The NCSC was recently recognised by the competent independent US organisation, MITRE as a CVE Numbering Authority on 29 September 2021. In this role, the NCSC is responsible for preparing and publishing information about the vulnerabilities reported to it and the associated CVE records. This means that the NCSC is not only the official contact point for reporting security vulnerabilities in Switzerland, but also maintains their CVE IDs for international exchange.
Vulnerabilities / CVE
Multi Factor Authentication Bypass in various versions of Abacus ERP
Published: 19. April 2022
Severity : 8.1 HIGH
Insecure EBICS messages encryption implementation in ebics-java/ebics-java-client could allow an adjacent attacker to decrypt EBICS payloads
Published: 14. April 2022
Severity : 6.5 MEDIUM
Novel attack against the Combined Charging System (CCS) in electric vehicles to remotely cause a denial of service
Published: 12. April 2022
Severity : 4.6 MEDIUM
Reflected XSS in Archivista DMS
Published: 15. March 2022
Severity: 6.1 MEDIUM
Reflected XSS in the search the functionality of AlCoda NetBiblio WebOPAC
Published: 14. January 2022
Severity: 6.1 MEDIUM
MITRE: CVE-2021-42551
Attacker with privileges to edit configuration files is able to execute code through JNDI lookup, logback
Published: 16. December 2021
Severity: 6.6 MEDIUM
Reflected XSS in search the functionality of Wordpress, WP Cloud Plugins Use-Your-Drive
Published: 13. Dezember 2021
Severity: 4.7 MEDIUM
Reflected XSS in search the functionality of Wordpress, WP Cloud Plugins Out-of-the-Box
Published: 13. Dezember 2021
Severity: 4.7 MEDIUM
Reflected XSS in search the functionality of Wordpress, WP Cloud Plugins Share-one-Drive
Published: 13. Dezember 2021
Severity: 4.7 MEDIUM
Reflected XSS in search the functionality of Wordpress, WP Cloud Plugins Lets-Box
Published: 13. Dezember 2021
Severity: 4.7 MEDIUM
Missing HTTPOnly flag on sensitive cookie in TopEase
Published: 30. November 2021
Severity: 8.1 - high
MITRE: CVE-2021-42115
Unauthorized Menu Item Access in TopEase
Published: 30. November 2021
Severity: 4.3 - medium
MITRE: CVE-2021-42116
UI Redressing in TopEase
Published: 30. November 2021
Severity: 3.5 - low
MITRE: CVE-2021-42117
Stored XSS in TopEase
Published: 30. November 2021
Severity: 8.1 - high
MITRE: CVE-2021-42118
Stored XSS in Search Function in TopEase
Published: 30. November 2021
Severity: 7.3 - high
MITRE: CVE-2021-42119
Missing Character Length (Denial of Service) in TopEase
Published: 30. November 2021
Severity: 6.5 - medium
MITRE: CVE-2021-42120
Denial of Service via Invalid Date Format in TopEase
Published: 30. November 2021
Severity: 4.3 - medium
MITRE: CVE-2021-42121
Denial of Service via Invalid Object Attribute in TopEase
Published: 30. November 2021
Severity: 4.3 - medium
MITRE: CVE-2021-42122
Missing Upload Filter in TopEase
Published: 30. November 2021
Severity: 7.3 - high
MITRE: CVE-2021-42123
Lack of Rate limiting in Authentication in TopEase
Published: 30. November 2021
Severity: 7.5 - high
MITRE: CVE-2021-42144
Insufficient Session Expiration in TopEase
Published: 30. November 2021
Severity: 8.1 - high
MITRE: CVE-2021-42145
Blacksmith, Scalable Rowhammering In the Frequency Domain to Bypass TRR Mitigations On Modern DDR4/LPDDR4X Devices
Published: 15. November 2021
Severity: 9.0 - critical
Last modification 19.04.2022