Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2024
CVE-2024-27132
Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over template variables.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-02-23
CVE-2024-27133
Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-02-23
CVE-2024-21423
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
CVSS Score
4.8
EPSS Score
0.014
Published
2024-02-23
CVE-2024-24309
In the module "Survey TMA" (ecomiz_survey_tma) up to version 2.0.0 from Ecomiz for PrestaShop, a guest can download personal information without restriction.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-02-23
CVE-2024-24310
In the module "Generate barcode on invoice / delivery slip" (ecgeneratebarcode) from Ether Creation <= 1.2.0 for PrestaShop, a guest can perform SQL injection.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-02-23
CVE-2021-33141
Improper input validation in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow an unauthenticated user to potentially enable denial of service via network access.
CVSS Score
8.6
EPSS Score
0.001
Published
2024-02-23
CVE-2021-33142
Improper input validation in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable denial of service via local access.
CVSS Score
6.0
EPSS Score
0.001
Published
2024-02-23
CVE-2021-33145
Uncaught exception in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Score
7.2
EPSS Score
0.0
Published
2024-02-23
CVE-2021-33146
Improper input validation in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow an unauthenticated user to potentially enable information disclosure via network access.
CVSS Score
5.3
EPSS Score
0.002
Published
2024-02-23
CVE-2021-33157
Insufficient control flow management in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Score
7.2
EPSS Score
0.0
Published
2024-02-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved