CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41112 – Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py Any Earth Engine ImageCollection option palette
https://notcve.org/view.php?id=CVE-2024-41112
Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the palette variable in `pages/1_📷_Timelapse.py` takes user input, which is later used in the `eval()` function on line 380, leading to remote code execution. • https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L373-L376 https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L380 https://github.com/opengeos/streamlit-geospatial/commit/c4f81d9616d40c60584e36abb15300853a66e489 https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38509
https://notcve.org/view.php?id=CVE-2024-38509
A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to execute arbitrary code via a specially crafted IPMI command. • https://support.lenovo.com/us/en/product_security/LEN-156781 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-6821 – IrfanView CIN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-6821
This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6460 – Grow by Tradedoubler <= 2.0.21 - Unauthenticated LFI
https://notcve.org/view.php?id=CVE-2024-6460
This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files. ... This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://wpscan.com/vulnerability/ba2f53e0-30be-4f37-91bc-5fa151f1eee7 • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-6817 – IrfanView PSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-6817
This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •