Nouvellement reconnu par l'organisation américaine compétente MITRE, le NCSC, aujourd'hui l'OFCS, est habilité depuis le 29 septembre 2021 à attribuer des numéros CVE. Dans ce rôle, l'OFCS est chargé de préparer et de publier les informations nécessaires sur les vulnérabilités qui lui sont signalées et les enregistrements CVE correspondants. L'OFCS est non seulement le service officiel auquel signaler les failles de sécurité en Suisse, mais il gère également les numéros CVE de ces dernières en vue des échanges internationaux.
Vulnérabilités / CVE
CVE-2024-12305: Object-Level Access Control Vulnerability Allows Unauthorized Access to Student Grades in Unifiedtransform
Published: 09 December 2024
Severity: Medium 4.3
MITRE: CVE-2024-12305
CVE-2024-12306: Access Control Vulnerabilities Allow Unauthorized Access to User Profiles in Unifiedtransform
Published: 09 December 2024
Severity: Medium 4.3
MITRE: CVE-2024-12306
CVE-2024-12307: Function-Level Access Control Vulnerability Allows Unauthorized Modification of Student Data in Unifiedtransform
Published: 09 December 2024
Severity: Medium 4.3
MITRE: CVE-2024-12307
CVE-2024-9044: XML External Entity (XXE) Vulnerability in EasyTax
Published: 29 November 2024
Severity: Medium 4.6
MITRE: CVE-2024-9044
CVE-2024-8602: XML Eternal Entity Attack in the Software Library taxstatement.jar
Published: 14 October 2024
Severity: Medium 6.3
MITRE: CVE-2024-8602
CVE-2024-6203: HaloITSM - Password Reset Poisoning
Published: 06 August 2024
Severity: High 8.3
MITRE: CVE-2024-6203
CVE-2024-6202: HaloITSM - SAML XML Signature Wrapping (XSW)
Published: 06 August 2024
Severity: Critical 9.8
MITRE: CVE-2024-6202
CVE-2024-6201: HaloITSM - Emailing Template Injection
Published: 06 August 2024
Severity: Medium 5.3
MITRE: CVE-2024-6201
CVE-2024-6200: HaloITSM - Stored Cross-Site Scripting in Tickets
Published: 06 August 2024
Severity: High 8.0
MITRE: CVE-2024-6200
Bludit - Insecure Token Generation
Published: 24 June 2024
Severity: Medium 6.0
MITRE: CVE-2024-24554
Bludit uses SHA1 as Password Hashing Algorithm
Published: 24 June 2024
Severity: Medium 5.9
MITRE: CVE-2024-24553
Bludit is Vulnerable to Session Fixation
Published: 24 June 2024
Severity: Medium 5.6
MITRE: CVE-2024-24552
Bludit - Remote Code Exection (RCE) through Image API
Published: 24 June 2024
Severity: High 8.9
MITRE: CVE-2024-24551
Bludit - Remote Code Exection (RCE) through File API
Published: 24 June 2024
Severity: High 8.9
MITRE: CVE-2024-24550
Improper Access Control Leads to Server-Side Request Forgery in Mautic
Published: 10 April 2024
Severity: MEDIUM 5.0
MITRE: CVE-2024-3448
Improper Access Control Issues Lead to Sensitive Data Exposure in Mautic
Published: 10 April 2024
Severity: MEDIUM 5.4
MITRE: CVE-2024-2731
Predictable Page Indexing Might Lead to Sensitive Data Exposure in Mautic
Published: 10 April 2024
Severity: MEDIUM 5.3
MITRE: CVE-2024-2730
Authenticated Remote Code Execution in Kiloview NDI N series products
Published: 21 March 2024
Severity: High 8.8
MITRE: CVE-2024-2162
Use of Hard-coded Credentials in Kiloview NDI N series products API middleware
Published: 21 March 2024
Severity: Critical 9.1
MITRE: CVE-2024-2161
WAF bypass of the ModSecurity v3 release line
Published: 30 January 2024
Severity: High 8.6
MITRE: CVE-2024-1019
Command Execution trough Serial Interface of u-blox TOBY-L2
Published: 20 December 2023
Severity: High 7.6
MITRE: CVE-2023-0011
Logback "receiver" DOS vulnerability CVE-2023-6378 incomplete fix
Published: 04. December 2023
Severity: 7.1 High
Logback "receiver" DOS vulnerability
Published: 21 November 2023
Severity 7.1 High
Weak Access Control between Domains in Wing FTP Server <= 7.2.0
Published: 12. September 2023
Severity: 4.9 Medium
Exposed Session Variable in Wing FTP Server <= 7.2.0
Published: 12. September 2023
Severity: 6.5 Medium
Insecure Default Permissions in Wing FTP Server <= 7.2.0
Published: 12. September 2023
Severity: 6.1 Medium
Cross-Site Scripting Vulnerability in Wing FTP Server <= 7.2.0
Published: 12. September 2023
Severity: 3.0 Low
Reflected XSS in BKG Ntrip Professional Caster version <=2.0.44
Published: 28. June 2023
Severity: 4.7 Medium
Yellowbrik PEC-1864 authentication bypass
Published: 06. April 2023
Severity : 9.8 Critical
Unauthenticated RCE affecting the AcyMailing plugin for Joomla
Published: 30. March 2023
Severity : 9.8 Critical
Missing access control affecting the AcyMailing plugin for Joomla
Published: 30. March 2023
Severity : 6.5 Medium
Stored XSS affecting the AcyMailing plugin for Joomla
Published: 30. March 2023
Severity : 7.2 High
Hard coded credentials in elvexys ISOS firmwares
Published: 28. December 2022
Severity : 4.5 Medium
Authentication bypass in elvexys StreamX using StreamView HTML component with public web server feature
Published: 28. December 2022
Severity : 7.5 High
Path traversal in elvexys StreamX using StreamView HTML component with public web server feature
Published: 28. December 2022
Severity : 6.5 Medium
STM32 USB Host Library Buffer Overflow
Published: 21. October 2022
Severity : 6.8 Medium
Response body bypass in OWASP ModSecurity Core Rule Set via repeated HTTP Range header submission with a small byte range
Published: 20. September 2022
Severity : 7.5 HIGH
Response body bypass in OWASP ModSecurity Core Rule Set via a specialy crafted charset in the HTTP Accept header
Published: 20. September 2022
Severity : 7.3 HIGH
Partial rule set bypass in OWASP ModSecurity Core Rule Set for HTTP multipart requests using character encoding in the Content-Type or Content-Transfer-Encoding header
Published: 20. September 2022
Severity : 7.3 HIGH
Partial rule set bypass in OWASP ModSecurity Core Rule Set by submitting a specially crafted HTTP Content-Type header
Published: 20. September 2022
Severity : 7.3 HIGH
Retbleed, Arbitrary Memory Disclosure through CPU Side-Channel Attacks
Published: 12. July 2022
Severity : 5.6 MEDIUM
Multi Factor Authentication Bypass in various versions of Abacus ERP
Published: 19. April 2022
Severity : 8.1 HIGH
Insecure EBICS messages encryption implementation in ebics-java/ebics-java-client could allow an adjacent attacker to decrypt EBICS payloads
Published: 14. April 2022
Severity : 6.5 MEDIUM
Novel attack against the Combined Charging System (CCS) in electric vehicles to remotely cause a denial of service
Published: 12. April 2022
Severity : 4.6 MEDIUM
Reflected XSS in Archivista DMS
Published: 15. March 2022
Severity: 6.1 MEDIUM
Reflected XSS in the search the functionality of AlCoda NetBiblio WebOPAC
Published: 14. January 2022
Severity: 6.1 MEDIUM
MITRE: CVE-2021-42551
Attacker with privileges to edit configuration files is able to execute code through JNDI lookup, logback
Published: 16. December 2021
Severity: 6.6 MEDIUM
Reflected XSS in search the functionality of Wordpress, WP Cloud Plugins Use-Your-Drive
Published: 13. Dezember 2021
Severity: 4.7 MEDIUM
Reflected XSS in search the functionality of Wordpress, WP Cloud Plugins Out-of-the-Box
Published: 13. Dezember 2021
Severity: 4.7 MEDIUM
Reflected XSS in search the functionality of Wordpress, WP Cloud Plugins Share-one-Drive
Published: 13. Dezember 2021
Severity: 4.7 MEDIUM
Reflected XSS in search the functionality of Wordpress, WP Cloud Plugins Lets-Box
Published: 13. Dezember 2021
Severity: 4.7 MEDIUM
Missing HTTPOnly flag on sensitive cookie in TopEase
Published: 30. November 2021
Severity: 8.1 - high
MITRE: CVE-2021-42115
Unauthorized Menu Item Access in TopEase
Published: 30. November 2021
Severity: 4.3 - medium
MITRE: CVE-2021-42116
UI Redressing in TopEase
Published: 30. November 2021
Severity: 3.5 - low
MITRE: CVE-2021-42117
Stored XSS in TopEase
Published: 30. November 2021
Severity: 8.1 - high
MITRE: CVE-2021-42118
Stored XSS in Search Function in TopEase
Published: 30. November 2021
Severity: 7.3 - high
MITRE: CVE-2021-42119
Missing Character Length (Denial of Service) in TopEase
Published: 30. November 2021
Severity: 6.5 - medium
MITRE: CVE-2021-42120
Denial of Service via Invalid Date Format in TopEase
Published: 30. November 2021
Severity: 4.3 - medium
MITRE: CVE-2021-42121
Denial of Service via Invalid Object Attribute in TopEase
Published: 30. November 2021
Severity: 4.3 - medium
MITRE: CVE-2021-42122
Missing Upload Filter in TopEase
Published: 30. November 2021
Severity: 7.3 - high
MITRE: CVE-2021-42123
Lack of Rate limiting in Authentication in TopEase
Published: 30. November 2021
Severity: 7.5 - high
MITRE: CVE-2021-42144
Insufficient Session Expiration in TopEase
Published: 30. November 2021
Severity: 8.1 - high
MITRE: CVE-2021-42145
Blacksmith, Scalable Rowhammering In the Frequency Domain to Bypass TRR Mitigations On Modern DDR4/LPDDR4X Devices
Published: 15. November 2021
Severity: 9.0 - critical
Dernière modification 11.12.2024