Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
misp vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-48328
app/Controller/Component/IndexFilterComponent.php in MISP prior to 2.4.167 mishandles ordered_url_params and additional_delimiters.
Misp Misp
NA
CVE-2022-48329
MISP prior to 2.4.166 unsafely allows users to use the order parameter, related to app/Model/Attribute.php, app/Model/GalaxyCluster.php, app/Model/Workflow.php, and app/Plugin/Assets/models/behaviors/LogableBehavior.php.
Misp Misp
4.3
CVSSv2
CVE-2019-10254
In MISP prior to 2.4.105, the app/View/Layouts/default.ctp default layout template has a Reflected XSS vulnerability.
Misp Misp
7.5
CVSSv2
CVE-2021-41326
In MISP prior to 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shell_exec call.
Misp Misp
1 Github repository
7.5
CVSSv2
CVE-2020-29006
MISP prior to 2.4.135 lacks an ACL check, related to app/Controller/GalaxyElementsController.php and app/Model/GalaxyElement.php.
Misp Misp
3.5
CVSSv2
CVE-2022-29532
An issue exists in MISP prior to 2.4.158. There is XSS in the cerebrate view if one administrator puts a javascript: URL in the URL field, and another administrator clicks on it.
Misp Misp
4
CVSSv2
CVE-2019-16202
MISP prior to 2.4.115 allows privilege escalation in certain situations. After updating to 2.4.115, escalation attempts are blocked by the __checkLoggedActions function with a "This could be an indication of an attempted privilege escalation on older vulnerable versions of M...
Misp Misp
5
CVSSv2
CVE-2020-28043
MISP up to and including 2.4.133 allows SSRF in the REST client via the use_full_path parameter with an arbitrary URL.
Misp Misp
4.3
CVSSv2
CVE-2017-13671
app/View/Helper/CommandHelper.php in MISP prior to 2.4.79 has persistent XSS via comments. It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation.
Misp Misp
4.3
CVSSv2
CVE-2020-8890
An issue exists in MISP prior to 2.4.121. It mishandled time skew (between the machine hosting the web server and the machine hosting the database) when trying to block a brute-force series of invalid requests.
Misp Misp
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »