Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-39685
Publication date:
22/07/2024
Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variable is used directly in a command executed with subprocess.run(cmd, shell=True) in the resample function, which leads to arbitrary command execution. This affects fishaudio/Bert-VITS2 2.3 and earlier.
Severity CVSS v4.0: Pending analysis
Last modification:
11/09/2024

CVE-2024-39686
Publication date:
22/07/2024
Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variable is used directly in a command executed with subprocess.run(cmd, shell=True) in the bert_gen function, which leads to arbitrary command execution. This affects fishaudio/Bert-VITS2 2.3 and earlier.
Severity CVSS v4.0: Pending analysis
Last modification:
11/09/2024

CVE-2024-39688
Publication date:
22/07/2024
Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variable is concatenated with other folders and used to open a new file in the generate_config function, which leads to a limited file write. The issue allows for writing /config/config.json file in arbitrary directory on the server. If a given directory path doesn’t exist, the application will return an error, so this vulnerability could also be used to gain information about existing directories on the server. This affects fishaudio/Bert-VITS2 2.3 and earlier.
Severity CVSS v4.0: Pending analysis
Last modification:
11/09/2024

CVE-2024-41827
Publication date:
22/07/2024
In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration
Severity CVSS v4.0: Pending analysis
Last modification:
07/08/2024

CVE-2024-41828
Publication date:
22/07/2024
In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time
Severity CVSS v4.0: Pending analysis
Last modification:
07/08/2024

CVE-2024-41829
Publication date:
22/07/2024
In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space Application connection
Severity CVSS v4.0: Pending analysis
Last modification:
14/08/2024

CVE-2024-41132
Publication date:
22/07/2024
ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in the Gif decoder. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. All users are advised to upgrade to v3.1.5 or v2.1.9.
Severity CVSS v4.0: Pending analysis
Last modification:
11/09/2024

CVE-2024-41824
Publication date:
22/07/2024
In JetBrains TeamCity before 2024.07 parameters of the "password" type could leak into the build log in some specific cases
Severity CVSS v4.0: Pending analysis
Last modification:
07/08/2024

CVE-2024-41825
Publication date:
22/07/2024
In JetBrains TeamCity before 2024.07 stored XSS was possible on the Code Inspection tab
Severity CVSS v4.0: Pending analysis
Last modification:
07/08/2024

CVE-2024-41826
Publication date:
22/07/2024
In JetBrains TeamCity before 2024.07 stored XSS was possible on Show Connection page
Severity CVSS v4.0: Pending analysis
Last modification:
07/08/2024

CVE-2024-41129
Publication date:
22/07/2024
The ops library is a Python framework for developing and testing Kubernetes and machine charms. The issue here is that ops passes the secret content as one of the args via CLI. This issue may affect any of the charms that are using: Juju (>=3.0), Juju secrets and not correctly capturing and processing `subprocess.CalledProcessError`. This vulnerability is fixed in 2.15.0.
Severity CVSS v4.0: Pending analysis
Last modification:
24/07/2024

CVE-2024-41131
Publication date:
22/07/2024
ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. All users are advised to upgrade to v3.1.5 or v2.1.9.
Severity CVSS v4.0: Pending analysis
Last modification:
11/09/2024
Subscribe to Vulnerabilities