The NCSC was recently recognised by the competent independent US organisation, MITRE as a CVE Numbering Authority on 29 September 2021. In this role, the NCSC is responsible for preparing and publishing information about the vulnerabilities reported to it and the associated CVE records. This means that the NCSC is not only the official contact point for reporting security vulnerabilities in Switzerland, but also maintains their CVE IDs for international exchange.
Vulnerabilities / CVE
Weak Access Control between Domains in Wing FTP Server <= 7.2.0
Published: 12. September 2023
Severity: 4.9 Medium
Exposed Session Variable in Wing FTP Server <= 7.2.0
Published: 12. September 2023
Severity: 6.5 Medium
Insecure Default Permissions in Wing FTP Server <= 7.2.0
Published: 12. September 2023
Severity: 6.1 Medium
Cross-Site Scripting Vulnerability in Wing FTP Server <= 7.2.0
Published: 12. September 2023
Severity: 3.0 Low
Reflected XSS in BKG Ntrip Professional Caster version <=2.0.44
Published: 28. June 2023
Severity: 4.7 Medium
Yellowbrik PEC-1864 authentication bypass
Published: 06. April 2023
Severity : 9.8 Critical
Unauthenticated RCE affecting the AcyMailing plugin for Joomla
Published: 30. March 2023
Severity : 9.8 Critical
Missing access control affecting the AcyMailing plugin for Joomla
Published: 30. March 2023
Severity : 6.5 Medium
Stored XSS affecting the AcyMailing plugin for Joomla
Published: 30. March 2023
Severity : 7.2 High
Hard coded credentials in elvexys ISOS firmwares
Published: 28. December 2022
Severity : 4.5 Medium
Authentication bypass in elvexys StreamX using StreamView HTML component with public web server feature
Published: 28. December 2022
Severity : 7.5 High
Path traversal in elvexys StreamX using StreamView HTML component with public web server feature
Published: 28. December 2022
Severity : 6.5 Medium
STM32 USB Host Library Buffer Overflow
Published: 21. October 2022
Severity : 6.8 Medium
Response body bypass in OWASP ModSecurity Core Rule Set via repeated HTTP Range header submission with a small byte range
Published: 20. September 2022
Severity : 7.5 HIGH
Response body bypass in OWASP ModSecurity Core Rule Set via a specialy crafted charset in the HTTP Accept header
Published: 20. September 2022
Severity : 7.3 HIGH
Partial rule set bypass in OWASP ModSecurity Core Rule Set for HTTP multipart requests using character encoding in the Content-Type or Content-Transfer-Encoding header
Published: 20. September 2022
Severity : 7.3 HIGH
Partial rule set bypass in OWASP ModSecurity Core Rule Set by submitting a specially crafted HTTP Content-Type header
Published: 20. September 2022
Severity : 7.3 HIGH
Retbleed, Arbitrary Memory Disclosure through CPU Side-Channel Attacks
Published: 12. July 2022
Severity : 5.6 MEDIUM
Multi Factor Authentication Bypass in various versions of Abacus ERP
Published: 19. April 2022
Severity : 8.1 HIGH
Insecure EBICS messages encryption implementation in ebics-java/ebics-java-client could allow an adjacent attacker to decrypt EBICS payloads
Published: 14. April 2022
Severity : 6.5 MEDIUM
Novel attack against the Combined Charging System (CCS) in electric vehicles to remotely cause a denial of service
Published: 12. April 2022
Severity : 4.6 MEDIUM
Reflected XSS in Archivista DMS
Published: 15. March 2022
Severity: 6.1 MEDIUM
Reflected XSS in the search the functionality of AlCoda NetBiblio WebOPAC
Published: 14. January 2022
Severity: 6.1 MEDIUM
MITRE: CVE-2021-42551
Attacker with privileges to edit configuration files is able to execute code through JNDI lookup, logback
Published: 16. December 2021
Severity: 6.6 MEDIUM
Reflected XSS in search the functionality of Wordpress, WP Cloud Plugins Use-Your-Drive
Published: 13. Dezember 2021
Severity: 4.7 MEDIUM
Reflected XSS in search the functionality of Wordpress, WP Cloud Plugins Out-of-the-Box
Published: 13. Dezember 2021
Severity: 4.7 MEDIUM
Reflected XSS in search the functionality of Wordpress, WP Cloud Plugins Share-one-Drive
Published: 13. Dezember 2021
Severity: 4.7 MEDIUM
Reflected XSS in search the functionality of Wordpress, WP Cloud Plugins Lets-Box
Published: 13. Dezember 2021
Severity: 4.7 MEDIUM
Missing HTTPOnly flag on sensitive cookie in TopEase
Published: 30. November 2021
Severity: 8.1 - high
MITRE: CVE-2021-42115
Unauthorized Menu Item Access in TopEase
Published: 30. November 2021
Severity: 4.3 - medium
MITRE: CVE-2021-42116
UI Redressing in TopEase
Published: 30. November 2021
Severity: 3.5 - low
MITRE: CVE-2021-42117
Stored XSS in TopEase
Published: 30. November 2021
Severity: 8.1 - high
MITRE: CVE-2021-42118
Stored XSS in Search Function in TopEase
Published: 30. November 2021
Severity: 7.3 - high
MITRE: CVE-2021-42119
Missing Character Length (Denial of Service) in TopEase
Published: 30. November 2021
Severity: 6.5 - medium
MITRE: CVE-2021-42120
Denial of Service via Invalid Date Format in TopEase
Published: 30. November 2021
Severity: 4.3 - medium
MITRE: CVE-2021-42121
Denial of Service via Invalid Object Attribute in TopEase
Published: 30. November 2021
Severity: 4.3 - medium
MITRE: CVE-2021-42122
Missing Upload Filter in TopEase
Published: 30. November 2021
Severity: 7.3 - high
MITRE: CVE-2021-42123
Lack of Rate limiting in Authentication in TopEase
Published: 30. November 2021
Severity: 7.5 - high
MITRE: CVE-2021-42144
Insufficient Session Expiration in TopEase
Published: 30. November 2021
Severity: 8.1 - high
MITRE: CVE-2021-42145
Blacksmith, Scalable Rowhammering In the Frequency Domain to Bypass TRR Mitigations On Modern DDR4/LPDDR4X Devices
Published: 15. November 2021
Severity: 9.0 - critical
Last modification 12.09.2023
