[Git][security-tracker-team/security-tracker][master] Associate some CVEs with vllm, itp'ed

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Mar 20 21:05:20 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
707bd0ba by Salvatore Bonaccorso at 2025-03-20T22:04:52+01:00
Associate some CVEs with vllm, itp'ed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -202,9 +202,9 @@ CVE-2024-9070 (A deserialization vulnerability exists in BentoML's runner server
 CVE-2024-9056 (BentoML version v1.3.4post1 is vulnerable to a Denial of Service (DoS) ...)
 	NOT-FOR-US: bentoml/bentoml
 CVE-2024-9053 (vllm-project vllm version 0.6.0 contains a vulnerability in the AsyncE ...)
-	NOT-FOR-US: vllm
+	- vllm <itp> (bug #1095237)
 CVE-2024-9052 (vllm-project vllm version 0.6.0 contains a vulnerability in the distri ...)
-	NOT-FOR-US: vllm
+	- vllm <itp> (bug #1095237)
 CVE-2024-9016 (man-group dtale version <= 3.13.1 contains a vulnerability where the q ...)
 	TODO: check
 CVE-2024-9000 (In lunary-ai/lunary before version 1.4.26, the checklists.post() endpo ...)
@@ -849,9 +849,9 @@ CVE-2025-29925 (XWiki Platform is a generic wiki platform. Prior to 15.10.14, 16
 CVE-2025-29924 (XWiki Platform is a generic wiki platform. Prior to 15.10.14, 16.4.6,  ...)
 	NOT-FOR-US: XWiki
 CVE-2025-29783 (vLLM is a high-throughput and memory-efficient inference and serving e ...)
-	NOT-FOR-US: vLLM
+	- vllm <itp> (bug #1095237)
 CVE-2025-29770 (vLLM is a high-throughput and memory-efficient inference and serving e ...)
-	NOT-FOR-US: vLLM
+	- vllm <itp> (bug #1095237)
 CVE-2025-29405 (An arbitrary file upload vulnerability in the component /admin/templat ...)
 	NOT-FOR-US: emlog pro
 CVE-2025-29401 (An arbitrary file upload vulnerability in the component /views/plugin. ...)
@@ -14121,7 +14121,7 @@ CVE-2024-55272 (An issue in Brainasoft Braina v2.8 allows a remote attacker to o
 CVE-2024-55215 (An issue in trojan v.2.0.0 through v.2.15.3 allows a remote attacker t ...)
 	NOT-FOR-US: trojan
 CVE-2025-25183 (vLLM is a high-throughput and memory-efficient inference and serving e ...)
-	NOT-FOR-US: vLLM
+	- vllm <itp> (bug #1095237)
 CVE-2025-25168 (Cross-Site Request Forgery (CSRF) vulnerability in blackandwhitedigita ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-25167 (Missing Authorization vulnerability in blackandwhitedigital BookPress  ...)
@@ -17004,7 +17004,7 @@ CVE-2025-24365 (vaultwarden is an unofficial Bitwarden compatible server written
 CVE-2025-24364 (vaultwarden is an unofficial Bitwarden compatible server written in Ru ...)
 	- vaultwarden <itp> (bug #1067023)
 CVE-2025-24357 (vLLM is a library for LLM inference and serving. vllm/model_executor/w ...)
-	NOT-FOR-US: vLLM
+	- vllm <itp> (bug #1095237)
 CVE-2025-24354 (imgproxy is server for resizing, processing, and converting images. Im ...)
 	NOT-FOR-US: imgproxy
 CVE-2025-23982 (Missing Authorization vulnerability in Marian Kanev Cab fare calculato ...)
@@ -55349,7 +55349,7 @@ CVE-2024-6482 (The Login with phone number plugin for WordPress is vulnerable to
 CVE-2023-3410 (The Bricks theme for WordPress is vulnerable to Stored Cross-Site Scri ...)
 	NOT-FOR-US: WordPress theme
 CVE-2024-8768 (A flaw was found in the vLLM library. A completions API request with a ...)
-	NOT-FOR-US: vLLM
+	- vllm <itp> (bug #1095237)
 CVE-2024-8797 (The WP Booking System \u2013 Booking Calendar plugin for WordPress is  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-8775 (A flaw was found in Ansible, where sensitive information stored in Ans ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/707bd0ba56b4cf80edfa86486bb803c458aec2bb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/707bd0ba56b4cf80edfa86486bb803c458aec2bb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250320/7a30c55e/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list