[Git][security-tracker-team/security-tracker][master] Process some CVEs for ollama, itp'ed
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Mar 20 20:23:37 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7a1809ef by Salvatore Bonaccorso at 2025-03-20T21:23:08+01:00
Process some CVEs for ollama, itp'ed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -93,13 +93,13 @@ CVE-2025-0452 (eosphoros-ai/DB-GPT version latest is vulnerable to arbitrary fil
CVE-2025-0330 (In berriai/litellm version v1.52.1, an issue in proxy_server.py causes ...)
NOT-FOR-US: berriai/litellm
CVE-2025-0317 (A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious ...)
- TODO: check
+ - ollama <itp> (bug #1094806)
CVE-2025-0315 (A vulnerability in ollama/ollama <=0.3.14 allows a malicious user to c ...)
- TODO: check
+ - ollama <itp> (bug #1094806)
CVE-2025-0313 (A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious ...)
- TODO: check
+ - ollama <itp> (bug #1094806)
CVE-2025-0312 (A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious ...)
- TODO: check
+ - ollama <itp> (bug #1094806)
CVE-2025-0281 (A stored cross-site scripting (XSS) vulnerability exists in lunary-ai/ ...)
TODO: check
CVE-2025-0254 (HCL Digital Experience components Ring API and dxclient may be vulnera ...)
@@ -287,7 +287,7 @@ CVE-2024-8099 (A Server-Side Request Forgery (SSRF) vulnerability exists in the
CVE-2024-8065 (A Cross-Site Request Forgery (CSRF) vulnerability in version v1.4.1 of ...)
TODO: check
CVE-2024-8063 (A divide by zero vulnerability exists in ollama/ollama version v0.3.3. ...)
- TODO: check
+ - ollama <itp> (bug #1094806)
CVE-2024-8062 (A vulnerability in the typeahead endpoint of h2oai/h2o-3 version 3.46. ...)
TODO: check
CVE-2024-8061 (In version 3.23.0 of aimhubio/aim, certain methods that request data f ...)
@@ -341,7 +341,7 @@ CVE-2024-7779 (A vulnerability in danswer-ai/danswer version 1 allows an attacke
CVE-2024-7776 (A vulnerability in the `download_model` function of the onnx/onnx fram ...)
TODO: check
CVE-2024-7773 (A vulnerability in ollama/ollama version 0.1.37 allows for remote code ...)
- TODO: check
+ - ollama <itp> (bug #1094806)
CVE-2024-7771 (A vulnerability in the Dockerized version of mintplex-labs/anything-ll ...)
TODO: check
CVE-2024-7768 (A vulnerability in the `/3/ImportFiles` endpoint of h2oai/h2o-3 versio ...)
@@ -449,7 +449,7 @@ CVE-2024-12910 (A vulnerability in the `KnowledgeBaseWebReader` class of the run
CVE-2024-12909 (A vulnerability in the FinanceChatLlamaPack of the run-llama/llama_ind ...)
TODO: check
CVE-2024-12886 (An Out-Of-Memory (OOM) vulnerability exists in the `ollama` server ver ...)
- TODO: check
+ - ollama <itp> (bug #1094806)
CVE-2024-12882 (comfyanonymous/comfyui version v0.2.4 suffers from a non-blind Server- ...)
TODO: check
CVE-2024-12880 (A vulnerability in infiniflow/ragflow version RAGFlow-0.13.0 allows fo ...)
@@ -533,7 +533,7 @@ CVE-2024-12065 (A local file inclusion vulnerability exists in haotian-liu/llava
CVE-2024-12063 (A Denial of Service (DoS) vulnerability exists in the file upload feat ...)
TODO: check
CVE-2024-12055 (A vulnerability in Ollama versions <=0.3.14 allows a malicious user to ...)
- TODO: check
+ - ollama <itp> (bug #1094806)
CVE-2024-12048 (An IDOR (Insecure Direct Object Reference) vulnerability exists in tra ...)
TODO: check
CVE-2024-12044 (A remote code execution vulnerability exists in open-mmlab/mmdetection ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a1809ef0dcca6c28949cc2c0aa25fa6efce102d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a1809ef0dcca6c28949cc2c0aa25fa6efce102d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250320/573c8f1b/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list