CVE-2024-41824

CVE-2024-41824

Título es
CVE-2024-41824

Lun, 22/07/2024 – 15:15

Tipo
CWE-532

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-41824

Descripción en
In JetBrains TeamCity before 2024.07 parameters of the "password" type could leak into the build log in some specific cases

22/07/2024
22/07/2024
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)
6.40

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

  • https://www.jetbrains.com/privacy-security/issues-fixed/

    • Enviar en el boletín
    Off

    CVE-2024-41132

    CVE-2024-41132

    Título es
    CVE-2024-41132

    Lun, 22/07/2024 – 15:15

    Tipo
    CWE-789

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-41132

    Descripción en
    ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in the Gif decoder. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. All users are advised to upgrade to v3.1.5 or v2.1.9.

    22/07/2024
    22/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands

  • https://docs.sixlabors.com/articles/imagesharp/security.html

  • https://github.com/SixLabors/ImageSharp/commit/59de13c8cc47f2b402e2c43aa7024511d029d515

  • https://github.com/SixLabors/ImageSharp/commit/9816ca45016c5d3859986f3c600e8934bc450a56

  • https://github.com/SixLabors/ImageSharp/commit/b496109051cc39feee1f6cde48fca6481de17f9a

  • https://github.com/SixLabors/ImageSharp/pull/2759

  • https://github.com/SixLabors/ImageSharp/pull/2764

  • https://github.com/SixLabors/ImageSharp/pull/2770

  • https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-qxrv-gp6x-rc23

    • Enviar en el boletín
    Off

    CVE-2024-41829

    CVE-2024-41829

    Título es
    CVE-2024-41829

    Lun, 22/07/2024 – 15:15

    Tipo
    CWE-303

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-41829

    Descripción en
    In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space Application connection

    22/07/2024
    22/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    3.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias

  • https://www.jetbrains.com/privacy-security/issues-fixed/

    • Enviar en el boletín
    Off

    CVE-2024-41828

    CVE-2024-41828

    Título es
    CVE-2024-41828

    Lun, 22/07/2024 – 15:15

    Tipo
    CWE-208

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-41828

    Descripción en
    In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time

    22/07/2024
    22/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    2.60

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias

  • https://www.jetbrains.com/privacy-security/issues-fixed/

    • Enviar en el boletín
    Off

    CVE-2024-41827

    CVE-2024-41827

    Título es
    CVE-2024-41827

    Lun, 22/07/2024 – 15:15

    Tipo
    CWE-613

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-41827

    Descripción en
    In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration

    22/07/2024
    22/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://www.jetbrains.com/privacy-security/issues-fixed/

    • Enviar en el boletín
    Off

    CVE-2024-39688

    CVE-2024-39688

    Título es
    CVE-2024-39688

    Lun, 22/07/2024 – 16:15

    Tipo
    CWE-22

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-39688

    Descripción en
    Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variable is concatenated with other folders and used to open a new file in the generate_config function, which leads to a limited file write. The issue allows for writing /config/config.json file in arbitrary directory on the server. If a given directory path doesn’t exist, the application will return an error, so this vulnerability could also be used to gain information about existing directories on the server. This affects fishaudio/Bert-VITS2 2.3 and earlier.

    22/07/2024
    22/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://github.com/fishaudio/Bert-VITS2/blob/76653b5b6d657143721df2ed6c5c246b4b1d9277/webui_preprocess.py#L130-L133

  • https://github.com/fishaudio/Bert-VITS2/blob/76653b5b6d657143721df2ed6c5c246b4b1d9277/webui_preprocess.py#L34

  • https://securitylab.github.com/advisories/GHSL-2024-045_GHSL-2024-047_fishaudio_Bert-VITS2/

    • Enviar en el boletín
    Off

    CVE-2024-39686

    CVE-2024-39686

    Título es
    CVE-2024-39686

    Lun, 22/07/2024 – 16:15

    Tipo
    CWE-78

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-39686

    Descripción en
    Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variable is used directly in a command executed with subprocess.run(cmd, shell=True) in the bert_gen function, which leads to arbitrary command execution. This affects fishaudio/Bert-VITS2 2.3 and earlier.

    22/07/2024
    22/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    9.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    CRITICAL

    Referencias

  • https://github.com/fishaudio/Bert-VITS2/blob/3f8c537f4aeb281df3fb3c455eed9a1b64871a81/webui_preprocess.py#L82C9-L82C57

  • https://github.com/fishaudio/Bert-VITS2/blob/76653b5b6d657143721df2ed6c5c246b4b1d9277/webui_preprocess.py#L130-L133

  • https://securitylab.github.com/advisories/GHSL-2024-045_GHSL-2024-047_fishaudio_Bert-VITS2/

    • Enviar en el boletín
    Off

    CVE-2024-39685

    CVE-2024-39685

    Título es
    CVE-2024-39685

    Lun, 22/07/2024 – 16:15

    Tipo
    CWE-78

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-39685

    Descripción en
    Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variable is used directly in a command executed with subprocess.run(cmd, shell=True) in the resample function, which leads to arbitrary command execution. This affects fishaudio/Bert-VITS2 2.3 and earlier.

    22/07/2024
    22/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    9.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    CRITICAL

    Referencias

  • https://github.com/fishaudio/Bert-VITS2/blob/3f8c537f4aeb281df3fb3c455eed9a1b64871a81/webui_preprocess.py#L46-L52

  • https://github.com/fishaudio/Bert-VITS2/blob/76653b5b6d657143721df2ed6c5c246b4b1d9277/webui_preprocess.py#L130-L133

  • https://securitylab.github.com/advisories/GHSL-2024-045_GHSL-2024-047_fishaudio_Bert-VITS2/

    • Enviar en el boletín
    Off

    CVE-2024-25638

    CVE-2024-25638

    Título es
    CVE-2024-25638

    Lun, 22/07/2024 – 14:15

    Tipo
    CWE-345

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-25638

    Descripción en
    dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0.

    22/07/2024
    22/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.90

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://github.com/dnsjava/dnsjava/commit/bc51df1c455e6c9fb7cbd42fcb6d62d16047818d

  • https://github.com/dnsjava/dnsjava/security/advisories/GHSA-cfxw-4h78-h7fw

    • Enviar en el boletín
    Off

    CVE-2024-37998

    CVE-2024-37998

    Título es
    CVE-2024-37998

    Lun, 22/07/2024 – 14:15

    Tipo
    CWE-620

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-37998

    Descripción en
    A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions

    22/07/2024
    22/07/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    9.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    CRITICAL

    Referencias

  • https://cert-portal.siemens.com/productcert/html/ssa-071402.html

    • Enviar en el boletín
    Off