Vulnerabilities (CVE)

Filtered by vendor Inedo Subscribe
Filtered by product Otter
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-17086 1 Inedo 1 Otter 2024-11-21 7.5 HIGH 9.8 CRITICAL
Indeo Otter through 1.7.4 mishandles a "</script>" substring in an initial DP payload, which allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact, as demonstrated by the Plan Editor.
CVE-2017-15607 1 Inedo 1 Otter 2024-11-21 7.5 HIGH 9.8 CRITICAL
Inedo Otter before 1.7.4 has directory traversal in filesystem-based rafts via vectors involving '/' characters or initial '.' characters, aka OT-181.