Nouvellement reconnu par l'organisation américaine compétente MITRE, le NCSC est habilité depuis le 29 septembre 2021 à attribuer des numéros CVE. Dans ce rôle, le NCSC est chargé de préparer et de publier les informations nécessaires sur les vulnérabilités qui lui sont signalées et les enregistrements CVE correspondants. Le NCSC est non seulement le service officiel auquel signaler les failles de sécurité en Suisse, mais il gère également les numéros CVE de ces dernières en vue des échanges internationaux.
Vulnérabilités / CVE
Yellowbrik PEC-1864 authentication bypass
Published: 06. April 2023
Severity : 9.8 Critical
Unauthenticated RCE affecting the AcyMailing plugin for Joomla
Published: 30. March 2023
Severity : 9.8 Critical
Missing access control affecting the AcyMailing plugin for Joomla
Published: 30. March 2023
Severity : 6.5 Medium
Stored XSS affecting the AcyMailing plugin for Joomla
Published: 30. March 2023
Severity : 7.2 High
Hard coded credentials in elvexys ISOS firmwares
Published: 28. December 2022
Severity : 4.5 Medium
Authentication bypass in elvexys StreamX using StreamView HTML component with public web server feature
Published: 28. December 2022
Severity : 7.5 High
Path traversal in elvexys StreamX using StreamView HTML component with public web server feature
Published: 28. December 2022
Severity : 6.5 Medium
STM32 USB Host Library Buffer Overflow
Published: 21. October 2022
Severity : 6.8 Medium
Response body bypass in OWASP ModSecurity Core Rule Set via repeated HTTP Range header submission with a small byte range
Published: 20. September 2022
Severity : 7.5 HIGH
Response body bypass in OWASP ModSecurity Core Rule Set via a specialy crafted charset in the HTTP Accept header
Published: 20. September 2022
Severity : 7.3 HIGH
Partial rule set bypass in OWASP ModSecurity Core Rule Set for HTTP multipart requests using character encoding in the Content-Type or Content-Transfer-Encoding header
Published: 20. September 2022
Severity : 7.3 HIGH
Partial rule set bypass in OWASP ModSecurity Core Rule Set by submitting a specially crafted HTTP Content-Type header
Published: 20. September 2022
Severity : 7.3 HIGH
Retbleed, Arbitrary Memory Disclosure through CPU Side-Channel Attacks
Published: 12. July 2022
Severity : 5.6 MEDIUM
Multi Factor Authentication Bypass in various versions of Abacus ERP
Published: 19. April 2022
Severity : 8.1 HIGH
Insecure EBICS messages encryption implementation in ebics-java/ebics-java-client could allow an adjacent attacker to decrypt EBICS payloads
Published: 14. April 2022
Severity : 6.5 MEDIUM
Novel attack against the Combined Charging System (CCS) in electric vehicles to remotely cause a denial of service
Published: 12. April 2022
Severity : 4.6 MEDIUM
Reflected XSS in Archivista DMS
Published: 15. March 2022
Severity: 6.1 MEDIUM
Reflected XSS in the search the functionality of AlCoda NetBiblio WebOPAC
Published: 14. January 2022
Severity: 6.1 MEDIUM
MITRE: CVE-2021-42551
Attacker with privileges to edit configuration files is able to execute code through JNDI lookup, logback
Published: 16. December 2021
Severity: 6.6 MEDIUM
Reflected XSS in search the functionality of Wordpress, WP Cloud Plugins Use-Your-Drive
Published: 13. Dezember 2021
Severity: 4.7 MEDIUM
Reflected XSS in search the functionality of Wordpress, WP Cloud Plugins Out-of-the-Box
Published: 13. Dezember 2021
Severity: 4.7 MEDIUM
Reflected XSS in search the functionality of Wordpress, WP Cloud Plugins Share-one-Drive
Published: 13. Dezember 2021
Severity: 4.7 MEDIUM
Reflected XSS in search the functionality of Wordpress, WP Cloud Plugins Lets-Box
Published: 13. Dezember 2021
Severity: 4.7 MEDIUM
Missing HTTPOnly flag on sensitive cookie in TopEase
Published: 30. November 2021
Severity: 8.1 - high
MITRE: CVE-2021-42115
Unauthorized Menu Item Access in TopEase
Published: 30. November 2021
Severity: 4.3 - medium
MITRE: CVE-2021-42116
UI Redressing in TopEase
Published: 30. November 2021
Severity: 3.5 - low
MITRE: CVE-2021-42117
Stored XSS in TopEase
Published: 30. November 2021
Severity: 8.1 - high
MITRE: CVE-2021-42118
Stored XSS in Search Function in TopEase
Published: 30. November 2021
Severity: 7.3 - high
MITRE: CVE-2021-42119
Missing Character Length (Denial of Service) in TopEase
Published: 30. November 2021
Severity: 6.5 - medium
MITRE: CVE-2021-42120
Denial of Service via Invalid Date Format in TopEase
Published: 30. November 2021
Severity: 4.3 - medium
MITRE: CVE-2021-42121
Denial of Service via Invalid Object Attribute in TopEase
Published: 30. November 2021
Severity: 4.3 - medium
MITRE: CVE-2021-42122
Missing Upload Filter in TopEase
Published: 30. November 2021
Severity: 7.3 - high
MITRE: CVE-2021-42123
Lack of Rate limiting in Authentication in TopEase
Published: 30. November 2021
Severity: 7.5 - high
MITRE: CVE-2021-42144
Insufficient Session Expiration in TopEase
Published: 30. November 2021
Severity: 8.1 - high
MITRE: CVE-2021-42145
Blacksmith, Scalable Rowhammering In the Frequency Domain to Bypass TRR Mitigations On Modern DDR4/LPDDR4X Devices
Published: 15. November 2021
Severity: 9.0 - critical
Dernière modification 06.04.2023