[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Mar 20 21:01:42 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
45953fa9 by Salvatore Bonaccorso at 2025-03-20T22:01:11+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -121,7 +121,7 @@ CVE-2025-0188 (A Server-Side Request Forgery (SSRF) vulnerability was discovered
CVE-2025-0187 (A Denial of Service (DoS) vulnerability was discovered in the file upl ...)
NOT-FOR-US: Gradio
CVE-2025-0185 (A vulnerability in the Dify Tools' Vanna module of the langgenius/dify ...)
- TODO: check
+ NOT-FOR-US: langgenius/dify
CVE-2025-0184 (A Server-Side Request Forgery (SSRF) vulnerability was identified in l ...)
NOT-FOR-US: langgenius/dify
CVE-2025-0183 (A stored cross-site scripting (XSS) vulnerability exists in the Latex ...)
@@ -154,19 +154,19 @@ CVE-2024-9612 (In danswer-ai/danswer v0.3.94, administrators can set the visibil
CVE-2024-9606 (In berriai/litellm before version 1.44.12, the `litellm/litellm_core_u ...)
NOT-FOR-US: berriai/litellm
CVE-2024-9597 (A Path Traversal vulnerability exists in the `/wipe_database` endpoint ...)
- TODO: check
+ NOT-FOR-US: parisneo/lollms
CVE-2024-9447 (An information disclosure vulnerability exists in the latest version o ...)
- TODO: check
+ NOT-FOR-US: transformeroptimus/superagi
CVE-2024-9439 (SuperAGI is vulnerable to remote code execution in the latest version. ...)
- TODO: check
+ NOT-FOR-US: transformeroptimus/superagi
CVE-2024-9437 (SuperAGI version v0.0.14 is vulnerable to an unauthenticated Denial of ...)
- TODO: check
+ NOT-FOR-US: transformeroptimus/superagi
CVE-2024-9431 (In version v0.0.14 of transformeroptimus/superagi, there is an imprope ...)
- TODO: check
+ NOT-FOR-US: transformeroptimus/superagi
CVE-2024-9418 (In version 0.0.14 of transformeroptimus/superagi, the API endpoint `/a ...)
- TODO: check
+ NOT-FOR-US: transformeroptimus/superagi
CVE-2024-9415 (A Path Traversal vulnerability exists in the file upload functionality ...)
- TODO: check
+ NOT-FOR-US: transformeroptimus/superagi
CVE-2024-9365 (A Cross-Site Request Forgery (CSRF) vulnerability in polyaxon/polyaxon ...)
TODO: check
CVE-2024-9363 (An unauthorized file deletion vulnerability exists in the latest versi ...)
@@ -174,123 +174,123 @@ CVE-2024-9363 (An unauthorized file deletion vulnerability exists in the latest
CVE-2024-9362 (An unauthenticated directory traversal vulnerability exists in Polyaxo ...)
TODO: check
CVE-2024-9340 (A Denial of Service (DoS) vulnerability in zenml-io/zenml version 0.66 ...)
- TODO: check
+ NOT-FOR-US: zenml-io/zenml
CVE-2024-9311 (A Cross-Site Request Forgery (CSRF) vulnerability in haotian-liu/llava ...)
- TODO: check
+ NOT-FOR-US: haotian-liu/llava
CVE-2024-9309 (A Server-Side Request Forgery (SSRF) vulnerability exists in the POST ...)
- TODO: check
+ NOT-FOR-US: haotian-liu/llava
CVE-2024-9308 (An open redirect vulnerability in haotian-liu/llava version v1.2.0 (LL ...)
- TODO: check
+ NOT-FOR-US: haotian-liu/llava
CVE-2024-9229 (A Denial of Service (DoS) vulnerability in the file upload feature of ...)
- TODO: check
+ NOT-FOR-US: stangirard/quivr
CVE-2024-9216 (An authentication bypass vulnerability exists in gaizhenbiao/ChuanhuCh ...)
- TODO: check
+ NOT-FOR-US: gaizhenbiao/ChuanhuChatGPT
CVE-2024-9159 (An incorrect authorization vulnerability exists in gaizhenbiao/chuanhu ...)
- TODO: check
+ NOT-FOR-US: gaizhenbiao/chuanhuchatgpt
CVE-2024-9107 (A stored cross-site scripting (XSS) vulnerability exists in the gaizhe ...)
- TODO: check
+ NOT-FOR-US: gaizhenbiao/chuanhuchatgpt
CVE-2024-9099 (In lunary-ai/lunary version v1.4.29, the GET /projects API endpoint ex ...)
- TODO: check
+ NOT-FOR-US: lunary-ai/lunary
CVE-2024-9098 (In lunary-ai/lunary before version 1.4.30, a privilege escalation vuln ...)
- TODO: check
+ NOT-FOR-US: lunary-ai/lunary
CVE-2024-9096 (In lunary-ai/lunary version 1.4.28, the /checklists/:id route allows l ...)
- TODO: check
+ NOT-FOR-US: lunary-ai/lunary
CVE-2024-9095 (In lunary-ai/lunary version v1.4.28, the /bigquery API route lacks pro ...)
- TODO: check
+ NOT-FOR-US: lunary-ai/lunary
CVE-2024-9070 (A deserialization vulnerability exists in BentoML's runner server in b ...)
- TODO: check
+ NOT-FOR-US: bentoml/bentoml
CVE-2024-9056 (BentoML version v1.3.4post1 is vulnerable to a Denial of Service (DoS) ...)
- TODO: check
+ NOT-FOR-US: bentoml/bentoml
CVE-2024-9053 (vllm-project vllm version 0.6.0 contains a vulnerability in the AsyncE ...)
- TODO: check
+ NOT-FOR-US: vllm
CVE-2024-9052 (vllm-project vllm version 0.6.0 contains a vulnerability in the distri ...)
- TODO: check
+ NOT-FOR-US: vllm
CVE-2024-9016 (man-group dtale version <= 3.13.1 contains a vulnerability where the q ...)
TODO: check
CVE-2024-9000 (In lunary-ai/lunary before version 1.4.26, the checklists.post() endpo ...)
- TODO: check
+ NOT-FOR-US: lunary-ai/lunary
CVE-2024-8999 (lunary-ai/lunary version v1.4.25 contains an improper access control v ...)
- TODO: check
+ NOT-FOR-US: lunary-ai/lunary
CVE-2024-8998 (A Regular Expression Denial of Service (ReDoS) vulnerability exists in ...)
- TODO: check
+ NOT-FOR-US: lunary-ai/lunary
CVE-2024-8984 (A Denial of Service (DoS) vulnerability exists in berriai/litellm vers ...)
- TODO: check
+ NOT-FOR-US: berriai/litellm
CVE-2024-8982 (A Local File Inclusion (LFI) vulnerability in OpenLLM version 0.6.10 a ...)
- TODO: check
+ NOT-FOR-US: OpenLLM
CVE-2024-8966 (A vulnerability in the file upload process of gradio-app/gradio versio ...)
- TODO: check
+ NOT-FOR-US: Gradio
CVE-2024-8958 (In composiohq/composio version 0.4.3, there is an unrestricted file wr ...)
- TODO: check
+ NOT-FOR-US: composiohq/composio
CVE-2024-8955 (A Server-Side Request Forgery (SSRF) vulnerability exists in composioh ...)
- TODO: check
+ NOT-FOR-US: composiohq/composio
CVE-2024-8954 (In composiohq/composio version 0.5.10, the API does not validate the ` ...)
- TODO: check
+ NOT-FOR-US: composiohq/composio
CVE-2024-8953 (In composiohq/composio version 0.4.3, the mathematical_calculator endp ...)
- TODO: check
+ NOT-FOR-US: composiohq/composio
CVE-2024-8952 (A Server-Side Request Forgery (SSRF) vulnerability exists in composioh ...)
- TODO: check
+ NOT-FOR-US: composiohq/composio
CVE-2024-8898 (A path traversal vulnerability exists in the `install` and `uninstall` ...)
- TODO: check
+ NOT-FOR-US: parisneo/lollms-webui
CVE-2024-8859 (A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. ...)
- TODO: check
+ NOT-FOR-US: mlflow
CVE-2024-8789 (Lunary-ai/lunary version git 105a3f6 is vulnerable to a Regular Expres ...)
- TODO: check
+ NOT-FOR-US: Lunary-ai/lunary
CVE-2024-8769 (A vulnerability in the `LockManager.release_locks` function in aimhubi ...)
- TODO: check
+ NOT-FOR-US: aimhubio/aim
CVE-2024-8765 (In lunary-ai/lunary, the privilege check mechanism is flawed in versio ...)
- TODO: check
+ NOT-FOR-US: Lunary-ai/lunary
CVE-2024-8764 (A vulnerability in lunary-ai/lunary, as of commit be54057, allows user ...)
- TODO: check
+ NOT-FOR-US: Lunary-ai/lunary
CVE-2024-8763 (A Regular Expression Denial of Service (ReDoS) vulnerability exists in ...)
- TODO: check
+ NOT-FOR-US: Lunary-ai/lunary
CVE-2024-8736 (A Denial of Service (DoS) vulnerability exists in multiple file upload ...)
- TODO: check
+ NOT-FOR-US: parisneo/lollms-webui
CVE-2024-8616 (In h2oai/h2o-3 version 3.46.0, the `/99/Models/{name}/json` endpoint a ...)
TODO: check
CVE-2024-8613 (A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240802 allows ...)
- TODO: check
+ NOT-FOR-US: gaizhenbiao/chuanhuchatgpt
CVE-2024-8581 (A vulnerability in the `upload_app` function of parisneo/lollms-webui ...)
- TODO: check
+ NOT-FOR-US: parisneo/lollms-webui
CVE-2024-8556 (A stored cross-site scripting (XSS) vulnerability exists in modelscope ...)
- TODO: check
+ NOT-FOR-US: modelscope/agentscope
CVE-2024-8551 (A path traversal vulnerability exists in the save-workflow and load-wo ...)
- TODO: check
+ NOT-FOR-US: modelscope/agentscope
CVE-2024-8537 (A path traversal vulnerability exists in the modelscope/agentscope app ...)
- TODO: check
+ NOT-FOR-US: modelscope/agentscope
CVE-2024-8524 (A directory traversal vulnerability exists in modelscope/agentscope ve ...)
- TODO: check
+ NOT-FOR-US: modelscope/agentscope
CVE-2024-8502 (A vulnerability in the RpcAgentServerLauncher class of modelscope/agen ...)
- TODO: check
+ NOT-FOR-US: modelscope/agentscope
CVE-2024-8501 (An arbitrary file download vulnerability exists in the rpc_agent_clien ...)
- TODO: check
+ NOT-FOR-US: modelscope/agentscope
CVE-2024-8489 (A vulnerability in modelscope/agentscope, specifically in the AgentSco ...)
TODO: check
CVE-2024-8487 (A Cross-Origin Resource Sharing (CORS) vulnerability exists in modelsc ...)
- TODO: check
+ NOT-FOR-US: modelscope/agentscope
CVE-2024-8438 (A path traversal vulnerability exists in modelscope/agentscope version ...)
- TODO: check
+ NOT-FOR-US: modelscope/agentscope
CVE-2024-8400 (A stored cross-site scripting (XSS) vulnerability exists in the latest ...)
- TODO: check
+ NOT-FOR-US: gaizhenbiao/chuanhuchatgpt
CVE-2024-8251 (A vulnerability in mintplex-labs/anything-llm prior to version 1.2.2 a ...)
- TODO: check
+ NOT-FOR-US: mintplex-labs/anything-llm
CVE-2024-8249 (mintplex-labs/anything-llm version git 6dc3642 contains an unauthentic ...)
- TODO: check
+ NOT-FOR-US: mintplex-labs/anything-llm
CVE-2024-8248 (A vulnerability in the normalizePath function in mintplex-labs/anythin ...)
- TODO: check
+ NOT-FOR-US: mintplex-labs/anything-llm
CVE-2024-8238 (In version 3.22.0 of aimhubio/aim, the AimQL query language uses an ou ...)
- TODO: check
+ NOT-FOR-US: aimhubio/aim
CVE-2024-8196 (In mintplex-labs/anything-llm v1.5.11 desktop version for Windows, the ...)
- TODO: check
+ NOT-FOR-US: mintplex-labs/anything-llm
CVE-2024-8183 (A CORS (Cross-Origin Resource Sharing) misconfiguration in prefecthq/p ...)
TODO: check
CVE-2024-8156 (A command injection vulnerability exists in the workflow-checker.yml w ...)
- TODO: check
+ NOT-FOR-US: significant-gravitas/autogpt
CVE-2024-8101 (A stored cross-site scripting (XSS) vulnerability exists in the Text E ...)
- TODO: check
+ NOT-FOR-US: aimhubio/aim
CVE-2024-8099 (A Server-Side Request Forgery (SSRF) vulnerability exists in the lates ...)
- TODO: check
+ NOT-FOR-US: vanna-ai/vanna
CVE-2024-8065 (A Cross-Site Request Forgery (CSRF) vulnerability in version v1.4.1 of ...)
- TODO: check
+ NOT-FOR-US: danswer-ai/danswer
CVE-2024-8063 (A divide by zero vulnerability exists in ollama/ollama version v0.3.3. ...)
- ollama <itp> (bug #1094806)
CVE-2024-8062 (A vulnerability in the typeahead endpoint of h2oai/h2o-3 version 3.46. ...)
@@ -298,17 +298,17 @@ CVE-2024-8062 (A vulnerability in the typeahead endpoint of h2oai/h2o-3 version
CVE-2024-8061 (In version 3.23.0 of aimhubio/aim, certain methods that request data f ...)
TODO: check
CVE-2024-8060 (OpenWebUI version 0.3.0 contains a vulnerability in the audio API endp ...)
- TODO: check
+ NOT-FOR-US: OpenWebUI
CVE-2024-8057 (In version 0.4.1 of danswer-ai/danswer, a vulnerability exists where a ...)
- TODO: check
+ NOT-FOR-US: danswer-ai/danswer
CVE-2024-8055 (Vanna v0.6.3 is vulnerable to SQL injection via Snowflake database in ...)
- TODO: check
+ NOT-FOR-US: Vanna
CVE-2024-8053 (In version v0.3.10 of open-webui/open-webui, the `api/v1/utils/pdf` en ...)
- TODO: check
+ NOT-FOR-US: open-webui/open-webui
CVE-2024-8029 (An XSS vulnerability was discovered in the upload file(s) process of i ...)
- TODO: check
+ NOT-FOR-US: imartinez/privategpt
CVE-2024-8028 (A vulnerability in danswer-ai/danswer v0.3.94 allows an attacker to ca ...)
- TODO: check
+ NOT-FOR-US: danswer-ai/danswer
CVE-2024-8027 (A stored Cross-Site Scripting (XSS) vulnerability exists in netease-yo ...)
TODO: check
CVE-2024-8026 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the backen ...)
@@ -316,7 +316,7 @@ CVE-2024-8026 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the b
CVE-2024-8024 (A CORS misconfiguration vulnerability exists in netease-youdao/qanythi ...)
TODO: check
CVE-2024-8021 (An open redirect vulnerability exists in the latest version of gradio- ...)
- TODO: check
+ NOT-FOR-US: Gradio
CVE-2024-8020 (A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows ...)
TODO: check
CVE-2024-8019 (In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exist ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45953fa9286eb51b7faa3b2a1a9a71092725b7f6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45953fa9286eb51b7faa3b2a1a9a71092725b7f6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250320/4eb47129/attachment.htm>
More information about the debian-security-tracker-commits
mailing list