Vulnerabilities > Misp

DATE CVE VULNERABILITY TITLE RISK
2020-02-12 CVE-2020-8892 Unspecified vulnerability in Misp
An issue was discovered in MISP before 2.4.121.
network
misp
6.8
2020-02-12 CVE-2020-8891 Unspecified vulnerability in Misp
An issue was discovered in MISP before 2.4.121.
network
misp
4.3
2020-02-12 CVE-2020-8890 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Misp
An issue was discovered in MISP before 2.4.121.
network
misp CWE-367
4.3
2019-11-28 CVE-2019-19379 Unspecified vulnerability in Misp 2.4.118
In app/Controller/TagsController.php in MISP 2.4.118, users can bypass intended restrictions on tagging data.
network
low complexity
misp
5.0
2019-09-10 CVE-2019-16202 Improper Privilege Management vulnerability in Misp
MISP before 2.4.115 allows privilege escalation in certain situations.
network
low complexity
misp CWE-269
4.0
2019-07-27 CVE-2019-14286 Cross-site Scripting vulnerability in Misp 2.4.111
In app/webroot/js/event-graph.js in MISP 2.4.111, a stored XSS vulnerability exists in the event-graph view when a user toggles the event graph view.
network
misp CWE-79
4.3
2019-06-18 CVE-2019-12868 Deserialization of Untrusted Data vulnerability in Misp 2.4.109
app/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator because the PHP file_exists function is used with user-controlled entries, and phar:// URLs trigger deserialization.
network
low complexity
misp CWE-502
7.2
2019-06-11 CVE-2019-12794 Improper Privilege Management vulnerability in Misp 2.4.108
An issue was discovered in MISP 2.4.108.
network
misp CWE-269
6.0
2019-05-08 CVE-2019-11814 Cross-site Scripting vulnerability in Misp
An issue was discovered in app/webroot/js/misp.js in MISP before 2.4.107.
network
misp CWE-79
4.3
2019-05-08 CVE-2019-11813 Cross-site Scripting vulnerability in Misp
An issue was discovered in app/View/Elements/Events/View/value_field.ctp in MISP before 2.4.107.
network
misp CWE-79
4.3