CVE-2024-45201

An issue was discovered in llamaindex before 0.10.38. download/integration.py includes an exec call for import clsname...

PYSEC-2024-192

An issue was discovered in llamaindex before 0.10.38. download/integration.py includes an exec call for import clsname...

SUSE CVE-2024-43869

In the Linux kernel, the following vulnerability has been resolved: perf: Fix event leak upon exec and file release The perf pending task work is never waited upon the matching event release. In the case of a child event, released via freeevent directly, this can potentially result in a leaked...

CVE-2024-45201

An issue was discovered in llamaindex before 0.10.38. download/integration.py includes an exec call for import clsname...

LlamaIndex 安全漏洞

LlamaIndex is a data framework for LLM applications open-sourced by LlamaIndex. A security vulnerability exists in LlamaIndex versions prior to 0.10.38, which stems from a risky exec call to download/integration.py...

CVE-2024-45201

The CVE describes a code-injection style issue in llama_index prior to 0.10.38. The vulnerability resides in download/integration.py, where an exec call uses a parameter cls_name (import {cls_name}), allowing an attacker-controlled input to run arbitrary code. Impacted software: llama_index (vers...

AZL-48495 CVE-2024-43882 affecting package kernel for versions less than 5.15.167.1-1

In the Linux kernel, the following vulnerability has been resolved: exec: Fix ToCToU between perm check and set-uid/gid usage When opening a file for exec via dofilpopen, permission checking is done against the file's metadata at that moment, and on success, a file pointer is passed back. Much...

DEBIAN-CVE-2024-43882

In the Linux kernel, the following vulnerability has been resolved: exec: Fix ToCToU between perm check and set-uid/gid usage When opening a file for exec via dofilpopen, permission checking is done against the file's metadata at that moment, and on success, a file pointer is passed back. Much...

CVE-2024-43882

In the Linux kernel, the following vulnerability has been resolved: exec: Fix ToCToU between perm check and set-uid/gid usage When opening a file for exec via dofilpopen, permission checking is done against the file's metadata at that moment, and on success, a file pointer is passed back. Much...

DEBIAN-CVE-2024-43869

In the Linux kernel, the following vulnerability has been resolved: perf: Fix event leak upon exec and file release The perf pending task work is never waited upon the matching event release. In the case of a child event, released via freeevent directly, this can potentially result in a leaked...

UBUNTU-CVE-2024-43869

In the Linux kernel, the following vulnerability has been resolved: perf: Fix event leak upon exec and file release The perf pending task work is never waited upon the matching event release. In the case of a child event, released via freeevent directly, this can potentially result in a leaked...

UBUNTU-CVE-2024-43882

In the Linux kernel, the following vulnerability has been resolved: exec: Fix ToCToU between perm check and set-uid/gid usage When opening a file for exec via dofilpopen, permission checking is done against the file's metadata at that moment, and on success, a file pointer is passed back. Much...

CVE-2024-43882 exec: Fix ToCToU between perm check and set-uid/gid usage

In the Linux kernel, the following vulnerability has been resolved: exec: Fix ToCToU between perm check and set-uid/gid usage When opening a file for exec via dofilpopen, permission checking is done against the file's metadata at that moment, and on success, a file pointer is passed back. Much...

CVE-2024-43882 exec: Fix ToCToU between perm check and set-uid/gid usage

In the Linux kernel, the following vulnerability has been resolved: exec: Fix ToCToU between perm check and set-uid/gid usage When opening a file for exec via dofilpopen, permission checking is done against the file's metadata at that moment, and on success, a file pointer is passed back. Much...

CVE-2024-43882

In the Linux kernel, the following vulnerability has been resolved: exec: Fix ToCToU between perm check and set-uid/gid usage When opening a file for exec via dofilpopen, permission checking is done against the file's metadata at that moment, and on success, a file pointer is passed back. Much...

CVE-2024-43869 perf: Fix event leak upon exec and file release

In the Linux kernel, the following vulnerability has been resolved: perf: Fix event leak upon exec and file release The perf pending task work is never waited upon the matching event release. In the case of a child event, released via freeevent directly, this can potentially result in a leaked...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an event leak in the perf subsystem during exec and file release...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a ToCToU issue in the exec component when setting uid/gid...

PT-2024-38272 · Unknown · Youdiancms

Name of the Vulnerable Software and Affected Versions: YouDianCMS version 7 Description: A critical issue has been found, affecting the curl exec function in the file /App/Core/Extend/Function/ydLib.php. The manipulation of the url argument leads to server-side request forgery. This issue can be...

PT-2024-37975 · Unknown · Form Tools

Name of the Vulnerable Software and Affected Versions: Form Tools version 3.1.1 Description: A problematic issue was found in the Import Option List component, specifically affecting the curl exec function in the /admin/forms/option lists/edit.php file. The manipulation of the url argument leads ...