Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
707bd0ba by Salvatore Bonaccorso at 2025-03-20T22:04:52+01:00
Associate some CVEs with vllm, itp'ed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -202,9 +202,9 @@ CVE-2024-9070 (A deserialization vulnerability exists in
BentoML's runner server
CVE-2024-9056 (BentoML version v1.3.4post1 is vulnerable to a Denial of
Service (DoS) ...)
NOT-FOR-US: bentoml/bentoml
CVE-2024-9053 (vllm-project vllm version 0.6.0 contains a vulnerability in the
AsyncE ...)
- NOT-FOR-US: vllm
+ - vllm <itp> (bug #1095237)
CVE-2024-9052 (vllm-project vllm version 0.6.0 contains a vulnerability in the
distri ...)
- NOT-FOR-US: vllm
+ - vllm <itp> (bug #1095237)
CVE-2024-9016 (man-group dtale version <= 3.13.1 contains a vulnerability
where the q ...)
TODO: check
CVE-2024-9000 (In lunary-ai/lunary before version 1.4.26, the
checklists.post() endpo ...)
@@ -849,9 +849,9 @@ CVE-2025-29925 (XWiki Platform is a generic wiki platform.
Prior to 15.10.14, 16
CVE-2025-29924 (XWiki Platform is a generic wiki platform. Prior to 15.10.14,
16.4.6, ...)
NOT-FOR-US: XWiki
CVE-2025-29783 (vLLM is a high-throughput and memory-efficient inference and
serving e ...)
- NOT-FOR-US: vLLM
+ - vllm <itp> (bug #1095237)
CVE-2025-29770 (vLLM is a high-throughput and memory-efficient inference and
serving e ...)
- NOT-FOR-US: vLLM
+ - vllm <itp> (bug #1095237)
CVE-2025-29405 (An arbitrary file upload vulnerability in the component
/admin/templat ...)
NOT-FOR-US: emlog pro
CVE-2025-29401 (An arbitrary file upload vulnerability in the component
/views/plugin. ...)
@@ -14121,7 +14121,7 @@ CVE-2024-55272 (An issue in Brainasoft Braina v2.8
allows a remote attacker to o
CVE-2024-55215 (An issue in trojan v.2.0.0 through v.2.15.3 allows a remote
attacker t ...)
NOT-FOR-US: trojan
CVE-2025-25183 (vLLM is a high-throughput and memory-efficient inference and
serving e ...)
- NOT-FOR-US: vLLM
+ - vllm <itp> (bug #1095237)
CVE-2025-25168 (Cross-Site Request Forgery (CSRF) vulnerability in
blackandwhitedigita ...)
NOT-FOR-US: WordPress plugin
CVE-2025-25167 (Missing Authorization vulnerability in blackandwhitedigital
BookPress ...)
@@ -17004,7 +17004,7 @@ CVE-2025-24365 (vaultwarden is an unofficial Bitwarden
compatible server written
CVE-2025-24364 (vaultwarden is an unofficial Bitwarden compatible server
written in Ru ...)
- vaultwarden <itp> (bug #1067023)
CVE-2025-24357 (vLLM is a library for LLM inference and serving.
vllm/model_executor/w ...)
- NOT-FOR-US: vLLM
+ - vllm <itp> (bug #1095237)
CVE-2025-24354 (imgproxy is server for resizing, processing, and converting
images. Im ...)
NOT-FOR-US: imgproxy
CVE-2025-23982 (Missing Authorization vulnerability in Marian Kanev Cab fare
calculato ...)
@@ -55349,7 +55349,7 @@ CVE-2024-6482 (The Login with phone number plugin for
WordPress is vulnerable to
CVE-2023-3410 (The Bricks theme for WordPress is vulnerable to Stored
Cross-Site Scri ...)
NOT-FOR-US: WordPress theme
CVE-2024-8768 (A flaw was found in the vLLM library. A completions API request
with a ...)
- NOT-FOR-US: vLLM
+ - vllm <itp> (bug #1095237)
CVE-2024-8797 (The WP Booking System \u2013 Booking Calendar plugin for
WordPress is ...)
NOT-FOR-US: WordPress plugin
CVE-2024-8775 (A flaw was found in Ansible, where sensitive information stored
in Ans ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/707bd0ba56b4cf80edfa86486bb803c458aec2bb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/707bd0ba56b4cf80edfa86486bb803c458aec2bb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
