CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-44825 – Invesalius 3.1.99995 Arbitrary File Write / Directory Traversal
https://notcve.org/view.php?id=CVE-2024-44825
23 Sep 2024 — Directory Traversal vulnerability in Centro de Tecnologia da Informaco Renato Archer InVesalius3 v3.1.99995 allows attackers to write arbitrary files unto the system via a crafted .inv3 file. • https://packetstorm.news/files/id/181738 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 3CVE-2024-42845 – Invesalius 3.1 Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-42845
23 Aug 2024 — An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998 allows attackers to execute arbitrary code via loading a crafted DICOM file. • https://packetstorm.news/files/id/180378 • CWE-94: Improper Control of Generation of Code ('Code Injection') •