Security Vulnerabilities - CVEs Published In July 2024
IP Guard v4.81.0307.0 was discovered to contain an arbitrary file read vulnerability via the file name parameter.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-07-22
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. This report details a security vulnerability in Argo CD, where an unauthenticated attacker can send a specially crafted large JSON payload to the /api/webhook endpoint, causing excessive memory allocation that leads to service disruption by triggering an Out Of Memory (OOM) kill. The issue poses a high risk to the availability of Argo CD deployments. This vulnerability is fixed in 2.11.6, 2.10.15, and 2.9.20.
CVSS Score
7.5
EPSS Score
0.009
Published
2024-07-22
Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variable is used directly in a command executed with subprocess.run(cmd, shell=True) in the resample function, which leads to arbitrary command execution. This affects fishaudio/Bert-VITS2 2.3 and earlier.
CVSS Score
9.8
EPSS Score
0.004
Published
2024-07-22
Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variable is used directly in a command executed with subprocess.run(cmd, shell=True) in the bert_gen function, which leads to arbitrary command execution. This affects fishaudio/Bert-VITS2 2.3 and earlier.
CVSS Score
9.8
EPSS Score
0.004
Published
2024-07-22
Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variable is concatenated with other folders and used to open a new file in the generate_config function, which leads to a limited file write. The issue allows for writing /config/config.json file in arbitrary directory on the server. If a given directory path doesn’t exist, the application will return an error, so this vulnerability could also be used to gain information about existing directories on the server. This affects fishaudio/Bert-VITS2 2.3 and earlier.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-07-22
In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration
CVSS Score
7.4
EPSS Score
0.0
Published
2024-07-22
In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time
CVSS Score
2.6
EPSS Score
0.0
Published
2024-07-22
In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space Application connection
CVSS Score
3.5
EPSS Score
0.0
Published
2024-07-22
ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in the Gif decoder. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. All users are advised to upgrade to v3.1.5 or v2.1.9.
CVSS Score
5.3
EPSS Score
0.013
Published
2024-07-22
In JetBrains TeamCity before 2024.07 parameters of the "password" type could leak into the build log in some specific cases
CVSS Score
6.4
EPSS Score
0.0
Published
2024-07-22