Filtered by vendor Inedo
Subscribe
Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15608 | 1 Inedo | 1 Proget | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inedo ProGet before 5.0 Beta5 has CSRF, allowing an attacker to change advanced settings. | |||||
| CVE-2017-14944 | 1 Inedo | 1 Proget | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Inedo ProGet before 4.7.14 does not properly address dangerous package IDs during package addition, aka PG-1060. | |||||
| CVE-2017-16520 | 1 Inedo | 1 Buildmaster | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Inedo BuildMaster before 5.8.2 does not properly restrict creation of RequireManageAllPrivileges event listeners. | |||||
| CVE-2017-15607 | 1 Inedo | 1 Otter | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Inedo Otter before 1.7.4 has directory traversal in filesystem-based rafts via vectors involving '/' characters or initial '.' characters, aka OT-181. | |||||
| CVE-2017-16521 | 1 Inedo | 1 Buildmaster | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| In Inedo BuildMaster before 5.8.2, XslTransform was used where XslCompiledTransform should have been used. | |||||
| CVE-2017-16760 | 1 Inedo | 1 Buildmaster | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Inedo BuildMaster before 5.8.2 has XSS. | |||||
| CVE-2017-17086 | 1 Inedo | 1 Otter | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Indeo Otter through 1.7.4 mishandles a "</script>" substring in an initial DP payload, which allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact, as demonstrated by the Plan Editor. | |||||
| CVE-2017-16761 | 1 Inedo | 1 Buildmaster | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| An Open Redirect vulnerability in Inedo BuildMaster before 5.8.2 allows remote attackers to redirect users to arbitrary web sites. | |||||