Annonces reçues

Nouvellement reconnu par l'organisation américaine compétente MITRE, le NCSC est habilité depuis le 29 septembre 2021 à attribuer des numéros CVE. Dans ce rôle, le NCSC est chargé de préparer et de publier les informations nécessaires sur les vulnérabilités qui lui sont signalées et les enregistrements CVE correspondants. Le NCSC est non seulement le service officiel auquel signaler les failles de sécurité en Suisse, mais il gère également les numéros CVE de ces dernières en vue des échanges internationaux.

Logback "receiver" DOS vulnerability

Published: 21 November 2023
Severity 7.1 High

MITRE: CVE-2023-6378

Weak Access Control between Domains in Wing FTP Server <= 7.2.0

Published: 12. September 2023
Severity: 4.9 Medium

MITRE: CVE-2023-37881

Exposed Session Variable in Wing FTP Server <= 7.2.0

Published: 12. September 2023
Severity: 6.5 Medium

MITRE: CVE-2023-37879 

Insecure Default Permissions in Wing FTP Server <= 7.2.0

Published: 12. September 2023
Severity: 6.1 Medium

MITRE: CVE-2023-37878

Cross-Site Scripting Vulnerability in Wing FTP Server <= 7.2.0

Published: 12. September 2023
Severity: 3.0 Low

MITRE: CVE-2023-37875

Reflected XSS in BKG Ntrip Professional Caster version <=2.0.44

Published: 28. June 2023
Severity: 4.7 Medium

MITRE: CVE-2023-3034

Yellowbrik PEC-1864 authentication bypass

Published: 06. April 2023
Severity : 9.8 Critical

MITRE: CVE-2023-0750

Unauthenticated RCE affecting the AcyMailing plugin for Joomla

Published: 30. March 2023
Severity : 9.8 Critical

MITRE: CVE-2023-28731

Missing access control affecting the AcyMailing plugin for Joomla

Published: 30. March 2023
Severity : 6.5 Medium

MITRE: CVE-2023-28732

Stored XSS affecting the AcyMailing plugin for Joomla

Published: 30. March 2023
Severity : 7.2 High

MITRE: CVE-2023-28733

Hard coded credentials in elvexys ISOS firmwares

Published: 28. December 2022
Severity : 4.5 Medium

MITRE: CVE-2022-4780

Authentication bypass in elvexys StreamX using StreamView HTML component with public web server feature

Published: 28. December 2022
Severity : 7.5 High

MITRE: CVE-2022-4779

Path traversal in elvexys StreamX using StreamView HTML component with public web server feature

Published: 28. December 2022
Severity : 6.5 Medium

MITRE: CVE-2022-4778

STM32 USB Host Library Buffer Overflow

Published: 21. October 2022
Severity : 6.8 Medium

MITRE: CVE-2021-42553

Response body bypass in OWASP ModSecurity Core Rule Set via repeated HTTP Range header submission with a small byte range

Published: 20. September 2022
Severity : 7.5 HIGH

MITRE: CVE-2022-39958

Response body bypass in OWASP ModSecurity Core Rule Set via a specialy crafted charset in the HTTP Accept header

Published: 20. September 2022
Severity : 7.3 HIGH

MITRE: CVE-2022-39957

Partial rule set bypass in OWASP ModSecurity Core Rule Set for HTTP multipart requests using character encoding in the Content-Type or Content-Transfer-Encoding header

Published: 20. September 2022
Severity : 7.3 HIGH

MITRE: CVE-2022-39956

Partial rule set bypass in OWASP ModSecurity Core Rule Set by submitting a specially crafted HTTP Content-Type header

Published: 20. September 2022
Severity : 7.3 HIGH

MITRE: CVE-2022-39955

Retbleed, Arbitrary Memory Disclosure through CPU Side-Channel Attacks

Published: 12. July 2022
Severity : 5.6 MEDIUM

MITRE: CVE-2022-29900
MITRE: CVE-2022-29901

Multi Factor Authentication Bypass in various versions of Abacus ERP

Published: 19. April 2022
Severity : 8.1 HIGH

MITRE: CVE-2022-1065

Insecure EBICS messages encryption implementation in ebics-java/ebics-java-client could allow an adjacent attacker to decrypt EBICS payloads

Published: 14. April 2022
Severity : 6.5 MEDIUM

MITRE: CVE-2022-1279

Novel attack against the Combined Charging System (CCS) in electric vehicles to remotely cause a denial of service

Published: 12. April 2022
Severity : 4.6 MEDIUM

MITRE: CVE-2022-0878

Reflected XSS in Archivista DMS

Published: 15. March 2022
Severity: 6.1 MEDIUM

MITRE: CVE-2021-42552

Reflected XSS in the search the functionality of AlCoda NetBiblio WebOPAC

Published: 14. January 2022
Severity: 6.1 MEDIUM

MITRE: CVE-2021-42551

Attacker with privileges to edit configuration files is able to execute code through JNDI lookup, logback

Published: 16. December 2021
Severity: 6.6 MEDIUM

MITRE: CVE-2021-42550

Reflected XSS in search the functionality of Wordpress, WP Cloud Plugins Use-Your-Drive

Published: 13. Dezember 2021
Severity: 4.7 MEDIUM

MITRE: CVE-2021-42546

Reflected XSS in search the functionality of Wordpress, WP Cloud Plugins Out-of-the-Box

Published: 13. Dezember 2021
Severity: 4.7 MEDIUM

MITRE: CVE-2021-42547

Reflected XSS in search the functionality of Wordpress, WP Cloud Plugins Share-one-Drive

Published: 13. Dezember 2021
Severity: 4.7 MEDIUM

MITRE: CVE-2021-42548

Reflected XSS in search the functionality of Wordpress, WP Cloud Plugins Lets-Box

Published: 13. Dezember 2021
Severity: 4.7 MEDIUM

MITRE: CVE-2021-42549

Missing HTTPOnly flag on sensitive cookie in TopEase

Published: 30. November 2021
Severity: 8.1 - high

MITRE: CVE-2021-42115

Unauthorized Menu Item Access in TopEase

Published: 30. November 2021
Severity: 4.3 - medium

MITRE: CVE-2021-42116

UI Redressing in TopEase

Published: 30. November 2021
Severity: 3.5 - low

MITRE: CVE-2021-42117

Stored XSS in TopEase

Published: 30. November 2021
Severity: 8.1 - high

MITRE: CVE-2021-42118

Stored XSS in Search Function in TopEase

Published: 30. November 2021
Severity: 7.3 - high

MITRE: CVE-2021-42119

Missing Character Length (Denial of Service) in TopEase

Published: 30. November 2021
Severity: 6.5 - medium

MITRE: CVE-2021-42120

Denial of Service via Invalid Date Format in TopEase

Published: 30. November 2021
Severity: 4.3 - medium

MITRE: CVE-2021-42121

Denial of Service via Invalid Object Attribute in TopEase

Published: 30. November 2021
Severity: 4.3 - medium

MITRE: CVE-2021-42122

Missing Upload Filter in TopEase

Published: 30. November 2021
Severity: 7.3 - high

MITRE: CVE-2021-42123

Lack of Rate limiting in Authentication in TopEase

Published: 30. November 2021
Severity: 7.5 - high

MITRE: CVE-2021-42144

Insufficient Session Expiration in TopEase

Published: 30. November 2021
Severity: 8.1 - high

MITRE: CVE-2021-42145

Blacksmith, Scalable Rowhammering In the Frequency Domain to Bypass TRR Mitigations On Modern DDR4/LPDDR4X Devices

Published: 15. November 2021
Severity: 9.0 - critical

MITRE: CVE-2021-42114