Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
29eb0986 by Salvatore Bonaccorso at 2025-03-20T22:32:30+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -168,11 +168,11 @@ CVE-2024-9418 (In version 0.0.14 of
transformeroptimus/superagi, the API endpoin
CVE-2024-9415 (A Path Traversal vulnerability exists in the file upload
functionality ...)
NOT-FOR-US: transformeroptimus/superagi
CVE-2024-9365 (A Cross-Site Request Forgery (CSRF) vulnerability in
polyaxon/polyaxon ...)
- TODO: check
+ NOT-FOR-US: polyaxon/polyaxon
CVE-2024-9363 (An unauthorized file deletion vulnerability exists in the
latest versi ...)
- TODO: check
+ NOT-FOR-US: polyaxon/polyaxon
CVE-2024-9362 (An unauthenticated directory traversal vulnerability exists in
Polyaxo ...)
- TODO: check
+ NOT-FOR-US: polyaxon/polyaxon
CVE-2024-9340 (A Denial of Service (DoS) vulnerability in zenml-io/zenml
version 0.66 ...)
NOT-FOR-US: zenml-io/zenml
CVE-2024-9311 (A Cross-Site Request Forgery (CSRF) vulnerability in
haotian-liu/llava ...)
@@ -206,7 +206,7 @@ CVE-2024-9053 (vllm-project vllm version 0.6.0 contains a
vulnerability in the A
CVE-2024-9052 (vllm-project vllm version 0.6.0 contains a vulnerability in the
distri ...)
- vllm <itp> (bug #1095237)
CVE-2024-9016 (man-group dtale version <= 3.13.1 contains a vulnerability
where the q ...)
- TODO: check
+ NOT-FOR-US: man-group/dtale
CVE-2024-9000 (In lunary-ai/lunary before version 1.4.26, the
checklists.post() endpo ...)
NOT-FOR-US: lunary-ai/lunary
CVE-2024-8999 (lunary-ai/lunary version v1.4.25 contains an improper access
control v ...)
@@ -264,7 +264,7 @@ CVE-2024-8502 (A vulnerability in the
RpcAgentServerLauncher class of modelscope
CVE-2024-8501 (An arbitrary file download vulnerability exists in the
rpc_agent_clien ...)
NOT-FOR-US: modelscope/agentscope
CVE-2024-8489 (A vulnerability in modelscope/agentscope, specifically in the
AgentSco ...)
- TODO: check
+ NOT-FOR-US: modelscope/agentscope
CVE-2024-8487 (A Cross-Origin Resource Sharing (CORS) vulnerability exists in
modelsc ...)
NOT-FOR-US: modelscope/agentscope
CVE-2024-8438 (A path traversal vulnerability exists in modelscope/agentscope
version ...)
@@ -322,27 +322,27 @@ CVE-2024-8020 (A vulnerability in
lightning-ai/pytorch-lightning version 2.3.2 a
CVE-2024-8019 (In lightning-ai/pytorch-lightning version 2.3.2, a
vulnerability exist ...)
TODO: check
CVE-2024-8018 (A vulnerability in imartinez/privategpt version 0.5.0 allows
for a Den ...)
- TODO: check
+ NOT-FOR-US: imartinez/privategpt
CVE-2024-8017 (An XSS vulnerability exists in open-webui/open-webui versions
<= 0.3.8 ...)
- TODO: check
+ NOT-FOR-US: open-webui/open-webui
CVE-2024-7999 (A vulnerability in open-webui/open-webui version 79778fa allows
an att ...)
- TODO: check
+ NOT-FOR-US: open-webui/open-webui
CVE-2024-7990 (A stored cross-site scripting (XSS) vulnerability exists in
open-webui ...)
- TODO: check
+ NOT-FOR-US: open-webui/open-webui
CVE-2024-7983 (In version 0.3.8 of open-webui, an endpoint for converting
markdown to ...)
- TODO: check
+ NOT-FOR-US: open-webui/open-webui
CVE-2024-7959 (The `/openai/models` endpoint in open-webui/open-webui version
0.3.8 i ...)
- TODO: check
+ NOT-FOR-US: open-webui/open-webui
CVE-2024-7957 (An arbitrary file overwrite vulnerability exists in the
ZulipConnector ...)
- TODO: check
+ NOT-FOR-US: danswer-ai/danswer
CVE-2024-7819 (A CORS misconfiguration in danswer-ai/danswer v1.4.1 allows
attackers ...)
- TODO: check
+ NOT-FOR-US: danswer-ai/danswer
CVE-2024-7806 (A vulnerability in open-webui/open-webui versions <= 0.3.8
allows remo ...)
- TODO: check
+ NOT-FOR-US: open-webui/open-webui
CVE-2024-7804 (A deserialization vulnerability exists in the Pytorch RPC
framework (t ...)
TODO: check
CVE-2024-7779 (A vulnerability in danswer-ai/danswer version 1 allows an
attacker to ...)
- TODO: check
+ NOT-FOR-US: danswer-ai/danswer
CVE-2024-7776 (A vulnerability in the `download_model` function of the
onnx/onnx fram ...)
TODO: check
CVE-2024-7773 (A vulnerability in ollama/ollama version 0.1.37 allows for
remote code ...)
@@ -352,45 +352,45 @@ CVE-2024-7771 (A vulnerability in the Dockerized version
of mintplex-labs/anythi
CVE-2024-7768 (A vulnerability in the `/3/ImportFiles` endpoint of h2oai/h2o-3
versio ...)
TODO: check
CVE-2024-7767 (An improper access control vulnerability exists in
danswer-ai/danswer ...)
- TODO: check
+ NOT-FOR-US: danswer-ai/danswer
CVE-2024-7765 (In h2oai/h2o-3 version 3.46.0.2, a vulnerability exists where
uploadin ...)
TODO: check
CVE-2024-7764 (Vanna-ai v0.6.2 is vulnerable to SQL Injection due to
insufficient pro ...)
- TODO: check
+ NOT-FOR-US: Vanna-ai
CVE-2024-7760 (aimhubio/aim version 3.22.0 contains a Cross-Site Request
Forgery (CSR ...)
- TODO: check
+ NOT-FOR-US: aimhubio/aim
CVE-2024-7598 (A security issue was discovered in Kubernetes where a malicious
or com ...)
TODO: check
CVE-2024-7476 (A broken access control vulnerability exists in
lunary-ai/lunary versi ...)
- TODO: check
+ NOT-FOR-US: lunary-ai/lunary
CVE-2024-7058 (A vulnerability in the sanitize_path function in
parisneo/lollms-webui ...)
- TODO: check
+ NOT-FOR-US: parisneo/lollms-webui
CVE-2024-7053 (A vulnerability in open-webui/open-webui version 0.3.8 allows
an attac ...)
- TODO: check
+ NOT-FOR-US: open-webui/open-webui
CVE-2024-7046 (An improper access control vulnerability in
open-webui/open-webui v0.3 ...)
- TODO: check
+ NOT-FOR-US: open-webui/open-webui
CVE-2024-7045 (In version v0.3.8 of open-webui/open-webui, improper access
control vu ...)
- TODO: check
+ NOT-FOR-US: open-webui/open-webui
CVE-2024-7044 (A Stored Cross-Site Scripting (XSS) vulnerability exists in the
chat f ...)
- TODO: check
+ NOT-FOR-US: open-webui/open-webui
CVE-2024-7043 (An improper access control vulnerability in
open-webui/open-webui v0.3 ...)
- TODO: check
+ NOT-FOR-US: open-webui/open-webui
CVE-2024-7040 (In version v0.3.8 of open-webui/open-webui, there is an
improper acces ...)
- TODO: check
+ NOT-FOR-US: open-webui/open-webui
CVE-2024-7039 (In open-webui/open-webui version v0.3.8, there is an improper
privileg ...)
- TODO: check
+ NOT-FOR-US: open-webui/open-webui
CVE-2024-7036 (A vulnerability in open-webui/open-webui v0.3.8 allows an
unauthentica ...)
- TODO: check
+ NOT-FOR-US: open-webui/open-webui
CVE-2024-7035 (In version v0.3.8 of open-webui/open-webui, sensitive actions
such as ...)
- TODO: check
+ NOT-FOR-US: open-webui/open-webui
CVE-2024-7034 (In open-webui version 0.3.8, the endpoint `/models/upload` is
vulnerab ...)
- TODO: check
+ NOT-FOR-US: open-webui/open-webui
CVE-2024-7033 (In version 0.3.8 of open-webui/open-webui, an arbitrary file
write vul ...)
- TODO: check
+ NOT-FOR-US: open-webui/open-webui
CVE-2024-6986 (A Cross-site Scripting (XSS) vulnerability exists in the
Settings page ...)
- TODO: check
+ NOT-FOR-US: parisneo/lollms-webui
CVE-2024-6982 (A remote code execution vulnerability exists in the Calculate
function ...)
- TODO: check
+ NOT-FOR-US: parisneo/lollms
CVE-2024-6866 (corydolphin/flask-cors version 4.01 contains a vulnerability
where the ...)
TODO: check
CVE-2024-6863 (In h2oai/h2o-3 version 3.46.0, an endpoint exposing a custom
Encryptio ...)
@@ -398,31 +398,31 @@ CVE-2024-6863 (In h2oai/h2o-3 version 3.46.0, an endpoint
exposing a custom Encr
CVE-2024-6854 (In h2oai/h2o-3 version 3.46.0, the endpoint for exporting
models does ...)
TODO: check
CVE-2024-6851 (In version 3.22.0 of aimhubio/aim, the
LocalFileManager._cleanup funct ...)
- TODO: check
+ NOT-FOR-US: aimhubio/aim
CVE-2024-6844 (A vulnerability in corydolphin/flask-cors version 4.0.1 allows
for inc ...)
TODO: check
CVE-2024-6842 (In version 1.5.5 of mintplex-labs/anything-llm, the
`/setup-complete` ...)
- TODO: check
+ NOT-FOR-US: mintplex-labs/anything-llm
CVE-2024-6841 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the
latest ...)
- TODO: check
+ NOT-FOR-US: Vanna-ai
CVE-2024-6839 (corydolphin/flask-cors version 4.0.1 contains an improper regex
path m ...)
TODO: check
CVE-2024-6838 (In mlflow/mlflow version v2.13.2, a vulnerability exists that
allows t ...)
- TODO: check
+ NOT-FOR-US: mlflow
CVE-2024-6829 (A vulnerability in aimhubio/aim version 3.19.3 allows an
attacker to e ...)
- TODO: check
+ NOT-FOR-US: aimhubio/aim
CVE-2024-6827 (Gunicorn version 21.2.0 does not properly validate the value of
the 'T ...)
TODO: check
CVE-2024-6825 (BerriAI/litellm version 1.40.12 contains a vulnerability that
allows r ...)
- TODO: check
+ NOT-FOR-US: BerriAI/litellm
CVE-2024-6583 (A path traversal vulnerability exists in the latest version of
stangir ...)
- TODO: check
+ NOT-FOR-US: stangirard/quivr
CVE-2024-6577 (In the latest version of pytorch/serve, the script
'upload_results_to_ ...)
TODO: check
CVE-2024-6483 (A vulnerability in the `runs/delete-batch` endpoint of
aimhubio/aim ve ...)
- TODO: check
+ NOT-FOR-US: aimhubio/aim
CVE-2024-5752 (A path traversal vulnerability exists in stitionai/devika,
specificall ...)
- TODO: check
+ NOT-FOR-US: stitionai/devika
CVE-2024-57440 (D-Link DSL-3788 revA1 1.01R1B036_EU_EN is vulnerable to Buffer
Overflo ...)
NOT-FOR-US: D-Link
CVE-2024-4990 (In yiisoft/yii2 version 2.0.48, the base Component class
contains a vu ...)
@@ -430,9 +430,9 @@ CVE-2024-4990 (In yiisoft/yii2 version 2.0.48, the base
Component class contains
CVE-2024-4023 (A stored cross-site scripting (XSS) vulnerability exists in
flatpressb ...)
TODO: check
CVE-2024-48591 (Inflectra SpiraTeam 7.2.00 is vulnerable to Cross Site
Scripting (XSS) ...)
- TODO: check
+ NOT-FOR-US: Inflectra SpiraTeam
CVE-2024-48590 (Inflectra SpiraTeam 7.2.00 is vulnerable to Server-Side
Request Forger ...)
- TODO: check
+ NOT-FOR-US: Inflectra SpiraTeam
CVE-2024-2292 (Due to a lack of access control, unauthorized users are able to
view a ...)
TODO: check
CVE-2024-13923 (The Order Export & Order Import for WooCommerce plugin for
WordPress i ...)
@@ -448,181 +448,181 @@ CVE-2024-13558 (The NP Quote Request for WooCommerce
plugin for WordPress is vul
CVE-2024-13060 (A vulnerability in AnythingLLM Docker version 1.3.1 allows
users with ...)
TODO: check
CVE-2024-12911 (A vulnerability in the `default_jsonalyzer` function of the
`JSONalyze ...)
- TODO: check
+ NOT-FOR-US: run-llama/llama_index
CVE-2024-12910 (A vulnerability in the `KnowledgeBaseWebReader` class of the
run-llama ...)
- TODO: check
+ NOT-FOR-US: run-llama/llama_index
CVE-2024-12909 (A vulnerability in the FinanceChatLlamaPack of the
run-llama/llama_ind ...)
- TODO: check
+ NOT-FOR-US: run-llama/llama_index
CVE-2024-12886 (An Out-Of-Memory (OOM) vulnerability exists in the `ollama`
server ver ...)
- ollama <itp> (bug #1094806)
CVE-2024-12882 (comfyanonymous/comfyui version v0.2.4 suffers from a non-blind
Server- ...)
- TODO: check
+ NOT-FOR-US: comfyanonymous/comfyui
CVE-2024-12880 (A vulnerability in infiniflow/ragflow version RAGFlow-0.13.0
allows fo ...)
- TODO: check
+ NOT-FOR-US: infiniflow/ragflow
CVE-2024-12871 (An XSS vulnerability in infiniflow/ragflow version 0.12.0
allows an at ...)
- TODO: check
+ NOT-FOR-US: infiniflow/ragflow
CVE-2024-12870 (A stored cross-site scripting (XSS) vulnerability exists in
infiniflow ...)
- TODO: check
+ NOT-FOR-US: infiniflow/ragflow
CVE-2024-12869 (In infiniflow/ragflow version v0.12.0, there is an improper
authentica ...)
- TODO: check
+ NOT-FOR-US: infiniflow/ragflow
CVE-2024-12868 (In version 0.3.32 of open-webui, the application uses a
vulnerable ver ...)
- TODO: check
+ NOT-FOR-US: open-webui/open-webui
CVE-2024-12866 (A local file inclusion vulnerability exists in
netease-youdao/qanythin ...)
TODO: check
CVE-2024-12864 (A Denial of Service (DoS) vulnerability was discovered in the
file upl ...)
TODO: check
CVE-2024-12779 (A Server-Side Request Forgery (SSRF) vulnerability exists in
infiniflo ...)
- TODO: check
+ NOT-FOR-US: infiniflow/ragflow
CVE-2024-12778 (A vulnerability in aimhubio/aim version 3.25.0 allows for a
denial of ...)
- TODO: check
+ NOT-FOR-US: aimhubio/aim
CVE-2024-12777 (A vulnerability in aimhubio/aim version 3.25.0 allows for a
denial of ...)
- TODO: check
+ NOT-FOR-US: aimhubio/aim
CVE-2024-12776 (In langgenius/dify v0.10.1, the `/forgot-password/resets`
endpoint doe ...)
- TODO: check
+ NOT-FOR-US: langgenius/dify
CVE-2024-12775 (langgenius/dify version 0.10.1 contains a Server-Side Request
Forgery ...)
- TODO: check
+ NOT-FOR-US: langgenius/dify
CVE-2024-12766 (parisneo/lollms-webui version V13 (feather) suffers from a
Server-Side ...)
- TODO: check
+ NOT-FOR-US: parisneo/lollms-webui
CVE-2024-12761 (A Denial of Service (DoS) vulnerability exists in the
brycedrennan/ima ...)
- TODO: check
+ NOT-FOR-US: brycedrennan/imaginairy
CVE-2024-12760 (An open redirect vulnerability in bentoml/bentoml v1.3.9
allows a remo ...)
- TODO: check
+ NOT-FOR-US: bentoml/bentoml
CVE-2024-12759 (In bentoml/bentoml version 1.3.9, the `/login` endpoint of the
newly i ...)
- TODO: check
+ NOT-FOR-US: bentoml/bentoml
CVE-2024-12720 (A Regular Expression Denial of Service (ReDoS) vulnerability
was ident ...)
TODO: check
CVE-2024-12704 (A vulnerability in the LangChainLLM class of the
run-llama/llama_index ...)
TODO: check
CVE-2024-12580 (A vulnerability in danny-avila/librechat prior to version
0.7.6 allows ...)
- TODO: check
+ NOT-FOR-US: danny-avila/librechat
CVE-2024-12537 (In version 0.3.32 of open-webui/open-webui, the absence of
authenticat ...)
- TODO: check
+ NOT-FOR-US: open-webui/open-webui
CVE-2024-12534 (In version v0.3.32 of open-webui/open-webui, the application
allows us ...)
- TODO: check
+ NOT-FOR-US: open-webui/open-webui
CVE-2024-12450 (In infiniflow/ragflow versions 0.12.0, the `web_crawl`
function in `do ...)
- TODO: check
+ NOT-FOR-US: infiniflow/ragflow
CVE-2024-12433 (A vulnerability in infiniflow/ragflow versions v0.12.0 allows
for remo ...)
- TODO: check
+ NOT-FOR-US: infiniflow/ragflow
CVE-2024-12392 (A Server-Side Request Forgery (SSRF) vulnerability exists in
binary-hu ...)
- TODO: check
+ NOT-FOR-US: binary-husky/gpt_academic
CVE-2024-12391 (A vulnerability in binary-husky/gpt_academic, as of commit
310122f, al ...)
- TODO: check
+ NOT-FOR-US: binary-husky/gpt_academic
CVE-2024-12390 (A vulnerability in binary-husky/gpt_academic version git
310122f allow ...)
- TODO: check
+ NOT-FOR-US: binary-husky/gpt_academic
CVE-2024-12389 (A path traversal vulnerability exists in
binary-husky/gpt_academic ver ...)
- TODO: check
+ NOT-FOR-US: binary-husky/gpt_academic
CVE-2024-12388 (A vulnerability in binary-husky/gpt_academic version 310122f
allows fo ...)
- TODO: check
+ NOT-FOR-US: binary-husky/gpt_academic
CVE-2024-12387 (A vulnerability in the binary-husky/gpt_academic repository,
as of com ...)
- TODO: check
+ NOT-FOR-US: binary-husky/gpt_academic
CVE-2024-12376 (A Server-Side Request Forgery (SSRF) vulnerability was
identified in t ...)
- TODO: check
+ NOT-FOR-US: lm-sys/fastchat
CVE-2024-12375 (A local file inclusion vulnerability was identified in
automatic1111/s ...)
- TODO: check
+ NOT-FOR-US: automatic1111/stable-diffusion-webui
CVE-2024-12374 (A stored cross-site scripting (XSS) vulnerability exists in
automatic1 ...)
- TODO: check
+ NOT-FOR-US: automatic1111/stable-diffusion-webui
CVE-2024-12217 (A vulnerability in the gradio-app/gradio repository, version
git 67e40 ...)
- TODO: check
+ NOT-FOR-US: Gradio
CVE-2024-12216 (A vulnerability in the `ImageClassificationDataset.from_csv()`
API of ...)
TODO: check
CVE-2024-12215 (In kedro-org/kedro version 0.19.8, the `pull_package()` API
function a ...)
TODO: check
CVE-2024-12074 (A Denial of Service (DoS) vulnerability was discovered in the
file upl ...)
- TODO: check
+ NOT-FOR-US: automatic1111/stable-diffusion-webui
CVE-2024-12070 (A Denial of Service (DoS) vulnerability exists in the file
upload feat ...)
- TODO: check
+ NOT-FOR-US: haotian-liu/llava
CVE-2024-12068 (A Server-Side Request Forgery (SSRF) vulnerability was
discovered in h ...)
- TODO: check
+ NOT-FOR-US: haotian-liu/llava
CVE-2024-12065 (A local file inclusion vulnerability exists in
haotian-liu/llava at co ...)
- TODO: check
+ NOT-FOR-US: haotian-liu/llava
CVE-2024-12063 (A Denial of Service (DoS) vulnerability exists in the file
upload feat ...)
- TODO: check
+ NOT-FOR-US: imartinez/privategpt
CVE-2024-12055 (A vulnerability in Ollama versions <=0.3.14 allows a malicious
user to ...)
- ollama <itp> (bug #1094806)
CVE-2024-12048 (An IDOR (Insecure Direct Object Reference) vulnerability
exists in tra ...)
- TODO: check
+ NOT-FOR-US: transformeroptimus/superagi
CVE-2024-12044 (A remote code execution vulnerability exists in
open-mmlab/mmdetection ...)
- TODO: check
+ NOT-FOR-US: open-mmlab/mmdetection
CVE-2024-12039 (langgenius/dify version v0.10.1 contains a vulnerability where
there a ...)
- TODO: check
+ NOT-FOR-US: langgenius/dify
CVE-2024-12029 (A remote code execution vulnerability exists in
invoke-ai/invokeai ver ...)
- TODO: check
+ NOT-FOR-US: invoke-ai/invokeai
CVE-2024-11958 (A SQL injection vulnerability exists in the `duckdb_retriever`
compone ...)
- TODO: check
+ NOT-FOR-US: run-llama/llama_index
CVE-2024-11850 (A stored cross-site scripting (XSS) vulnerability exists in
the latest ...)
- TODO: check
+ NOT-FOR-US: langgenius/dify
CVE-2024-11824 (A stored cross-site scripting (XSS) vulnerability exists in
langgenius ...)
- TODO: check
+ NOT-FOR-US: langgenius/dify
CVE-2024-11822 (langgenius/dify version 0.9.1 contains a Server-Side Request
Forgery ( ...)
- TODO: check
+ NOT-FOR-US: langgenius/dify
CVE-2024-11821 (A privilege escalation vulnerability exists in langgenius/dify
version ...)
- TODO: check
+ NOT-FOR-US: langgenius/dify
CVE-2024-11603 (A Server-Side Request Forgery (SSRF) vulnerability exists in
lm-sys/fa ...)
- TODO: check
+ NOT-FOR-US: lm-sys/fastchat
CVE-2024-11602 (A Cross-Origin Resource Sharing (CORS) vulnerability exists in
feast-d ...)
TODO: check
CVE-2024-11449 (A vulnerability in haotian-liu/llava version 1.2.0 (LLaVA-1.6)
allows ...)
- TODO: check
+ NOT-FOR-US: haotian-liu/llava
CVE-2024-11441 (A stored cross-site scripting (XSS) vulnerability exists in
Serge vers ...)
- TODO: check
+ NOT-FOR-US: Serge
CVE-2024-11302 (A missing check_access() function in the lollms_binding_infos
module o ...)
TODO: check
CVE-2024-11301 (In lunary-ai/lunary before version 1.6.3, the application
allows the c ...)
- TODO: check
+ NOT-FOR-US: lunary-ai/lunary
CVE-2024-11300 (In lunary-ai/lunary before version 1.6.3, an improper access
control v ...)
- TODO: check
+ NOT-FOR-US: lunary-ai/lunary
CVE-2024-11173 (An unhandled exception in the danny-avila/librechat
repository, versio ...)
- TODO: check
+ NOT-FOR-US: danny-avila/librechat
CVE-2024-11172 (A vulnerability in danny-avila/librechat version git a1647d7
allows an ...)
- TODO: check
+ NOT-FOR-US: danny-avila/librechat
CVE-2024-11171 (In danny-avila/librechat version git 0c2a583, there is an
improper inp ...)
- TODO: check
+ NOT-FOR-US: danny-avila/librechat
CVE-2024-11170 (A vulnerability in danny-avila/librechat version git 81f2936
allows fo ...)
- TODO: check
+ NOT-FOR-US: danny-avila/librechat
CVE-2024-11169 (An unhandled exception in danny-avila/librechat version
3c94ff2 can le ...)
- TODO: check
+ NOT-FOR-US: danny-avila/librechat
CVE-2024-11167 (An improper access control vulnerability in
danny-avila/librechat vers ...)
- TODO: check
+ NOT-FOR-US: danny-avila/librechat
CVE-2024-11137 (An Insecure Direct Object Reference (IDOR) vulnerability
exists in the ...)
- TODO: check
+ NOT-FOR-US: lunary-ai/lunary
CVE-2024-11045 (A Cross-Site WebSocket Hijacking (CSWSH) vulnerability in
automatic111 ...)
- TODO: check
+ NOT-FOR-US: automatic1111/stable-diffusion-webui
CVE-2024-11044 (An open redirect vulnerability in
automatic1111/stable-diffusion-webui ...)
- TODO: check
+ NOT-FOR-US: automatic1111/stable-diffusion-webui
CVE-2024-11043 (A Denial of Service (DoS) vulnerability was discovered in the
/api/v1/ ...)
- TODO: check
+ NOT-FOR-US: invoke-ai/invokeai
CVE-2024-11042 (In invoke-ai/invokeai version v5.0.2, the web API `POST
/api/v1/images ...)
- TODO: check
+ NOT-FOR-US: invoke-ai/invokeai
CVE-2024-11041 (vllm-project vllm version v0.6.2 contains a vulnerability in
the Messa ...)
- vllm <itp> (bug #1095237)
CVE-2024-11040 (vllm-project vllm version 0.5.2.2 is vulnerable to Denial of
Service a ...)
- vllm <itp> (bug #1095237)
CVE-2024-11039 (A pickle deserialization vulnerability exists in the Latex
English err ...)
- TODO: check
+ NOT-FOR-US: binary-husky/gpt_academic
CVE-2024-11037 (A path traversal vulnerability exists in
binary-husky/gpt_academic at ...)
- TODO: check
+ NOT-FOR-US: binary-husky/gpt_academic
CVE-2024-11033 (A Denial of Service (DoS) vulnerability exists in the file
upload feat ...)
- TODO: check
+ NOT-FOR-US: binary-husky/gpt_academic
CVE-2024-11031 (In version 3.83 of binary-husky/gpt_academic, a Server-Side
Request Fo ...)
- TODO: check
+ NOT-FOR-US: binary-husky/gpt_academic
CVE-2024-11030 (GPT Academic version 3.83 is vulnerable to a Server-Side
Request Forge ...)
- TODO: check
+ NOT-FOR-US: binary-husky/gpt_academic
CVE-2024-10986 (GPT Academic version 3.83 is vulnerable to a Local File Read
(LFI) vul ...)
- TODO: check
+ NOT-FOR-US: binary-husky/gpt_academic
CVE-2024-10956 (GPT Academy version 3.83 in the binary-husky/gpt_academic
repository i ...)
- TODO: check
+ NOT-FOR-US: binary-husky/gpt_academic
CVE-2024-10955 (A Regular Expression Denial of Service (ReDoS) vulnerability
exists in ...)
- TODO: check
+ NOT-FOR-US: gaizhenbiao/chuanhuchatgpt
CVE-2024-10954 (In the `manim` plugin of binary-husky/gpt_academic, versions
prior to ...)
- TODO: check
+ NOT-FOR-US: binary-husky/gpt_academic
CVE-2024-10950 (In binary-husky/gpt_academic version <= 3.83, the plugin
`CodeInterpre ...)
- TODO: check
+ NOT-FOR-US: binary-husky/gpt_academic
CVE-2024-10948 (A vulnerability in the upload function of
binary-husky/gpt_academic al ...)
- TODO: check
+ NOT-FOR-US: binary-husky/gpt_academic
CVE-2024-10940 (A vulnerability in langchain-core versions >=0.1.17,<0.1.53,
>=0.2.0,< ...)
TODO: check
CVE-2024-10935 (automatic1111/stable-diffusion-webui version 1.10.0 contains a
vulnera ...)
- TODO: check
+ NOT-FOR-US: automatic1111/stable-diffusion-webui
CVE-2024-10912 (A Denial of Service (DoS) vulnerability exists in the file
upload feat ...)
TODO: check
CVE-2024-10908 (An open redirect vulnerability in lm-sys/fastchat Release
v0.2.36 allo ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29eb098655c1bbc4cee2f0fbc886f1b6147273c7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29eb098655c1bbc4cee2f0fbc886f1b6147273c7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
