[Git][security-tracker-team/security-tracker][master] track ollama ITP
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sun Feb 2 14:02:17 GMT 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e029fae7 by Moritz Mühlenhoff at 2025-02-02T15:01:51+01:00
track ollama ITP
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -27259,13 +27259,13 @@ CVE-2024-42835 (langflow v1.0.12 was discovered to contain a remote code executi
CVE-2024-42515 (Glossarizer through 1.5.2 improperly tries to convert text into HTML. ...)
NOT-FOR-US: Glossarizer
CVE-2024-39722 (An issue was discovered in Ollama before 0.1.46. It exposes which file ...)
- NOT-FOR-US: Ollama
+ - ollama <itp> (bug #1094806)
CVE-2024-39721 (An issue was discovered in Ollama before 0.1.34. The CreateModelHandle ...)
- NOT-FOR-US: Ollama
+ - ollama <itp> (bug #1094806)
CVE-2024-39720 (An issue was discovered in Ollama before 0.1.46. An attacker can use t ...)
- NOT-FOR-US: Ollama
+ - ollama <itp> (bug #1094806)
CVE-2024-39719 (An issue was discovered in Ollama through 0.3.14. File existence discl ...)
- NOT-FOR-US: Ollama
+ - ollama <itp> (bug #1094806)
CVE-2024-39332 (Webswing 23.2.2 allows remote attackers to modify client-side JavaScri ...)
NOT-FOR-US: Webswing
CVE-2024-30149 (HCL AppScan Source <= 10.6.0 does not properly validate a TLS/SSL cert ...)
@@ -42822,7 +42822,7 @@ CVE-2024-4428 (Improper Privilege Management vulnerability in Menulux Informatio
CVE-2024-45440 (core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (eve ...)
- drupal7 <removed>
CVE-2024-45436 (extractFromZipFile in model.go in Ollama before 0.1.47 can extract mem ...)
- NOT-FOR-US: Ollama
+ - ollama <itp> (bug #1094806)
CVE-2024-45435 (Chartist 1.x through 1.3.0 allows Prototype Pollution via the extend f ...)
NOT-FOR-US: Chartist
CVE-2024-45233 (An issue was discovered in powermail extension through 12.3.5 for TYPO ...)
@@ -65583,7 +65583,7 @@ CVE-2024-4376 (The Premium Addons for Elementor plugin for WordPress is vulnerab
CVE-2024-4205 (The Premium Addons for Elementor plugin for WordPress is vulnerable to ...)
NOT-FOR-US: WordPress plugin
CVE-2024-37032 (Ollama before 0.1.34 does not validate the format of the digest (sha25 ...)
- NOT-FOR-US: Ollama
+ - ollama <itp> (bug #1094806)
CVE-2024-37018 (The OpenDaylight 0.15.3 controller allows topology poisoning via API r ...)
NOT-FOR-US: OpenDaylight
CVE-2024-37017 (asdcplib (aka AS-DCP Lib) 2.13.1 has a heap-based buffer over-read in ...)
@@ -86380,7 +86380,7 @@ CVE-2024-28732 (An issue was discovered in OFPMatch in parser.py in Faucet SDN R
CVE-2024-28270 (An issue discovered in web-flash v3.0 allows attackers to reset passwo ...)
NOT-FOR-US: web-flash
CVE-2024-28224 (Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadve ...)
- NOT-FOR-US: Ollama
+ - ollama <itp> (bug #1094806)
CVE-2024-28066 (In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a h ...)
NOT-FOR-US: Unify CP IP Phone firmware
CVE-2024-27897 (Input verification vulnerability in the call module. Impact: Successfu ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e029fae7dbc4495dd6cca4abfef3dccf934a71aa
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e029fae7dbc4495dd6cca4abfef3dccf934a71aa
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250202/db903f73/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list