Eingegangene Meldungen

Das NCSC, heute BACS, wurde am 29. September 2021 von der unabhängigen US-Organisation MITRE neu als Autorisierungsstelle und damit zur Vergabe von CVE-Nummern anerkannt. In dieser Rolle ist das BACS zuständig für die Erstellung und Veröffentlichung von Informationen über die ihm gemeldeten Schwachstellen und der zugehörigen CVE-Einträge. Das BACS ist damit nicht nur offizielle Anlaufstelle zum Melden von Sicherheitslücken in der Schweiz, sondern führt auch deren CVE-Nummern für den internationalen Austausch.

Gemeldete Schwachstellen / CVE

CVE-2024-8602: XML Eternal Entity Attack in the Software Library taxstatement.jar

Published: 14 October 2024
Severity: Medium 4.4

MITRE: CVE-2024-8602

CVE-2024-6203: HaloITSM - Password Reset Poisoning

Published: 06 August 2024
Severity: High 8.3

MITRE: CVE-2024-6203

CVE-2024-6202: HaloITSM - SAML XML Signature Wrapping (XSW)

Published: 06 August 2024
Severity: Critical 9.8

MITRE: CVE-2024-6202

CVE-2024-6201: HaloITSM - Emailing Template Injection

Published: 06 August 2024
Severity: Medium 5.3

MITRE: CVE-2024-6201

CVE-2024-6200: HaloITSM - Stored Cross-Site Scripting in Tickets

Published: 06 August 2024
Severity: High 8.0

MITRE: CVE-2024-6200

Bludit - Insecure Token Generation

Published: 24 June 2024
Severity: Medium 6.0

MITRE: CVE-2024-24554

Bludit uses SHA1 as Password Hashing Algorithm

Published: 24 June 2024
Severity: Medium 5.9

MITRE: CVE-2024-24553

Bludit is Vulnerable to Session Fixation

Published: 24 June 2024
Severity: Medium 5.6

MITRE: CVE-2024-24552

Bludit - Remote Code Exection (RCE) through Image API

Published: 24 June 2024
Severity: High 8.9

MITRE: CVE-2024-24551

Bludit - Remote Code Exection (RCE) through File API

Published: 24 June 2024
Severity: High 8.9

MITRE: CVE-2024-24550

Improper Access Control Leads to Server-Side Request Forgery in Mautic

Published: 10 April 2024
Severity: MEDIUM 5.0

MITRE: CVE-2024-3448

Improper Access Control Issues Lead to Sensitive Data Exposure in Mautic

Published: 10 April 2024
Severity: MEDIUM 5.4

MITRE: CVE-2024-2731

Predictable Page Indexing Might Lead to Sensitive Data Exposure in Mautic

Published: 10 April 2024
Severity: MEDIUM 5.3

MITRE: CVE-2024-2730

Authenticated Remote Code Execution in Kiloview NDI N series products

Published: 21 March 2024
Severity: High 8.8

MITRE: CVE-2024-2162

Use of Hard-coded Credentials in Kiloview NDI N series products API middleware

Published: 21 March 2024
Severity: Critical 9.1

MITRE: CVE-2024-2161

WAF bypass of the ModSecurity v3 release line

Published: 30 January 2024
Severity: High 8.6

MITRE: CVE-2024-1019

Command Execution trough Serial Interface of u-blox TOBY-L2

Published: 20 December 2023
Severity: High 7.6

MITRE: CVE-2023-0011

Logback "receiver" DOS vulnerability CVE-2023-6378 incomplete fix

Published: 04. December 2023
Severity: 7.1 High

MITRE: CVE-2023-6481

Logback "receiver" DOS vulnerability

Published: 21 November 2023
Severity 7.1 High

MITRE: CVE-2023-6378

Weak Access Control between Domains in Wing FTP Server <= 7.2.0

Published: 12. September 2023
Severity: 4.9 Medium

MITRE: CVE-2023-37881

Exposed Session Variable in Wing FTP Server <= 7.2.0

Published: 12. September 2023
Severity: 6.5 Medium

MITRE: CVE-2023-37879 

Insecure Default Permissions in Wing FTP Server <= 7.2.0

Published: 12. September 2023
Severity: 6.1 Medium

MITRE: CVE-2023-37878

Cross-Site Scripting Vulnerability in Wing FTP Server <= 7.2.0

Published: 12. September 2023
Severity: 3.0 Low

MITRE: CVE-2023-37875

Reflected XSS in BKG Ntrip Professional Caster version <=2.0.44

Published: 28. June 2023
Severity: 4.7 Medium

MITRE: CVE-2023-3034

Yellowbrik PEC-1864 authentication bypass

Published: 06. April 2023
Severity : 9.8 Critical

MITRE: CVE-2023-0750

Unauthenticated RCE affecting the AcyMailing plugin for Joomla

Published: 30. March 2023
Severity : 9.8 Critical

MITRE: CVE-2023-28731

Missing access control affecting the AcyMailing plugin for Joomla

Published: 30. March 2023
Severity : 6.5 Medium

MITRE: CVE-2023-28732

Stored XSS affecting the AcyMailing plugin for Joomla

Published: 30. March 2023
Severity : 7.2 High

MITRE: CVE-2023-28733

Hard coded credentials in elvexys ISOS firmwares

Published: 28. December 2022
Severity : 4.5 Medium

MITRE: CVE-2022-4780

Authentication bypass in elvexys StreamX using StreamView HTML component with public web server feature

Published: 28. December 2022
Severity : 7.5 High

MITRE: CVE-2022-4779

Path traversal in elvexys StreamX using StreamView HTML component with public web server feature

Published: 28. December 2022
Severity : 6.5 Medium

MITRE: CVE-2022-4778

STM32 USB Host Library Buffer Overflow

Published: 21. October 2022
Severity : 6.8 Medium

MITRE: CVE-2021-42553

Response body bypass in OWASP ModSecurity Core Rule Set via repeated HTTP Range header submission with a small byte range

Published: 20. September 2022
Severity : 7.5 HIGH

MITRE: CVE-2022-39958

Response body bypass in OWASP ModSecurity Core Rule Set via a specialy crafted charset in the HTTP Accept header

Published: 20. September 2022
Severity : 7.3 HIGH

MITRE: CVE-2022-39957

Partial rule set bypass in OWASP ModSecurity Core Rule Set for HTTP multipart requests using character encoding in the Content-Type or Content-Transfer-Encoding header

Published: 20. September 2022
Severity : 7.3 HIGH

MITRE: CVE-2022-39956

Partial rule set bypass in OWASP ModSecurity Core Rule Set by submitting a specially crafted HTTP Content-Type header

Published: 20. September 2022
Severity : 7.3 HIGH

MITRE: CVE-2022-39955

Multi Factor Authentication Bypass in various versions of Abacus ERP

Published: 19. April 2022
Severity : 8.1 HIGH

MITRE: CVE-2022-1065

Insecure EBICS messages encryption implementation in ebics-java/ebics-java-client could allow an adjacent attacker to decrypt EBICS payloads

Published: 14. April 2022
Severity : 6.5 MEDIUM

MITRE: CVE-2022-1279

Novel attack against the Combined Charging System (CCS) in electric vehicles to remotely cause a denial of service

Published: 12. April 2022
Severity : 4.6 MEDIUM

MITRE: CVE-2022-0878

Reflected XSS in the search the functionality of AlCoda NetBiblio WebOPAC

Published: 14. January 2022
Severity: 6.1 MEDIUM

MITRE: CVE-2021-42551

Attacker with privileges to edit configuration files is able to execute code through JNDI lookup, logback

Published: 16. December 2021
Severity: 6.6 MEDIUM

MITRE: CVE-2021-42550

Reflected XSS in search the functionality of Wordpress, WP Cloud Plugins Use-Your-Drive

Published: 13. Dezember 2021
Severity: 4.7 MEDIUM

MITRE: CVE-2021-42546

Reflected XSS in search the functionality of Wordpress, WP Cloud Plugins Out-of-the-Box

Published: 13. Dezember 2021
Severity: 4.7 MEDIUM

MITRE: CVE-2021-42547

Reflected XSS in search the functionality of Wordpress, WP Cloud Plugins Share-one-Drive

Published: 13. Dezember 2021
Severity: 4.7 MEDIUM

MITRE: CVE-2021-42548

Reflected XSS in search the functionality of Wordpress, WP Cloud Plugins Lets-Box

Published: 13. Dezember 2021
Severity: 4.7 MEDIUM

MITRE: CVE-2021-42549

Missing HTTPOnly flag on sensitive cookie in TopEase

Published: 30. November 2021
Severity: 8.1 - high

MITRE: CVE-2021-42115

Unauthorized Menu Item Access in TopEase

Published: 30. November 2021
Severity: 4.3 - medium

MITRE: CVE-2021-42116

UI Redressing in TopEase

Published: 30. November 2021
Severity: 3.5 - low

MITRE: CVE-2021-42117

Stored XSS in TopEase

Published: 30. November 2021
Severity: 8.1 - high

MITRE: CVE-2021-42118

Stored XSS in Search Function in TopEase

Published: 30. November 2021
Severity: 7.3 - high

MITRE: CVE-2021-42119

Missing Character Length (Denial of Service) in TopEase

Published: 30. November 2021
Severity: 6.5 - medium

MITRE: CVE-2021-42120

Denial of Service via Invalid Date Format in TopEase

Published: 30. November 2021
Severity: 4.3 - medium

MITRE: CVE-2021-42121

Denial of Service via Invalid Object Attribute in TopEase

Published: 30. November 2021
Severity: 4.3 - medium

MITRE: CVE-2021-42122

Missing Upload Filter in TopEase

Published: 30. November 2021
Severity: 7.3 - high

MITRE: CVE-2021-42123

Lack of Rate limiting in Authentication in TopEase

Published: 30. November 2021
Severity: 7.5 - high

MITRE: CVE-2021-42144

Insufficient Session Expiration in TopEase

Published: 30. November 2021
Severity: 8.1 - high

MITRE: CVE-2021-42145

Blacksmith, Scalable Rowhammering In the Frequency Domain to Bypass TRR Mitigations On Modern DDR4/LPDDR4X Devices

Published: 15. November 2021
Severity: 9.0 - critical

MITRE: CVE-2021-42114

Letzte Änderung 14.10.2024

Zum Seitenanfang

https://www.ncsc.admin.ch/content/ncsc/de/home/infos-fuer/infos-it-spezialisten/themen/schwachstelle-melden/advisories.html