CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41116 – Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py MODIS Ocean Color SMI option vis_params
https://notcve.org/view.php?id=CVE-2024-41116
26 Jul 2024 — Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `vis_params` variable on line 1254 in `pages/1_📷_Timelapse.py` takes user input, which is later used in the `eval()` function on line 1345, leading to remote code execution. ... _Timelapse.py` takes user input, which is later used in the `eval()` function on line 1345, leading to remote code execution. • https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41115 – Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py MODIS Ocean Color SMI option palette
https://notcve.org/view.php?id=CVE-2024-41115
26 Jul 2024 — Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `palette` variable on line 488 in `pages/1_📷_Timelapse.py` takes user input, which is later used in the `eval()` function on line 493, leading to remote code execution. ... _Timelapse.py` takes user input, which is later used in the `eval()` function on line 493, leading to remote code execution. • https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41114 – Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py MODIS Gap filled Land Surface Temperature Daily option
https://notcve.org/view.php?id=CVE-2024-41114
26 Jul 2024 — Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `palette` variable on line 430 in `pages/1_📷_Timelapse.py` takes user input, which is later used in the `eval()` function on line 435, leading to remote code execution. ... _Timelapse.py` takes user input, which is later used in the `eval()` function on line 435, leading to remote code execution. • https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41113 – Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py Any Earth Engine ImageCollection option vis_params
https://notcve.org/view.php?id=CVE-2024-41113
26 Jul 2024 — Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `vis_params` variable on line 383 or line 390 in `pages/1_📷_Timelapse.py` takes user input, which is later used in the `eval()` function on line 395, leading to remote code execution. ... _Timelapse.py` takes user input, which is later used in the `eval()` function on line 395, leading to remote code execution. • https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L383-L388 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41112 – Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py Any Earth Engine ImageCollection option palette
https://notcve.org/view.php?id=CVE-2024-41112
26 Jul 2024 — Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the palette variable in `pages/1_📷_Timelapse.py` takes user input, which is later used in the `eval()` function on line 380, leading to remote code execution. ... _Timelapse.py` takes user input, which is later used in the `eval()` function on line 380, leading to remote code execution. • https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L373-L376 • CWE-20: Improper Input Validation •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38509
https://notcve.org/view.php?id=CVE-2024-38509
26 Jul 2024 — A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to execute arbitrary code via a specially crafted IPMI command. • https://support.lenovo.com/us/en/product_security/LEN-156781 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6816 – IrfanView PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-6816
26 Jul 2024 — IrfanView PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. ... An attacker can leverage this vulnerability to execute code in the context of the current process. An attacker can ... • https://www.zerodayinitiative.com/advisories/ZDI-24-968 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6822 – IrfanView CIN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-6822
26 Jul 2024 — IrfanView CIN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. ... An attacker can leverage this vulnerability to execute code in the context of the current process. An attacker can leverag... • https://www.zerodayinitiative.com/advisories/ZDI-24-974 • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6431 – Media.net Ads Manager <= 2.10.13 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-6431
26 Jul 2024 — This makes it possible for authenticated attackers, with subscriber-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/media-net-ads-manager/tags/2.10.13/app/admin/MnetAdHandleAjaxCalls.php#L206 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6818 – IrfanView PSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-6818
26 Jul 2024 — IrfanView PSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. ... An attacker can leverage this vulnerability to execute code in the context of the current process. An attacker can leverag... • https://www.zerodayinitiative.com/advisories/ZDI-24-970 • CWE-787: Out-of-bounds Write •