9.8
CVE-2024-41117 - Remote code execution in streamlit geospatial in pages/10_π_Earth_Engine_Datasets.py
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `vis_params` variable on line 115 in `pages/10_π_Earth_Engine_Datasets.py` takes user input, which is later used in the `eval()` function on line 126, leadingβ¦
9.8
CVE-2024-41116 - Remote code execution in streamlit geospatial in pages/1_π·_Timelapse.py MODIS Ocean Color SMI optioβ¦
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `vis_params` variable on line 1254 in `pages/1_π·_Timelapse.py` takes user input, which is later used in the `eval()` function on line 1345, leading to remote β¦
9.8
CVE-2024-41115 - Remote code execution in streamlit geospatial in pages/1_π·_Timelapse.py MODIS Ocean Color SMI optioβ¦
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `palette` variable on line 488 in `pages/1_π·_Timelapse.py` takes user input, which is later used in the `eval()` function on line 493, leading to remote code β¦
9.8
CVE-2024-41114 - Remote code execution in streamlit geospatial in pages/1_π·_Timelapse.py MODIS Gap filled Land Surfaβ¦
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `palette` variable on line 430 in `pages/1_π·_Timelapse.py` takes user input, which is later used in the `eval()` function on line 435, leading to remote code β¦
9.8
CVE-2024-41113 - Remote code execution in streamlit geospatial in pages/1_π·_Timelapse.py Any Earth Engine ImageColleβ¦
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `vis_params` variable on line 383 or line 390 in `pages/1_π·_Timelapse.py` takes user input, which is later used in the `eval()` function on line 395, leading β¦
9.8
CVE-2024-41112 - Remote code execution in streamlit geospatial in pages/1_π·_Timelapse.py Any Earth Engine ImageColleβ¦
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the palette variable in `pages/1_π·_Timelapse.py` takes user input, which is later used in the `eval()` function on line 380, leading to remote code execution. Comβ¦
2.8
CVE-2024-4786 -
An improper validation vulnerability was reported in the Lenovo Tab K10 that could allow a specially crafted application to keep the device on.
7.2
CVE-2024-38512 -
A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands.
7.2
CVE-2024-38511 -
A privilege escalation vulnerability was discovered in an upload processing functionality of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads.
7.2
CVE-2024-38510 -
A privilege escalation vulnerability was discovered in the SSH captive command shell interface that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads.