Il 29 settembre 2021, l’NCSC , oggi l'UFCS, è stato recentemente riconosciuto dall’organizzazione indipendente statunitense MITRE come servizio autorizzato ad assegnare numeri CVE. In questo ruolo, l’UFCS è responsabile dell’elaborazione e della pubblicazione delle informazioni sulle vulnerabilità che gli vengono segnalate e delle registrazioni CVE corrispondenti. L’UFCS non è quindi solo il servizio ufficiale di contatto per segnalare le falle nella sicurezza in Svizzera, ma gestisce anche i rispettivi numeri CVE per lo scambio internazionale.
Vulnerabilità / CVE
CVE-2024-6203: HaloITSM - Password Reset Poisoning
Published: 06 August 2024
Severity: High 8.3
MITRE: CVE-2024-6203
CVE-2024-6202: HaloITSM - SAML XML Signature Wrapping (XSW)
Published: 06 August 2024
Severity: Critical 9.8
MITRE: CVE-2024-6202
CVE-2024-6201: HaloITSM - Emailing Template Injection
Published: 06 August 2024
Severity: Medium 5.3
MITRE: CVE-2024-6201
CVE-2024-6200: HaloITSM - Stored Cross-Site Scripting in Tickets
Published: 06 August 2024
Severity: High 8.0
MITRE: CVE-2024-6200
Bludit - Insecure Token Generation
Published: 24 June 2024
Severity: Medium 6.0
MITRE: CVE-2024-24554
Bludit uses SHA1 as Password Hashing Algorithm
Published: 24 June 2024
Severity: Medium 5.9
MITRE: CVE-2024-24553
Bludit is Vulnerable to Session Fixation
Published: 24 June 2024
Severity: Medium 5.6
MITRE: CVE-2024-24552
Bludit - Remote Code Exection (RCE) through Image API
Published: 24 June 2024
Severity: High 8.9
MITRE: CVE-2024-24551
Bludit - Remote Code Exection (RCE) through File API
Published: 24 June 2024
Severity: High 8.9
MITRE: CVE-2024-24550
Improper Access Control Leads to Server-Side Request Forgery in Mautic
Published: 10 April 2024
Severity: MEDIUM 5.0
MITRE: CVE-2024-3448
Improper Access Control Issues Lead to Sensitive Data Exposure in Mautic
Published: 10 April 2024
Severity: MEDIUM 5.4
MITRE: CVE-2024-2731
Predictable Page Indexing Might Lead to Sensitive Data Exposure in Mautic
Published: 10 April 2024
Severity: MEDIUM 5.3
MITRE: CVE-2024-2730
Authenticated Remote Code Execution in Kiloview NDI N series products
Published: 21 March 2024
Severity: High 8.8
MITRE: CVE-2024-2162
Use of Hard-coded Credentials in Kiloview NDI N series products API middleware
Published: 21 March 2024
Severity: Critical 9.1
MITRE: CVE-2024-2161
WAF bypass of the ModSecurity v3 release line
Published: 30 January 2024
Severity: High 8.6
MITRE: CVE-2024-1019
Command Execution trough Serial Interface of u-blox TOBY-L2
Published: 20 December 2023
Severity: High 7.6
MITRE: CVE-2023-0011
Logback "receiver" DOS vulnerability CVE-2023-6378 incomplete fix
Published: 04. December 2023
Severity: 7.1 High
Logback "receiver" DOS vulnerability
Published: 21 November 2023
Severity 7.1 High
Weak Access Control between Domains in Wing FTP Server <= 7.2.0
Published: 12. September 2023
Severity: 4.9 Medium
Exposed Session Variable in Wing FTP Server <= 7.2.0
Published: 12. September 2023
Severity: 6.5 Medium
Insecure Default Permissions in Wing FTP Server <= 7.2.0
Published: 12. September 2023
Severity: 6.1 Medium
Cross-Site Scripting Vulnerability in Wing FTP Server <= 7.2.0
Published: 12. September 2023
Severity: 3.0 Low
Reflected XSS in BKG Ntrip Professional Caster version <=2.0.44
Published: 28. June 2023
Severity: 4.7 Medium
Yellowbrik PEC-1864 authentication bypass
Published: 06. April 2023
Severity : 9.8 Critical
Unauthenticated RCE affecting the AcyMailing plugin for Joomla
Published: 30. March 2023
Severity : 9.8 Critical
Missing access control affecting the AcyMailing plugin for Joomla
Published: 30. March 2023
Severity : 6.5 Medium
Stored XSS affecting the AcyMailing plugin for Joomla
Published: 30. March 2023
Severity : 7.2 High
Hard coded credentials in elvexys ISOS firmwares
Published: 28. December 2022
Severity : 4.5 Medium
Authentication bypass in elvexys StreamX using StreamView HTML component with public web server feature
Published: 28. December 2022
Severity : 7.5 High
Path traversal in elvexys StreamX using StreamView HTML component with public web server feature
Published: 28. December 2022
Severity : 6.5 Medium
STM32 USB Host Library Buffer Overflow
Published: 21. October 2022
Severity : 6.8 Medium
Response body bypass in OWASP ModSecurity Core Rule Set via repeated HTTP Range header submission with a small byte range
Published: 20. September 2022
Severity : 7.5 HIGH
Response body bypass in OWASP ModSecurity Core Rule Set via a specialy crafted charset in the HTTP Accept header
Published: 20. September 2022
Severity : 7.3 HIGH
Partial rule set bypass in OWASP ModSecurity Core Rule Set for HTTP multipart requests using character encoding in the Content-Type or Content-Transfer-Encoding header
Published: 20. September 2022
Severity : 7.3 HIGH
Partial rule set bypass in OWASP ModSecurity Core Rule Set by submitting a specially crafted HTTP Content-Type header
Published: 20. September 2022
Severity : 7.3 HIGH
Retbleed, Arbitrary Memory Disclosure through CPU Side-Channel Attacks
Published: 12. July 2022
Severity : 5.6 MEDIUM
Multi Factor Authentication Bypass in various versions of Abacus ERP
Published: 19. April 2022
Severity : 8.1 HIGH
Insecure EBICS messages encryption implementation in ebics-java/ebics-java-client could allow an adjacent attacker to decrypt EBICS payloads
Published: 14. April 2022
Severity : 6.5 MEDIUM
Novel attack against the Combined Charging System (CCS) in electric vehicles to remotely cause a denial of service
Published: 12. April 2022
Severity : 4.6 MEDIUM
Reflected XSS in Archivista DMS
Published: 15. March 2022
Severity: 6.1 MEDIUM
Reflected XSS in the search the functionality of AlCoda NetBiblio WebOPAC
Published: 14. January 2022
Severity: 6.1 MEDIUM
MITRE: CVE-2021-42551
Attacker with privileges to edit configuration files is able to execute code through JNDI lookup, logback
Published: 16. December 2021
Severity: 6.6 MEDIUM
Reflected XSS in search the functionality of Wordpress, WP Cloud Plugins Use-Your-Drive
Published: 13. Dezember 2021
Severity: 4.7 MEDIUM
Reflected XSS in search the functionality of Wordpress, WP Cloud Plugins Out-of-the-Box
Published: 13. Dezember 2021
Severity: 4.7 MEDIUM
Reflected XSS in search the functionality of Wordpress, WP Cloud Plugins Share-one-Drive
Published: 13. Dezember 2021
Severity: 4.7 MEDIUM
Reflected XSS in search the functionality of Wordpress, WP Cloud Plugins Lets-Box
Published: 13. Dezember 2021
Severity: 4.7 MEDIUM
Missing HTTPOnly flag on sensitive cookie in TopEase
Published: 30. November 2021
Severity: 8.1 - high
MITRE: CVE-2021-42115
Unauthorized Menu Item Access in TopEase
Published: 30. November 2021
Severity: 4.3 - medium
MITRE: CVE-2021-42116
UI Redressing in TopEase
Published: 30. November 2021
Severity: 3.5 - low
MITRE: CVE-2021-42117
Stored XSS in TopEase
Published: 30. November 2021
Severity: 8.1 - high
MITRE: CVE-2021-42118
Stored XSS in Search Function in TopEase
Published: 30. November 2021
Severity: 7.3 - high
MITRE: CVE-2021-42119
Missing Character Length (Denial of Service) in TopEase
Published: 30. November 2021
Severity: 6.5 - medium
MITRE: CVE-2021-42120
Denial of Service via Invalid Date Format in TopEase
Published: 30. November 2021
Severity: 4.3 - medium
MITRE: CVE-2021-42121
Denial of Service via Invalid Object Attribute in TopEase
Published: 30. November 2021
Severity: 4.3 - medium
MITRE: CVE-2021-42122
Missing Upload Filter in TopEase
Published: 30. November 2021
Severity: 7.3 - high
MITRE: CVE-2021-42123
Lack of Rate limiting in Authentication in TopEase
Published: 30. November 2021
Severity: 7.5 - high
MITRE: CVE-2021-42144
Insufficient Session Expiration in TopEase
Published: 30. November 2021
Severity: 8.1 - high
MITRE: CVE-2021-42145
Blacksmith, Scalable Rowhammering In the Frequency Domain to Bypass TRR Mitigations On Modern DDR4/LPDDR4X Devices
Published: 15. November 2021
Severity: 9.0 - critical
Ultima modifica 06.08.2024