CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41113 – Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py Any Earth Engine ImageCollection option vis_params
https://notcve.org/view.php?id=CVE-2024-41113
26 Jul 2024 — Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `vis_params` variable on line 383 or line 390 in `pages/1_📷_Timelapse.py` takes user input, which is later used in the `eval()` function on line 395, leading to remote code execution. ... _Timelapse.py` takes user input, which is later used in the `eval()` function on line 395, leading to remote code execution. • https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L383-L388 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41112 – Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py Any Earth Engine ImageCollection option palette
https://notcve.org/view.php?id=CVE-2024-41112
26 Jul 2024 — Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the palette variable in `pages/1_📷_Timelapse.py` takes user input, which is later used in the `eval()` function on line 380, leading to remote code execution. ... _Timelapse.py` takes user input, which is later used in the `eval()` function on line 380, leading to remote code execution. • https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L373-L376 • CWE-20: Improper Input Validation •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38509
https://notcve.org/view.php?id=CVE-2024-38509
26 Jul 2024 — A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to execute arbitrary code via a specially crafted IPMI command. • https://support.lenovo.com/us/en/product_security/LEN-156781 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6816 – IrfanView PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-6816
26 Jul 2024 — IrfanView PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. ... An attacker can leverage this vulnerability to execute code in the context of the current process. An attack... • https://www.zerodayinitiative.com/advisories/ZDI-24-968 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6822 – IrfanView CIN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-6822
26 Jul 2024 — IrfanView CIN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. ... An attacker can leverage this vulnerability to execute code in the context of the current process. An attacker can ... • https://www.zerodayinitiative.com/advisories/ZDI-24-974 • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6431 – Media.net Ads Manager <= 2.10.13 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-6431
26 Jul 2024 — This makes it possible for authenticated attackers, with subscriber-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/media-net-ads-manager/tags/2.10.13/app/admin/MnetAdHandleAjaxCalls.php#L206 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6818 – IrfanView PSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-6818
26 Jul 2024 — IrfanView PSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. ... An attacker can leverage this vulnerability to execute code in the context of the current process. An attacker can ... • https://www.zerodayinitiative.com/advisories/ZDI-24-970 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6815 – IrfanView RLE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-6815
26 Jul 2024 — IrfanView RLE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. ... An attacker can leverage this vulnerability to execute code in the context of the current process. An attacker can ... • https://www.zerodayinitiative.com/advisories/ZDI-24-967 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6820 – IrfanView AWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-6820
26 Jul 2024 — IrfanView AWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. ... An attacker can leverage this vulnerability to execute code in the context of the current process. An attacker can ... • https://www.zerodayinitiative.com/advisories/ZDI-24-972 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6821 – IrfanView CIN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-6821
26 Jul 2024 — IrfanView CIN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. ... An attacker can leverage this vulnerability to execute code in the context of the current process. An attacker can ... • https://www.zerodayinitiative.com/advisories/ZDI-24-973 • CWE-787: Out-of-bounds Write •