Vulnerabilities > Inedo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-26 | CVE-2017-15608 | Cross-Site Request Forgery (CSRF) vulnerability in Inedo Proget Inedo ProGet before 5.0 Beta5 has CSRF, allowing an attacker to change advanced settings. | 6.5 |
| 2017-12-01 | CVE-2017-17086 | Improper Input Validation vulnerability in Inedo Otter Indeo Otter through 1.7.4 mishandles a "</script>" substring in an initial DP payload, which allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact, as demonstrated by the Plan Editor. | 9.8 |
| 2017-12-01 | CVE-2017-15607 | Path Traversal vulnerability in Inedo Otter Inedo Otter before 1.7.4 has directory traversal in filesystem-based rafts via vectors involving '/' characters or initial '.' characters, aka OT-181. | 9.8 |
| 2017-11-11 | CVE-2017-16520 | Improper Privilege Management vulnerability in Inedo Buildmaster Inedo BuildMaster before 5.8.2 does not properly restrict creation of RequireManageAllPrivileges event listeners. | 7.5 |
| 2017-11-10 | CVE-2017-16761 | Open Redirect vulnerability in Inedo Buildmaster An Open Redirect vulnerability in Inedo BuildMaster before 5.8.2 allows remote attackers to redirect users to arbitrary web sites. | 6.1 |
| 2017-11-10 | CVE-2017-16760 | Cross-site Scripting vulnerability in Inedo Buildmaster Inedo BuildMaster before 5.8.2 has XSS. | 6.1 |
| 2017-11-10 | CVE-2017-16521 | Unspecified vulnerability in Inedo Buildmaster In Inedo BuildMaster before 5.8.2, XslTransform was used where XslCompiledTransform should have been used. | 9.8 |
| 2017-09-30 | CVE-2017-14944 | Improper Input Validation vulnerability in Inedo Proget Inedo ProGet before 4.7.14 does not properly address dangerous package IDs during package addition, aka PG-1060. | 7.5 |