3975 matches found
CVE-2024-6825 Remote Code Execution in BerriAI/litellm
BerriAI/litellm version 1.40.12 contains a vulnerability that allows remote code execution. The issue exists in the handling of the 'postcallrules' configuration, where a callback function can be added. The provided value is split at the final '.' mark, with the last part considered the function...
CVE-2024-6825
CVE-2024-6825 affects litellm 1.40.12. The vulnerability lies in how the post_call_rules configuration is parsed: a callback can be set to a system method (for example os.system), with the final part treated as the function name and the rest imported as a Python module, enabling arbitrary command...
ptp: Ensure info->enable callback is always set
...
CVE-2024-11283
The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to wpajaxgoogleapilogincallback function not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to...
powerpc/pseries/vas: Add close() callback in vas_vm_ops struct
...
VulnCheck KEV: CVE-2024-9593
The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution in versions up to, and including, 1.2.2 for Time Clock and 1.1.4 for Time Clock Pro via the 'etimeclockwploadfunctioncallback' function. This allows unauthenticated attackers to execute...
PYSEC-2025-189
A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch.ops.profiler.callendcallbacksonjitfut of the component Tuple Handler. The manipulation of the argument None leads to memory corruption. The attack can be launch...
UBUNTU-CVE-2025-2148
A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch.ops.profiler.callendcallbacksonjitfut of the component Tuple Handler. The manipulation of the argument None leads to memory corruption. The attack can be launch...
NFSD: Prevent NULL dereference in nfsd4_process_cb_update()
...
SUSE CVE-2024-58077
In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-pcm: don't use socpcmret on .prepare callback commit 1f5664351410 "ASoC: lower "no backend DAIs enabled for ... Port" log severity" ignores -EINVAL error message on common socpcmret. It is used from many functions,...
CVE-2024-58077
In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-pcm: don't use socpcmret on .prepare callback commit 1f5664351410 "ASoC: lower "no backend DAIs enabled for ... Port" log severity" ignores -EINVAL error message on common socpcmret. It is used from many functions,...
DEBIAN-CVE-2024-58077
In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-pcm: don't use socpcmret on .prepare callback commit 1f5664351410 "ASoC: lower "no backend DAIs enabled for ... Port" log severity" ignores -EINVAL error message on common socpcmret. It is used from many functions,...
CVE-2024-58077
In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-pcm: don't use socpcmret on .prepare callback commit 1f5664351410 "ASoC: lower "no backend DAIs enabled for ... Port" log severity" ignores -EINVAL error message on common socpcmret. It is used from many functions,...
CVE-2024-58077 ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback
In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-pcm: don't use socpcmret on .prepare callback commit 1f5664351410 "ASoC: lower "no backend DAIs enabled for ... Port" log severity" ignores -EINVAL error message on common socpcmret. It is used from many functions,...
CVE-2024-58077 ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback
In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-pcm: don't use socpcmret on .prepare callback commit 1f5664351410 "ASoC: lower "no backend DAIs enabled for ... Port" log severity" ignores -EINVAL error message on common socpcmret. It is used from many functions,...
CVE-2024-58077
CVE-2024-58077 affects the Linux kernel ASoC: soc-pcm path. The root cause is invoking soc_pcm_ret() on the .prepare callback, which previously ignored -EINVAL to avoid user-space DoS via logs. The fix changes behavior to stop using soc_pcm_ret() in the .prepare callback, addressing the invalid-p...
Important: amazon-cloudwatch-agent
Issue Overview: Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. CVE-2024-34155 Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the fact that socpcmret should not be used in the .prepare callback, which could lead to error logging...
Important: amazon-cloudwatch-agent
Issue Overview: Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. CVE-2024-34155 Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a...
Important: amazon-cloudwatch-agent
Issue Overview: Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. CVE-2024-34155 Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a...