[Git][security-tracker-team/security-tracker][master] track ollama ITP

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun Feb 2 14:02:17 GMT 2025



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e029fae7 by Moritz Mühlenhoff at 2025-02-02T15:01:51+01:00
track ollama ITP

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -27259,13 +27259,13 @@ CVE-2024-42835 (langflow v1.0.12 was discovered to contain a remote code executi
 CVE-2024-42515 (Glossarizer through 1.5.2 improperly tries to convert text into HTML.  ...)
 	NOT-FOR-US: Glossarizer
 CVE-2024-39722 (An issue was discovered in Ollama before 0.1.46. It exposes which file ...)
-	NOT-FOR-US: Ollama
+	- ollama <itp> (bug #1094806)
 CVE-2024-39721 (An issue was discovered in Ollama before 0.1.34. The CreateModelHandle ...)
-	NOT-FOR-US: Ollama
+	- ollama <itp> (bug #1094806)
 CVE-2024-39720 (An issue was discovered in Ollama before 0.1.46. An attacker can use t ...)
-	NOT-FOR-US: Ollama
+	- ollama <itp> (bug #1094806)
 CVE-2024-39719 (An issue was discovered in Ollama through 0.3.14. File existence discl ...)
-	NOT-FOR-US: Ollama
+	- ollama <itp> (bug #1094806)
 CVE-2024-39332 (Webswing 23.2.2 allows remote attackers to modify client-side JavaScri ...)
 	NOT-FOR-US: Webswing
 CVE-2024-30149 (HCL AppScan Source <= 10.6.0 does not properly validate a TLS/SSL cert ...)
@@ -42822,7 +42822,7 @@ CVE-2024-4428 (Improper Privilege Management vulnerability in Menulux Informatio
 CVE-2024-45440 (core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (eve ...)
 	- drupal7 <removed>
 CVE-2024-45436 (extractFromZipFile in model.go in Ollama before 0.1.47 can extract mem ...)
-	NOT-FOR-US: Ollama
+	- ollama <itp> (bug #1094806)
 CVE-2024-45435 (Chartist 1.x through 1.3.0 allows Prototype Pollution via the extend f ...)
 	NOT-FOR-US: Chartist
 CVE-2024-45233 (An issue was discovered in powermail extension through 12.3.5 for TYPO ...)
@@ -65583,7 +65583,7 @@ CVE-2024-4376 (The Premium Addons for Elementor plugin for WordPress is vulnerab
 CVE-2024-4205 (The Premium Addons for Elementor plugin for WordPress is vulnerable to ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-37032 (Ollama before 0.1.34 does not validate the format of the digest (sha25 ...)
-	NOT-FOR-US: Ollama
+	- ollama <itp> (bug #1094806)
 CVE-2024-37018 (The OpenDaylight 0.15.3 controller allows topology poisoning via API r ...)
 	NOT-FOR-US: OpenDaylight
 CVE-2024-37017 (asdcplib (aka AS-DCP Lib) 2.13.1 has a heap-based buffer over-read in  ...)
@@ -86380,7 +86380,7 @@ CVE-2024-28732 (An issue was discovered in OFPMatch in parser.py in Faucet SDN R
 CVE-2024-28270 (An issue discovered in web-flash v3.0 allows attackers to reset passwo ...)
 	NOT-FOR-US: web-flash
 CVE-2024-28224 (Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadve ...)
-	NOT-FOR-US: Ollama
+	- ollama <itp> (bug #1094806)
 CVE-2024-28066 (In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a h ...)
 	NOT-FOR-US: Unify CP IP Phone firmware
 CVE-2024-27897 (Input verification vulnerability in the call module. Impact: Successfu ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e029fae7dbc4495dd6cca4abfef3dccf934a71aa

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e029fae7dbc4495dd6cca4abfef3dccf934a71aa
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250202/db903f73/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list