Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2024
CVE-2024-24592
Lack of authentication in all versions of the fileserver component of Allegro AI’s ClearML platform allows a remote attacker to arbitrarily access, create, modify and delete files.
CVSS Score
9.8
EPSS Score
0.009
Published
2024-02-06
CVE-2024-24593
A cross-site request forgery (CSRF) vulnerability in all versions up to 1.14.1 of the api server component of Allegro AI’s ClearML platform allows a remote attacker to impersonate a user by sending API requests via maliciously crafted html. Exploitation of the vulnerability allows an attacker to compromise confidential workspaces and files, leak sensitive information, and target instances of the ClearML platform within closed off networks.
CVSS Score
9.6
EPSS Score
0.004
Published
2024-02-06
CVE-2024-0911
A flaw was found in indent, a program for formatting C code. This issue may allow an attacker to trick a user into processing a specially crafted file to trigger a heap-based buffer overflow, causing the application to crash.
CVSS Score
5.5
EPSS Score
0.001
Published
2024-02-06
CVE-2024-0690
An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.
CVSS Score
5.0
EPSS Score
0.001
Published
2024-02-06
CVE-2024-24941
In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL
CVSS Score
6.1
EPSS Score
0.0
Published
2024-02-06
CVE-2024-24942
In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives
CVSS Score
5.3
EPSS Score
0.001
Published
2024-02-06
CVE-2024-24943
In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image
CVSS Score
5.3
EPSS Score
0.0
Published
2024-02-06
CVE-2024-24938
In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation
CVSS Score
5.3
EPSS Score
0.0
Published
2024-02-06
CVE-2024-24939
In JetBrains Rider before 2023.3.3 logging of environment variables containing secret values was possible
CVSS Score
3.3
EPSS Score
0.0
Published
2024-02-06
CVE-2024-24940
In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives
CVSS Score
2.8
EPSS Score
0.0
Published
2024-02-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved