Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
45953fa9 by Salvatore Bonaccorso at 2025-03-20T22:01:11+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -121,7 +121,7 @@ CVE-2025-0188 (A Server-Side Request Forgery (SSRF)
vulnerability was discovered
CVE-2025-0187 (A Denial of Service (DoS) vulnerability was discovered in the
file upl ...)
NOT-FOR-US: Gradio
CVE-2025-0185 (A vulnerability in the Dify Tools' Vanna module of the
langgenius/dify ...)
- TODO: check
+ NOT-FOR-US: langgenius/dify
CVE-2025-0184 (A Server-Side Request Forgery (SSRF) vulnerability was
identified in l ...)
NOT-FOR-US: langgenius/dify
CVE-2025-0183 (A stored cross-site scripting (XSS) vulnerability exists in the
Latex ...)
@@ -154,19 +154,19 @@ CVE-2024-9612 (In danswer-ai/danswer v0.3.94,
administrators can set the visibil
CVE-2024-9606 (In berriai/litellm before version 1.44.12, the
`litellm/litellm_core_u ...)
NOT-FOR-US: berriai/litellm
CVE-2024-9597 (A Path Traversal vulnerability exists in the `/wipe_database`
endpoint ...)
- TODO: check
+ NOT-FOR-US: parisneo/lollms
CVE-2024-9447 (An information disclosure vulnerability exists in the latest
version o ...)
- TODO: check
+ NOT-FOR-US: transformeroptimus/superagi
CVE-2024-9439 (SuperAGI is vulnerable to remote code execution in the latest
version. ...)
- TODO: check
+ NOT-FOR-US: transformeroptimus/superagi
CVE-2024-9437 (SuperAGI version v0.0.14 is vulnerable to an unauthenticated
Denial of ...)
- TODO: check
+ NOT-FOR-US: transformeroptimus/superagi
CVE-2024-9431 (In version v0.0.14 of transformeroptimus/superagi, there is an
imprope ...)
- TODO: check
+ NOT-FOR-US: transformeroptimus/superagi
CVE-2024-9418 (In version 0.0.14 of transformeroptimus/superagi, the API
endpoint `/a ...)
- TODO: check
+ NOT-FOR-US: transformeroptimus/superagi
CVE-2024-9415 (A Path Traversal vulnerability exists in the file upload
functionality ...)
- TODO: check
+ NOT-FOR-US: transformeroptimus/superagi
CVE-2024-9365 (A Cross-Site Request Forgery (CSRF) vulnerability in
polyaxon/polyaxon ...)
TODO: check
CVE-2024-9363 (An unauthorized file deletion vulnerability exists in the
latest versi ...)
@@ -174,123 +174,123 @@ CVE-2024-9363 (An unauthorized file deletion
vulnerability exists in the latest
CVE-2024-9362 (An unauthenticated directory traversal vulnerability exists in
Polyaxo ...)
TODO: check
CVE-2024-9340 (A Denial of Service (DoS) vulnerability in zenml-io/zenml
version 0.66 ...)
- TODO: check
+ NOT-FOR-US: zenml-io/zenml
CVE-2024-9311 (A Cross-Site Request Forgery (CSRF) vulnerability in
haotian-liu/llava ...)
- TODO: check
+ NOT-FOR-US: haotian-liu/llava
CVE-2024-9309 (A Server-Side Request Forgery (SSRF) vulnerability exists in
the POST ...)
- TODO: check
+ NOT-FOR-US: haotian-liu/llava
CVE-2024-9308 (An open redirect vulnerability in haotian-liu/llava version
v1.2.0 (LL ...)
- TODO: check
+ NOT-FOR-US: haotian-liu/llava
CVE-2024-9229 (A Denial of Service (DoS) vulnerability in the file upload
feature of ...)
- TODO: check
+ NOT-FOR-US: stangirard/quivr
CVE-2024-9216 (An authentication bypass vulnerability exists in
gaizhenbiao/ChuanhuCh ...)
- TODO: check
+ NOT-FOR-US: gaizhenbiao/ChuanhuChatGPT
CVE-2024-9159 (An incorrect authorization vulnerability exists in
gaizhenbiao/chuanhu ...)
- TODO: check
+ NOT-FOR-US: gaizhenbiao/chuanhuchatgpt
CVE-2024-9107 (A stored cross-site scripting (XSS) vulnerability exists in the
gaizhe ...)
- TODO: check
+ NOT-FOR-US: gaizhenbiao/chuanhuchatgpt
CVE-2024-9099 (In lunary-ai/lunary version v1.4.29, the GET /projects API
endpoint ex ...)
- TODO: check
+ NOT-FOR-US: lunary-ai/lunary
CVE-2024-9098 (In lunary-ai/lunary before version 1.4.30, a privilege
escalation vuln ...)
- TODO: check
+ NOT-FOR-US: lunary-ai/lunary
CVE-2024-9096 (In lunary-ai/lunary version 1.4.28, the /checklists/:id route
allows l ...)
- TODO: check
+ NOT-FOR-US: lunary-ai/lunary
CVE-2024-9095 (In lunary-ai/lunary version v1.4.28, the /bigquery API route
lacks pro ...)
- TODO: check
+ NOT-FOR-US: lunary-ai/lunary
CVE-2024-9070 (A deserialization vulnerability exists in BentoML's runner
server in b ...)
- TODO: check
+ NOT-FOR-US: bentoml/bentoml
CVE-2024-9056 (BentoML version v1.3.4post1 is vulnerable to a Denial of
Service (DoS) ...)
- TODO: check
+ NOT-FOR-US: bentoml/bentoml
CVE-2024-9053 (vllm-project vllm version 0.6.0 contains a vulnerability in the
AsyncE ...)
- TODO: check
+ NOT-FOR-US: vllm
CVE-2024-9052 (vllm-project vllm version 0.6.0 contains a vulnerability in the
distri ...)
- TODO: check
+ NOT-FOR-US: vllm
CVE-2024-9016 (man-group dtale version <= 3.13.1 contains a vulnerability
where the q ...)
TODO: check
CVE-2024-9000 (In lunary-ai/lunary before version 1.4.26, the
checklists.post() endpo ...)
- TODO: check
+ NOT-FOR-US: lunary-ai/lunary
CVE-2024-8999 (lunary-ai/lunary version v1.4.25 contains an improper access
control v ...)
- TODO: check
+ NOT-FOR-US: lunary-ai/lunary
CVE-2024-8998 (A Regular Expression Denial of Service (ReDoS) vulnerability
exists in ...)
- TODO: check
+ NOT-FOR-US: lunary-ai/lunary
CVE-2024-8984 (A Denial of Service (DoS) vulnerability exists in
berriai/litellm vers ...)
- TODO: check
+ NOT-FOR-US: berriai/litellm
CVE-2024-8982 (A Local File Inclusion (LFI) vulnerability in OpenLLM version
0.6.10 a ...)
- TODO: check
+ NOT-FOR-US: OpenLLM
CVE-2024-8966 (A vulnerability in the file upload process of gradio-app/gradio
versio ...)
- TODO: check
+ NOT-FOR-US: Gradio
CVE-2024-8958 (In composiohq/composio version 0.4.3, there is an unrestricted
file wr ...)
- TODO: check
+ NOT-FOR-US: composiohq/composio
CVE-2024-8955 (A Server-Side Request Forgery (SSRF) vulnerability exists in
composioh ...)
- TODO: check
+ NOT-FOR-US: composiohq/composio
CVE-2024-8954 (In composiohq/composio version 0.5.10, the API does not
validate the ` ...)
- TODO: check
+ NOT-FOR-US: composiohq/composio
CVE-2024-8953 (In composiohq/composio version 0.4.3, the
mathematical_calculator endp ...)
- TODO: check
+ NOT-FOR-US: composiohq/composio
CVE-2024-8952 (A Server-Side Request Forgery (SSRF) vulnerability exists in
composioh ...)
- TODO: check
+ NOT-FOR-US: composiohq/composio
CVE-2024-8898 (A path traversal vulnerability exists in the `install` and
`uninstall` ...)
- TODO: check
+ NOT-FOR-US: parisneo/lollms-webui
CVE-2024-8859 (A path traversal vulnerability exists in mlflow/mlflow version
2.15.1. ...)
- TODO: check
+ NOT-FOR-US: mlflow
CVE-2024-8789 (Lunary-ai/lunary version git 105a3f6 is vulnerable to a Regular
Expres ...)
- TODO: check
+ NOT-FOR-US: Lunary-ai/lunary
CVE-2024-8769 (A vulnerability in the `LockManager.release_locks` function in
aimhubi ...)
- TODO: check
+ NOT-FOR-US: aimhubio/aim
CVE-2024-8765 (In lunary-ai/lunary, the privilege check mechanism is flawed in
versio ...)
- TODO: check
+ NOT-FOR-US: Lunary-ai/lunary
CVE-2024-8764 (A vulnerability in lunary-ai/lunary, as of commit be54057,
allows user ...)
- TODO: check
+ NOT-FOR-US: Lunary-ai/lunary
CVE-2024-8763 (A Regular Expression Denial of Service (ReDoS) vulnerability
exists in ...)
- TODO: check
+ NOT-FOR-US: Lunary-ai/lunary
CVE-2024-8736 (A Denial of Service (DoS) vulnerability exists in multiple file
upload ...)
- TODO: check
+ NOT-FOR-US: parisneo/lollms-webui
CVE-2024-8616 (In h2oai/h2o-3 version 3.46.0, the `/99/Models/{name}/json`
endpoint a ...)
TODO: check
CVE-2024-8613 (A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240802
allows ...)
- TODO: check
+ NOT-FOR-US: gaizhenbiao/chuanhuchatgpt
CVE-2024-8581 (A vulnerability in the `upload_app` function of
parisneo/lollms-webui ...)
- TODO: check
+ NOT-FOR-US: parisneo/lollms-webui
CVE-2024-8556 (A stored cross-site scripting (XSS) vulnerability exists in
modelscope ...)
- TODO: check
+ NOT-FOR-US: modelscope/agentscope
CVE-2024-8551 (A path traversal vulnerability exists in the save-workflow and
load-wo ...)
- TODO: check
+ NOT-FOR-US: modelscope/agentscope
CVE-2024-8537 (A path traversal vulnerability exists in the
modelscope/agentscope app ...)
- TODO: check
+ NOT-FOR-US: modelscope/agentscope
CVE-2024-8524 (A directory traversal vulnerability exists in
modelscope/agentscope ve ...)
- TODO: check
+ NOT-FOR-US: modelscope/agentscope
CVE-2024-8502 (A vulnerability in the RpcAgentServerLauncher class of
modelscope/agen ...)
- TODO: check
+ NOT-FOR-US: modelscope/agentscope
CVE-2024-8501 (An arbitrary file download vulnerability exists in the
rpc_agent_clien ...)
- TODO: check
+ NOT-FOR-US: modelscope/agentscope
CVE-2024-8489 (A vulnerability in modelscope/agentscope, specifically in the
AgentSco ...)
TODO: check
CVE-2024-8487 (A Cross-Origin Resource Sharing (CORS) vulnerability exists in
modelsc ...)
- TODO: check
+ NOT-FOR-US: modelscope/agentscope
CVE-2024-8438 (A path traversal vulnerability exists in modelscope/agentscope
version ...)
- TODO: check
+ NOT-FOR-US: modelscope/agentscope
CVE-2024-8400 (A stored cross-site scripting (XSS) vulnerability exists in the
latest ...)
- TODO: check
+ NOT-FOR-US: gaizhenbiao/chuanhuchatgpt
CVE-2024-8251 (A vulnerability in mintplex-labs/anything-llm prior to version
1.2.2 a ...)
- TODO: check
+ NOT-FOR-US: mintplex-labs/anything-llm
CVE-2024-8249 (mintplex-labs/anything-llm version git 6dc3642 contains an
unauthentic ...)
- TODO: check
+ NOT-FOR-US: mintplex-labs/anything-llm
CVE-2024-8248 (A vulnerability in the normalizePath function in
mintplex-labs/anythin ...)
- TODO: check
+ NOT-FOR-US: mintplex-labs/anything-llm
CVE-2024-8238 (In version 3.22.0 of aimhubio/aim, the AimQL query language
uses an ou ...)
- TODO: check
+ NOT-FOR-US: aimhubio/aim
CVE-2024-8196 (In mintplex-labs/anything-llm v1.5.11 desktop version for
Windows, the ...)
- TODO: check
+ NOT-FOR-US: mintplex-labs/anything-llm
CVE-2024-8183 (A CORS (Cross-Origin Resource Sharing) misconfiguration in
prefecthq/p ...)
TODO: check
CVE-2024-8156 (A command injection vulnerability exists in the
workflow-checker.yml w ...)
- TODO: check
+ NOT-FOR-US: significant-gravitas/autogpt
CVE-2024-8101 (A stored cross-site scripting (XSS) vulnerability exists in the
Text E ...)
- TODO: check
+ NOT-FOR-US: aimhubio/aim
CVE-2024-8099 (A Server-Side Request Forgery (SSRF) vulnerability exists in
the lates ...)
- TODO: check
+ NOT-FOR-US: vanna-ai/vanna
CVE-2024-8065 (A Cross-Site Request Forgery (CSRF) vulnerability in version
v1.4.1 of ...)
- TODO: check
+ NOT-FOR-US: danswer-ai/danswer
CVE-2024-8063 (A divide by zero vulnerability exists in ollama/ollama version
v0.3.3. ...)
- ollama <itp> (bug #1094806)
CVE-2024-8062 (A vulnerability in the typeahead endpoint of h2oai/h2o-3
version 3.46. ...)
@@ -298,17 +298,17 @@ CVE-2024-8062 (A vulnerability in the typeahead endpoint
of h2oai/h2o-3 version
CVE-2024-8061 (In version 3.23.0 of aimhubio/aim, certain methods that request
data f ...)
TODO: check
CVE-2024-8060 (OpenWebUI version 0.3.0 contains a vulnerability in the audio
API endp ...)
- TODO: check
+ NOT-FOR-US: OpenWebUI
CVE-2024-8057 (In version 0.4.1 of danswer-ai/danswer, a vulnerability exists
where a ...)
- TODO: check
+ NOT-FOR-US: danswer-ai/danswer
CVE-2024-8055 (Vanna v0.6.3 is vulnerable to SQL injection via Snowflake
database in ...)
- TODO: check
+ NOT-FOR-US: Vanna
CVE-2024-8053 (In version v0.3.10 of open-webui/open-webui, the
`api/v1/utils/pdf` en ...)
- TODO: check
+ NOT-FOR-US: open-webui/open-webui
CVE-2024-8029 (An XSS vulnerability was discovered in the upload file(s)
process of i ...)
- TODO: check
+ NOT-FOR-US: imartinez/privategpt
CVE-2024-8028 (A vulnerability in danswer-ai/danswer v0.3.94 allows an
attacker to ca ...)
- TODO: check
+ NOT-FOR-US: danswer-ai/danswer
CVE-2024-8027 (A stored Cross-Site Scripting (XSS) vulnerability exists in
netease-yo ...)
TODO: check
CVE-2024-8026 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the
backen ...)
@@ -316,7 +316,7 @@ CVE-2024-8026 (A Cross-Site Request Forgery (CSRF)
vulnerability exists in the b
CVE-2024-8024 (A CORS misconfiguration vulnerability exists in
netease-youdao/qanythi ...)
TODO: check
CVE-2024-8021 (An open redirect vulnerability exists in the latest version of
gradio- ...)
- TODO: check
+ NOT-FOR-US: Gradio
CVE-2024-8020 (A vulnerability in lightning-ai/pytorch-lightning version 2.3.2
allows ...)
TODO: check
CVE-2024-8019 (In lightning-ai/pytorch-lightning version 2.3.2, a
vulnerability exist ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45953fa9286eb51b7faa3b2a1a9a71092725b7f6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45953fa9286eb51b7faa3b2a1a9a71092725b7f6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
