | 0.00 | — | 0.18 | May 30, 2023 | The Otter WordPress plugin before 2.2.6 does not sanitize some user-controlled file paths before performing file operations on them. This leads to a PHAR deserialization vulnerability on PHP < 8.0 using the phar:// stream wrapper. |
- risk 0.64cvss 9.8epss 0.01
Indeo Otter through 1.7.4 mishandles a "" substring in an initial DP payload, which allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact, as demonstrated by the Plan Editor.
- risk 0.64cvss 9.8epss 0.02
Inedo Otter before 1.7.4 has directory traversal in filesystem-based rafts via vectors involving '/' characters or initial '.' characters, aka OT-181.
- risk 0.64cvss 9.8epss 0.02
In Inedo BuildMaster before 5.8.2, XslTransform was used where XslCompiledTransform should have been used.
- risk 0.49cvss 7.5epss 0.01
Inedo BuildMaster before 5.8.2 does not properly restrict creation of RequireManageAllPrivileges event listeners.
- risk 0.49cvss 7.5epss 0.01
Inedo ProGet before 4.7.14 does not properly address dangerous package IDs during package addition, aka PG-1060.
- risk 0.48cvss 7.3epss 0.00
Inedo ProGet through 2024.22 allows remote attackers to reach restricted functionality through the C# reflection layer, as demonstrated by causing a denial of service (when an attacker executes a loop calling RestartWeb) or obtaining potentially sensitive information.…
- risk 0.42cvss 6.5epss 0.00
Inedo ProGet before 5.0 Beta5 has CSRF, allowing an attacker to change advanced settings.
- risk 0.40cvss 6.1epss 0.01
An Open Redirect vulnerability in Inedo BuildMaster before 5.8.2 allows remote attackers to redirect users to arbitrary web sites.
- risk 0.40cvss 6.1epss 0.01
Inedo BuildMaster before 5.8.2 has XSS.
- CVE-2023-2288May 30, 2023risk 0.00cvss —epss 0.18
The Otter WordPress plugin before 2.2.6 does not sanitize some user-controlled file paths before performing file operations on them. This leads to a PHAR deserialization vulnerability on PHP < 8.0 using the phar:// stream wrapper.