Vulnerabilities > Misp
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-02-12 | CVE-2020-8892 | Unspecified vulnerability in Misp An issue was discovered in MISP before 2.4.121. network misp | 6.8 |
2020-02-12 | CVE-2020-8891 | Unspecified vulnerability in Misp An issue was discovered in MISP before 2.4.121. network misp | 4.3 |
2020-02-12 | CVE-2020-8890 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Misp An issue was discovered in MISP before 2.4.121. | 4.3 |
2019-11-28 | CVE-2019-19379 | Unspecified vulnerability in Misp 2.4.118 In app/Controller/TagsController.php in MISP 2.4.118, users can bypass intended restrictions on tagging data. | 5.0 |
2019-09-10 | CVE-2019-16202 | Improper Privilege Management vulnerability in Misp MISP before 2.4.115 allows privilege escalation in certain situations. | 4.0 |
2019-07-27 | CVE-2019-14286 | Cross-site Scripting vulnerability in Misp 2.4.111 In app/webroot/js/event-graph.js in MISP 2.4.111, a stored XSS vulnerability exists in the event-graph view when a user toggles the event graph view. | 4.3 |
2019-06-18 | CVE-2019-12868 | Deserialization of Untrusted Data vulnerability in Misp 2.4.109 app/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator because the PHP file_exists function is used with user-controlled entries, and phar:// URLs trigger deserialization. | 7.2 |
2019-06-11 | CVE-2019-12794 | Improper Privilege Management vulnerability in Misp 2.4.108 An issue was discovered in MISP 2.4.108. | 6.0 |
2019-05-08 | CVE-2019-11814 | Cross-site Scripting vulnerability in Misp An issue was discovered in app/webroot/js/misp.js in MISP before 2.4.107. | 4.3 |
2019-05-08 | CVE-2019-11813 | Cross-site Scripting vulnerability in Misp An issue was discovered in app/View/Elements/Events/View/value_field.ctp in MISP before 2.4.107. | 4.3 |