Vendor
Inedo
Products
3
CVEs
6
Across products
6
Status
Private
Products
3- 4 CVEs
- 1 CVE
- 1 CVE
Recent CVEs
6| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-17086 | Cri | 0.64 | 9.8 | 0.01 | Dec 1, 2017 | Indeo Otter through 1.7.4 mishandles a "</script>" substring in an initial DP payload, which allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact, as demonstrated by the Plan Editor. | |
| CVE-2017-16521 | Cri | 0.64 | 9.8 | 0.01 | Nov 10, 2017 | In Inedo BuildMaster before 5.8.2, XslTransform was used where XslCompiledTransform should have been used. | |
| CVE-2017-16520 | Hig | 0.49 | 7.5 | 0.00 | Nov 11, 2017 | Inedo BuildMaster before 5.8.2 does not properly restrict creation of RequireManageAllPrivileges event listeners. | |
| CVE-2017-14944 | Hig | 0.49 | 7.5 | 0.00 | Sep 30, 2017 | Inedo ProGet before 4.7.14 does not properly address dangerous package IDs during package addition, aka PG-1060. | |
| CVE-2017-16761 | Med | 0.40 | 6.1 | 0.00 | Nov 10, 2017 | An Open Redirect vulnerability in Inedo BuildMaster before 5.8.2 allows remote attackers to redirect users to arbitrary web sites. | |
| CVE-2017-16760 | Med | 0.40 | 6.1 | 0.00 | Nov 10, 2017 | Inedo BuildMaster before 5.8.2 has XSS. |