Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Misp Subscribe
Filtered by product Misp

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 9 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-29528 1 Misp 1 Misp 2023-12-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur.
CVE-2023-50918 1 Misp 1 Misp 2023-12-19 N/A 9.8 CRITICAL
app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs.
CVE-2021-41326 1 Misp 1 Misp 2021-09-28 7.5 HIGH 9.8 CRITICAL
In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shell_exec call.
CVE-2021-39302 1 Misp 1 Misp 2021-08-23 6.8 MEDIUM 9.8 CRITICAL
MISP 2.4.148, in certain configurations, allows SQL injection via the app/Model/Log.php $conditions['org'] value.
CVE-2020-15411 1 Misp 1 Misp 2021-07-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in MISP 2.4.128. app/Controller/AttributesController.php has insufficient ACL checks in the attachment downloader.
CVE-2021-35502 1 Misp 1 Misp 2021-07-01 7.5 HIGH 9.8 CRITICAL
app/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp in MISP 2.4.144 does not sanitize certain data related to generic-template:index.
CVE-2021-25323 1 Misp 1 Misp 2021-01-22 6.4 MEDIUM 9.1 CRITICAL
The default setting of MISP 2.4.136 did not enable the requirements (aka require_password_confirmation) to provide the previous password when changing a password.
CVE-2020-29006 1 Misp 1 Misp 2020-12-03 7.5 HIGH 9.8 CRITICAL
MISP before 2.4.135 lacks an ACL check, related to app/Controller/GalaxyElementsController.php and app/Model/GalaxyElement.php.
CVE-2018-12649 1 Misp 1 Misp 2019-10-03 5.0 MEDIUM 9.8 CRITICAL
An issue was discovered in app/Controller/UsersController.php in MISP 2.4.92. An adversary can bypass the brute-force protection by using a PUT HTTP method instead of a POST HTTP method in the login part, because this protection was only covering POST requests.