Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7a1809ef by Salvatore Bonaccorso at 2025-03-20T21:23:08+01:00
Process some CVEs for ollama, itp'ed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -93,13 +93,13 @@ CVE-2025-0452 (eosphoros-ai/DB-GPT version latest is
vulnerable to arbitrary fil
CVE-2025-0330 (In berriai/litellm version v1.52.1, an issue in proxy_server.py
causes ...)
NOT-FOR-US: berriai/litellm
CVE-2025-0317 (A vulnerability in ollama/ollama versions <=0.3.14 allows a
malicious ...)
- TODO: check
+ - ollama <itp> (bug #1094806)
CVE-2025-0315 (A vulnerability in ollama/ollama <=0.3.14 allows a malicious
user to c ...)
- TODO: check
+ - ollama <itp> (bug #1094806)
CVE-2025-0313 (A vulnerability in ollama/ollama versions <=0.3.14 allows a
malicious ...)
- TODO: check
+ - ollama <itp> (bug #1094806)
CVE-2025-0312 (A vulnerability in ollama/ollama versions <=0.3.14 allows a
malicious ...)
- TODO: check
+ - ollama <itp> (bug #1094806)
CVE-2025-0281 (A stored cross-site scripting (XSS) vulnerability exists in
lunary-ai/ ...)
TODO: check
CVE-2025-0254 (HCL Digital Experience components Ring API and dxclient may be
vulnera ...)
@@ -287,7 +287,7 @@ CVE-2024-8099 (A Server-Side Request Forgery (SSRF)
vulnerability exists in the
CVE-2024-8065 (A Cross-Site Request Forgery (CSRF) vulnerability in version
v1.4.1 of ...)
TODO: check
CVE-2024-8063 (A divide by zero vulnerability exists in ollama/ollama version
v0.3.3. ...)
- TODO: check
+ - ollama <itp> (bug #1094806)
CVE-2024-8062 (A vulnerability in the typeahead endpoint of h2oai/h2o-3
version 3.46. ...)
TODO: check
CVE-2024-8061 (In version 3.23.0 of aimhubio/aim, certain methods that request
data f ...)
@@ -341,7 +341,7 @@ CVE-2024-7779 (A vulnerability in danswer-ai/danswer
version 1 allows an attacke
CVE-2024-7776 (A vulnerability in the `download_model` function of the
onnx/onnx fram ...)
TODO: check
CVE-2024-7773 (A vulnerability in ollama/ollama version 0.1.37 allows for
remote code ...)
- TODO: check
+ - ollama <itp> (bug #1094806)
CVE-2024-7771 (A vulnerability in the Dockerized version of
mintplex-labs/anything-ll ...)
TODO: check
CVE-2024-7768 (A vulnerability in the `/3/ImportFiles` endpoint of h2oai/h2o-3
versio ...)
@@ -449,7 +449,7 @@ CVE-2024-12910 (A vulnerability in the
`KnowledgeBaseWebReader` class of the run
CVE-2024-12909 (A vulnerability in the FinanceChatLlamaPack of the
run-llama/llama_ind ...)
TODO: check
CVE-2024-12886 (An Out-Of-Memory (OOM) vulnerability exists in the `ollama`
server ver ...)
- TODO: check
+ - ollama <itp> (bug #1094806)
CVE-2024-12882 (comfyanonymous/comfyui version v0.2.4 suffers from a non-blind
Server- ...)
TODO: check
CVE-2024-12880 (A vulnerability in infiniflow/ragflow version RAGFlow-0.13.0
allows fo ...)
@@ -533,7 +533,7 @@ CVE-2024-12065 (A local file inclusion vulnerability exists
in haotian-liu/llava
CVE-2024-12063 (A Denial of Service (DoS) vulnerability exists in the file
upload feat ...)
TODO: check
CVE-2024-12055 (A vulnerability in Ollama versions <=0.3.14 allows a malicious
user to ...)
- TODO: check
+ - ollama <itp> (bug #1094806)
CVE-2024-12048 (An IDOR (Insecure Direct Object Reference) vulnerability
exists in tra ...)
TODO: check
CVE-2024-12044 (A remote code execution vulnerability exists in
open-mmlab/mmdetection ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a1809ef0dcca6c28949cc2c0aa25fa6efce102d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a1809ef0dcca6c28949cc2c0aa25fa6efce102d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
