Germany

etcd Security Advisory: Multiple Vulnerabilities

CERT-Bund has issued a security advisory regarding multiple vulnerabilities in etcd, versions prior to 3.6.9, 3.5.28, and 3.4.42. These vulnerabilities allow attackers to bypass security measures, with a high CVSS base score of 8.6. Affected systems include Linux, UNIX, and Windows.

GNU libc Vulnerabilities Allow DNS Response Manipulation

CERT-Bund has issued a security advisory regarding multiple vulnerabilities in GNU libc, affecting Linux and other Unix-based systems. These vulnerabilities allow remote attackers to manipulate DNS responses. The advisory provides information on affected versions and mitigation strategies.

SmarterMail Vulnerabilities Advisory

CERT-Bund has issued a security advisory for SmarterTools SmarterMail, detailing multiple vulnerabilities with a CVSS Base Score of 8.6. These vulnerabilities allow for remote attacks, potentially leading to denial of service, credential exposure, and other impacts. Mitigation is available.

Keycloak Vulnerabilities Allow Remote Authenticated Attacks

CERT-Bund has issued a security advisory for Keycloak, detailing vulnerabilities that allow remote authenticated attackers to bypass security measures and disclose information. The advisory highlights a CVSS base score of 5.8 and affects Keycloak versions used on Linux and UNIX operating systems.

Checkmk Vulnerability Allows Bypassing Security Controls

CERT-Bund has issued a security advisory regarding a vulnerability in Checkmk IT monitoring software. The vulnerability, with a CVSS base score of 6.3, allows authenticated remote attackers to bypass security controls. Affected versions include Checkmk versions prior to 2.6.0b1, 2.5.0b1, and 2.4.0p25.

PTC FlexPLM and Windchill Vulnerability Allows Code Execution

CERT-Bund has issued a security advisory for critical vulnerabilities in PTC FlexPLM and Windchill software, allowing remote code execution. The advisory lists affected product versions and provides mitigation information. Users are advised to apply available updates to address these severe security risks.

Langflow Vulnerabilities Advisory

CERT-Bund has issued a security advisory for Langflow, detailing multiple critical vulnerabilities (CVSS Base Score 9.1) that could allow remote code execution, information disclosure, and data manipulation. The advisory affects open-source Langflow versions prior to 1.7.0 and 1.9.0, impacting Linux, UNIX, and Windows operating systems.

Python Vulnerability Allows Code Execution

CERT-Bund has issued a security advisory regarding a vulnerability in Python versions prior to 3.15.0, which could allow attackers to execute arbitrary code. The advisory provides mitigation information and notes that the vulnerability affects Linux, UNIX, and Windows operating systems.

Linksys MR9600 Router Vulnerability Allows Code Execution

CERT-Bund has issued a security advisory for the Linksys MR9600 Router, detailing a vulnerability that allows remote, authenticated attackers to execute arbitrary code. The advisory highlights a CVSS Base Score of 8.8, indicating a high severity.

MariaDB Vulnerability: Denial of Service, Potential Code Execution

CERT-Bund has issued a security advisory for MariaDB, detailing a vulnerability that allows remote, authenticated attackers to cause a Denial of Service and potentially execute arbitrary code. The advisory affects specific versions of MariaDB Server across Linux, UNIX, and Windows operating systems.