Germany

Python Path Traversal Vulnerability Disclosed

CERT-Bund has disclosed a path traversal vulnerability in Python versions prior to 3.15.0. The vulnerability, with a CVSS base score of 4.0, allows local attackers to exploit the flaw. Mitigation is available.

Microsoft Dynamics 365 SQL Injection Vulnerability

CERT-Bund has issued a security advisory for Microsoft Dynamics 365 Customer Engagement regarding a critical SQL injection vulnerability (CVSS 8.8). The vulnerability allows authenticated remote attackers to execute arbitrary SQL commands, potentially leading to privilege escalation or operating system command execution.

Keycloak Vulnerabilities: Info Disclosure and Privilege Escalation

CERT-Bund has issued a security advisory regarding critical vulnerabilities in Keycloak versions prior to 26.5.6. These vulnerabilities allow for remote information disclosure and privilege escalation. Mitigation is available.

Ubiquiti UniFi Vulnerabilities Allow Privilege Escalation

CERT-Bund has issued a security advisory for Ubiquiti UniFi Network Application, detailing vulnerabilities that allow for privilege escalation. The advisory assigns a critical CVSS Base Score of 10.0 and a high CVSS Temporal Score of 8.7, indicating a significant security risk. Affected versions include UniFi Network Application <10.1.89, <10.2.97, <9.0.118, and UniFi Express <4.0.13.

libarchive Vulnerability Allows Denial-of-Service

CERT-Bund has issued a security advisory regarding a vulnerability in the libarchive library, which allows for denial-of-service attacks. The vulnerability affects various operating systems including Linux, UNIX, and Windows, and specific versions of Red Hat Enterprise Linux. Mitigation measures are available.

Roundcube Vulnerabilities: Critical Score, File Manipulation, XSS

CERT-Bund has issued a security advisory for Roundcube, a PHP-based open-source webmail system. Multiple vulnerabilities with a critical CVSS base score of 10.0 have been identified, allowing attackers to manipulate files, bypass security measures, and perform cross-site scripting attacks.

BaFin Warns High Performance Battery Holding AG Over Prospectus Violation

BaFin has issued a warning regarding High Performance Battery Holding AG for allegedly offering shares to the public in Germany without a required prospectus. Consumers are advised to rely only on legally mandated information and check BaFin's prospectus database.

nghttp2 Vulnerability Allows Denial of Service

CERT-Bund has issued a security advisory regarding a vulnerability in nghttp2 versions prior to 1.68.1. The vulnerability allows remote attackers to perform a Denial of Service attack. The advisory provides mitigation information and affected systems.

Linux Kernel Vulnerabilities

CERT-Bund has issued a security advisory for multiple vulnerabilities in the Linux Kernel, rated with a critical CVSS base score of 9.8. These vulnerabilities could lead to denial-of-service conditions or memory corruption. Mitigation measures are available.

Wazuh Vulnerabilities Allow Critical Remote Attacks

CERT-Bund has issued a security advisory for Wazuh, detailing multiple vulnerabilities that allow critical remote attacks with a CVSS score of 9.1. The advisory affects Wazuh versions prior to 4.14.3 and impacts UNIX and other operating systems.