Das NCSC wurde am 29. September 2021 von der unabhängigen US-Organisation MITRE neu als Autorisierungsstelle und damit zur Vergabe von CVE-Nummern anerkannt. In dieser Rolle ist das NCSC zuständig für die Erstellung und Veröffentlichung von Informationen über die ihm gemeldeten Schwachstellen und der zugehörigen CVE-Einträge. Das NCSC ist damit nicht nur offizielle Anlaufstelle zum Melden von Sicherheitslücken in der Schweiz, sondern führt auch deren CVE-Nummern für den internationalen Austausch.
Gemeldete Schwachstellen / CVE
Weak Access Control between Domains in Wing FTP Server <= 7.2.0
Published: 12. September 2023
Severity: 4.9 Medium
Exposed Session Variable in Wing FTP Server <= 7.2.0
Published: 12. September 2023
Severity: 6.5 Medium
Insecure Default Permissions in Wing FTP Server <= 7.2.0
Published: 12. September 2023
Severity: 6.1 Medium
Cross-Site Scripting Vulnerability in Wing FTP Server <= 7.2.0
Published: 12. September 2023
Severity: 3.0 Low
Reflected XSS in BKG Ntrip Professional Caster version <=2.0.44
Published: 28. June 2023
Severity: 4.7 Medium
Yellowbrik PEC-1864 authentication bypass
Published: 06. April 2023
Severity : 9.8 Critical
Unauthenticated RCE affecting the AcyMailing plugin for Joomla
Published: 30. March 2023
Severity : 9.8 Critical
Missing access control affecting the AcyMailing plugin for Joomla
Published: 30. March 2023
Severity : 6.5 Medium
Stored XSS affecting the AcyMailing plugin for Joomla
Published: 30. March 2023
Severity : 7.2 High
Hard coded credentials in elvexys ISOS firmwares
Published: 28. December 2022
Severity : 4.5 Medium
Authentication bypass in elvexys StreamX using StreamView HTML component with public web server feature
Published: 28. December 2022
Severity : 7.5 High
Path traversal in elvexys StreamX using StreamView HTML component with public web server feature
Published: 28. December 2022
Severity : 6.5 Medium
STM32 USB Host Library Buffer Overflow
Published: 21. October 2022
Severity : 6.8 Medium
Response body bypass in OWASP ModSecurity Core Rule Set via repeated HTTP Range header submission with a small byte range
Published: 20. September 2022
Severity : 7.5 HIGH
Response body bypass in OWASP ModSecurity Core Rule Set via a specialy crafted charset in the HTTP Accept header
Published: 20. September 2022
Severity : 7.3 HIGH
Partial rule set bypass in OWASP ModSecurity Core Rule Set for HTTP multipart requests using character encoding in the Content-Type or Content-Transfer-Encoding header
Published: 20. September 2022
Severity : 7.3 HIGH
Partial rule set bypass in OWASP ModSecurity Core Rule Set by submitting a specially crafted HTTP Content-Type header
Published: 20. September 2022
Severity : 7.3 HIGH
Retbleed, Arbitrary Memory Disclosure through CPU Side-Channel Attacks
Published: 12. July 2022
Severity : 5.6 MEDIUM
Multi Factor Authentication Bypass in various versions of Abacus ERP
Published: 19. April 2022
Severity : 8.1 HIGH
Insecure EBICS messages encryption implementation in ebics-java/ebics-java-client could allow an adjacent attacker to decrypt EBICS payloads
Published: 14. April 2022
Severity : 6.5 MEDIUM
Novel attack against the Combined Charging System (CCS) in electric vehicles to remotely cause a denial of service
Published: 12. April 2022
Severity : 4.6 MEDIUM
Reflected XSS in Archivista DMS
Published: 15. March 2022
Severity: 6.1 MEDIUM
Reflected XSS in the search the functionality of AlCoda NetBiblio WebOPAC
Published: 14. January 2022
Severity: 6.1 MEDIUM
MITRE: CVE-2021-42551
Attacker with privileges to edit configuration files is able to execute code through JNDI lookup, logback
Published: 16. December 2021
Severity: 6.6 MEDIUM
Reflected XSS in search the functionality of Wordpress, WP Cloud Plugins Use-Your-Drive
Published: 13. Dezember 2021
Severity: 4.7 MEDIUM
Reflected XSS in search the functionality of Wordpress, WP Cloud Plugins Out-of-the-Box
Published: 13. Dezember 2021
Severity: 4.7 MEDIUM
Reflected XSS in search the functionality of Wordpress, WP Cloud Plugins Share-one-Drive
Published: 13. Dezember 2021
Severity: 4.7 MEDIUM
Reflected XSS in search the functionality of Wordpress, WP Cloud Plugins Lets-Box
Published: 13. Dezember 2021
Severity: 4.7 MEDIUM
Missing HTTPOnly flag on sensitive cookie in TopEase
Published: 30. November 2021
Severity: 8.1 - high
MITRE: CVE-2021-42115
Unauthorized Menu Item Access in TopEase
Published: 30. November 2021
Severity: 4.3 - medium
MITRE: CVE-2021-42116
UI Redressing in TopEase
Published: 30. November 2021
Severity: 3.5 - low
MITRE: CVE-2021-42117
Stored XSS in TopEase
Published: 30. November 2021
Severity: 8.1 - high
MITRE: CVE-2021-42118
Stored XSS in Search Function in TopEase
Published: 30. November 2021
Severity: 7.3 - high
MITRE: CVE-2021-42119
Missing Character Length (Denial of Service) in TopEase
Published: 30. November 2021
Severity: 6.5 - medium
MITRE: CVE-2021-42120
Denial of Service via Invalid Date Format in TopEase
Published: 30. November 2021
Severity: 4.3 - medium
MITRE: CVE-2021-42121
Denial of Service via Invalid Object Attribute in TopEase
Published: 30. November 2021
Severity: 4.3 - medium
MITRE: CVE-2021-42122
Missing Upload Filter in TopEase
Published: 30. November 2021
Severity: 7.3 - high
MITRE: CVE-2021-42123
Lack of Rate limiting in Authentication in TopEase
Published: 30. November 2021
Severity: 7.5 - high
MITRE: CVE-2021-42144
Insufficient Session Expiration in TopEase
Published: 30. November 2021
Severity: 8.1 - high
MITRE: CVE-2021-42145
Blacksmith, Scalable Rowhammering In the Frequency Domain to Bypass TRR Mitigations On Modern DDR4/LPDDR4X Devices
Published: 15. November 2021
Severity: 9.0 - critical
Letzte Änderung 12.09.2023
