[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Mar 20 21:32:52 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
29eb0986 by Salvatore Bonaccorso at 2025-03-20T22:32:30+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -168,11 +168,11 @@ CVE-2024-9418 (In version 0.0.14 of transformeroptimus/superagi, the API endpoin
CVE-2024-9415 (A Path Traversal vulnerability exists in the file upload functionality ...)
NOT-FOR-US: transformeroptimus/superagi
CVE-2024-9365 (A Cross-Site Request Forgery (CSRF) vulnerability in polyaxon/polyaxon ...)
- TODO: check
+ NOT-FOR-US: polyaxon/polyaxon
CVE-2024-9363 (An unauthorized file deletion vulnerability exists in the latest versi ...)
- TODO: check
+ NOT-FOR-US: polyaxon/polyaxon
CVE-2024-9362 (An unauthenticated directory traversal vulnerability exists in Polyaxo ...)
- TODO: check
+ NOT-FOR-US: polyaxon/polyaxon
CVE-2024-9340 (A Denial of Service (DoS) vulnerability in zenml-io/zenml version 0.66 ...)
NOT-FOR-US: zenml-io/zenml
CVE-2024-9311 (A Cross-Site Request Forgery (CSRF) vulnerability in haotian-liu/llava ...)
@@ -206,7 +206,7 @@ CVE-2024-9053 (vllm-project vllm version 0.6.0 contains a vulnerability in the A
CVE-2024-9052 (vllm-project vllm version 0.6.0 contains a vulnerability in the distri ...)
- vllm <itp> (bug #1095237)
CVE-2024-9016 (man-group dtale version <= 3.13.1 contains a vulnerability where the q ...)
- TODO: check
+ NOT-FOR-US: man-group/dtale
CVE-2024-9000 (In lunary-ai/lunary before version 1.4.26, the checklists.post() endpo ...)
NOT-FOR-US: lunary-ai/lunary
CVE-2024-8999 (lunary-ai/lunary version v1.4.25 contains an improper access control v ...)
@@ -264,7 +264,7 @@ CVE-2024-8502 (A vulnerability in the RpcAgentServerLauncher class of modelscope
CVE-2024-8501 (An arbitrary file download vulnerability exists in the rpc_agent_clien ...)
NOT-FOR-US: modelscope/agentscope
CVE-2024-8489 (A vulnerability in modelscope/agentscope, specifically in the AgentSco ...)
- TODO: check
+ NOT-FOR-US: modelscope/agentscope
CVE-2024-8487 (A Cross-Origin Resource Sharing (CORS) vulnerability exists in modelsc ...)
NOT-FOR-US: modelscope/agentscope
CVE-2024-8438 (A path traversal vulnerability exists in modelscope/agentscope version ...)
@@ -322,27 +322,27 @@ CVE-2024-8020 (A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 a
CVE-2024-8019 (In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exist ...)
TODO: check
CVE-2024-8018 (A vulnerability in imartinez/privategpt version 0.5.0 allows for a Den ...)
- TODO: check
+ NOT-FOR-US: imartinez/privategpt
CVE-2024-8017 (An XSS vulnerability exists in open-webui/open-webui versions <= 0.3.8 ...)
- TODO: check
+ NOT-FOR-US: open-webui/open-webui
CVE-2024-7999 (A vulnerability in open-webui/open-webui version 79778fa allows an att ...)
- TODO: check
+ NOT-FOR-US: open-webui/open-webui
CVE-2024-7990 (A stored cross-site scripting (XSS) vulnerability exists in open-webui ...)
- TODO: check
+ NOT-FOR-US: open-webui/open-webui
CVE-2024-7983 (In version 0.3.8 of open-webui, an endpoint for converting markdown to ...)
- TODO: check
+ NOT-FOR-US: open-webui/open-webui
CVE-2024-7959 (The `/openai/models` endpoint in open-webui/open-webui version 0.3.8 i ...)
- TODO: check
+ NOT-FOR-US: open-webui/open-webui
CVE-2024-7957 (An arbitrary file overwrite vulnerability exists in the ZulipConnector ...)
- TODO: check
+ NOT-FOR-US: danswer-ai/danswer
CVE-2024-7819 (A CORS misconfiguration in danswer-ai/danswer v1.4.1 allows attackers ...)
- TODO: check
+ NOT-FOR-US: danswer-ai/danswer
CVE-2024-7806 (A vulnerability in open-webui/open-webui versions <= 0.3.8 allows remo ...)
- TODO: check
+ NOT-FOR-US: open-webui/open-webui
CVE-2024-7804 (A deserialization vulnerability exists in the Pytorch RPC framework (t ...)
TODO: check
CVE-2024-7779 (A vulnerability in danswer-ai/danswer version 1 allows an attacker to ...)
- TODO: check
+ NOT-FOR-US: danswer-ai/danswer
CVE-2024-7776 (A vulnerability in the `download_model` function of the onnx/onnx fram ...)
TODO: check
CVE-2024-7773 (A vulnerability in ollama/ollama version 0.1.37 allows for remote code ...)
@@ -352,45 +352,45 @@ CVE-2024-7771 (A vulnerability in the Dockerized version of mintplex-labs/anythi
CVE-2024-7768 (A vulnerability in the `/3/ImportFiles` endpoint of h2oai/h2o-3 versio ...)
TODO: check
CVE-2024-7767 (An improper access control vulnerability exists in danswer-ai/danswer ...)
- TODO: check
+ NOT-FOR-US: danswer-ai/danswer
CVE-2024-7765 (In h2oai/h2o-3 version 3.46.0.2, a vulnerability exists where uploadin ...)
TODO: check
CVE-2024-7764 (Vanna-ai v0.6.2 is vulnerable to SQL Injection due to insufficient pro ...)
- TODO: check
+ NOT-FOR-US: Vanna-ai
CVE-2024-7760 (aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery (CSR ...)
- TODO: check
+ NOT-FOR-US: aimhubio/aim
CVE-2024-7598 (A security issue was discovered in Kubernetes where a malicious or com ...)
TODO: check
CVE-2024-7476 (A broken access control vulnerability exists in lunary-ai/lunary versi ...)
- TODO: check
+ NOT-FOR-US: lunary-ai/lunary
CVE-2024-7058 (A vulnerability in the sanitize_path function in parisneo/lollms-webui ...)
- TODO: check
+ NOT-FOR-US: parisneo/lollms-webui
CVE-2024-7053 (A vulnerability in open-webui/open-webui version 0.3.8 allows an attac ...)
- TODO: check
+ NOT-FOR-US: open-webui/open-webui
CVE-2024-7046 (An improper access control vulnerability in open-webui/open-webui v0.3 ...)
- TODO: check
+ NOT-FOR-US: open-webui/open-webui
CVE-2024-7045 (In version v0.3.8 of open-webui/open-webui, improper access control vu ...)
- TODO: check
+ NOT-FOR-US: open-webui/open-webui
CVE-2024-7044 (A Stored Cross-Site Scripting (XSS) vulnerability exists in the chat f ...)
- TODO: check
+ NOT-FOR-US: open-webui/open-webui
CVE-2024-7043 (An improper access control vulnerability in open-webui/open-webui v0.3 ...)
- TODO: check
+ NOT-FOR-US: open-webui/open-webui
CVE-2024-7040 (In version v0.3.8 of open-webui/open-webui, there is an improper acces ...)
- TODO: check
+ NOT-FOR-US: open-webui/open-webui
CVE-2024-7039 (In open-webui/open-webui version v0.3.8, there is an improper privileg ...)
- TODO: check
+ NOT-FOR-US: open-webui/open-webui
CVE-2024-7036 (A vulnerability in open-webui/open-webui v0.3.8 allows an unauthentica ...)
- TODO: check
+ NOT-FOR-US: open-webui/open-webui
CVE-2024-7035 (In version v0.3.8 of open-webui/open-webui, sensitive actions such as ...)
- TODO: check
+ NOT-FOR-US: open-webui/open-webui
CVE-2024-7034 (In open-webui version 0.3.8, the endpoint `/models/upload` is vulnerab ...)
- TODO: check
+ NOT-FOR-US: open-webui/open-webui
CVE-2024-7033 (In version 0.3.8 of open-webui/open-webui, an arbitrary file write vul ...)
- TODO: check
+ NOT-FOR-US: open-webui/open-webui
CVE-2024-6986 (A Cross-site Scripting (XSS) vulnerability exists in the Settings page ...)
- TODO: check
+ NOT-FOR-US: parisneo/lollms-webui
CVE-2024-6982 (A remote code execution vulnerability exists in the Calculate function ...)
- TODO: check
+ NOT-FOR-US: parisneo/lollms
CVE-2024-6866 (corydolphin/flask-cors version 4.01 contains a vulnerability where the ...)
TODO: check
CVE-2024-6863 (In h2oai/h2o-3 version 3.46.0, an endpoint exposing a custom Encryptio ...)
@@ -398,31 +398,31 @@ CVE-2024-6863 (In h2oai/h2o-3 version 3.46.0, an endpoint exposing a custom Encr
CVE-2024-6854 (In h2oai/h2o-3 version 3.46.0, the endpoint for exporting models does ...)
TODO: check
CVE-2024-6851 (In version 3.22.0 of aimhubio/aim, the LocalFileManager._cleanup funct ...)
- TODO: check
+ NOT-FOR-US: aimhubio/aim
CVE-2024-6844 (A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inc ...)
TODO: check
CVE-2024-6842 (In version 1.5.5 of mintplex-labs/anything-llm, the `/setup-complete` ...)
- TODO: check
+ NOT-FOR-US: mintplex-labs/anything-llm
CVE-2024-6841 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the latest ...)
- TODO: check
+ NOT-FOR-US: Vanna-ai
CVE-2024-6839 (corydolphin/flask-cors version 4.0.1 contains an improper regex path m ...)
TODO: check
CVE-2024-6838 (In mlflow/mlflow version v2.13.2, a vulnerability exists that allows t ...)
- TODO: check
+ NOT-FOR-US: mlflow
CVE-2024-6829 (A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to e ...)
- TODO: check
+ NOT-FOR-US: aimhubio/aim
CVE-2024-6827 (Gunicorn version 21.2.0 does not properly validate the value of the 'T ...)
TODO: check
CVE-2024-6825 (BerriAI/litellm version 1.40.12 contains a vulnerability that allows r ...)
- TODO: check
+ NOT-FOR-US: BerriAI/litellm
CVE-2024-6583 (A path traversal vulnerability exists in the latest version of stangir ...)
- TODO: check
+ NOT-FOR-US: stangirard/quivr
CVE-2024-6577 (In the latest version of pytorch/serve, the script 'upload_results_to_ ...)
TODO: check
CVE-2024-6483 (A vulnerability in the `runs/delete-batch` endpoint of aimhubio/aim ve ...)
- TODO: check
+ NOT-FOR-US: aimhubio/aim
CVE-2024-5752 (A path traversal vulnerability exists in stitionai/devika, specificall ...)
- TODO: check
+ NOT-FOR-US: stitionai/devika
CVE-2024-57440 (D-Link DSL-3788 revA1 1.01R1B036_EU_EN is vulnerable to Buffer Overflo ...)
NOT-FOR-US: D-Link
CVE-2024-4990 (In yiisoft/yii2 version 2.0.48, the base Component class contains a vu ...)
@@ -430,9 +430,9 @@ CVE-2024-4990 (In yiisoft/yii2 version 2.0.48, the base Component class contains
CVE-2024-4023 (A stored cross-site scripting (XSS) vulnerability exists in flatpressb ...)
TODO: check
CVE-2024-48591 (Inflectra SpiraTeam 7.2.00 is vulnerable to Cross Site Scripting (XSS) ...)
- TODO: check
+ NOT-FOR-US: Inflectra SpiraTeam
CVE-2024-48590 (Inflectra SpiraTeam 7.2.00 is vulnerable to Server-Side Request Forger ...)
- TODO: check
+ NOT-FOR-US: Inflectra SpiraTeam
CVE-2024-2292 (Due to a lack of access control, unauthorized users are able to view a ...)
TODO: check
CVE-2024-13923 (The Order Export & Order Import for WooCommerce plugin for WordPress i ...)
@@ -448,181 +448,181 @@ CVE-2024-13558 (The NP Quote Request for WooCommerce plugin for WordPress is vul
CVE-2024-13060 (A vulnerability in AnythingLLM Docker version 1.3.1 allows users with ...)
TODO: check
CVE-2024-12911 (A vulnerability in the `default_jsonalyzer` function of the `JSONalyze ...)
- TODO: check
+ NOT-FOR-US: run-llama/llama_index
CVE-2024-12910 (A vulnerability in the `KnowledgeBaseWebReader` class of the run-llama ...)
- TODO: check
+ NOT-FOR-US: run-llama/llama_index
CVE-2024-12909 (A vulnerability in the FinanceChatLlamaPack of the run-llama/llama_ind ...)
- TODO: check
+ NOT-FOR-US: run-llama/llama_index
CVE-2024-12886 (An Out-Of-Memory (OOM) vulnerability exists in the `ollama` server ver ...)
- ollama <itp> (bug #1094806)
CVE-2024-12882 (comfyanonymous/comfyui version v0.2.4 suffers from a non-blind Server- ...)
- TODO: check
+ NOT-FOR-US: comfyanonymous/comfyui
CVE-2024-12880 (A vulnerability in infiniflow/ragflow version RAGFlow-0.13.0 allows fo ...)
- TODO: check
+ NOT-FOR-US: infiniflow/ragflow
CVE-2024-12871 (An XSS vulnerability in infiniflow/ragflow version 0.12.0 allows an at ...)
- TODO: check
+ NOT-FOR-US: infiniflow/ragflow
CVE-2024-12870 (A stored cross-site scripting (XSS) vulnerability exists in infiniflow ...)
- TODO: check
+ NOT-FOR-US: infiniflow/ragflow
CVE-2024-12869 (In infiniflow/ragflow version v0.12.0, there is an improper authentica ...)
- TODO: check
+ NOT-FOR-US: infiniflow/ragflow
CVE-2024-12868 (In version 0.3.32 of open-webui, the application uses a vulnerable ver ...)
- TODO: check
+ NOT-FOR-US: open-webui/open-webui
CVE-2024-12866 (A local file inclusion vulnerability exists in netease-youdao/qanythin ...)
TODO: check
CVE-2024-12864 (A Denial of Service (DoS) vulnerability was discovered in the file upl ...)
TODO: check
CVE-2024-12779 (A Server-Side Request Forgery (SSRF) vulnerability exists in infiniflo ...)
- TODO: check
+ NOT-FOR-US: infiniflow/ragflow
CVE-2024-12778 (A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of ...)
- TODO: check
+ NOT-FOR-US: aimhubio/aim
CVE-2024-12777 (A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of ...)
- TODO: check
+ NOT-FOR-US: aimhubio/aim
CVE-2024-12776 (In langgenius/dify v0.10.1, the `/forgot-password/resets` endpoint doe ...)
- TODO: check
+ NOT-FOR-US: langgenius/dify
CVE-2024-12775 (langgenius/dify version 0.10.1 contains a Server-Side Request Forgery ...)
- TODO: check
+ NOT-FOR-US: langgenius/dify
CVE-2024-12766 (parisneo/lollms-webui version V13 (feather) suffers from a Server-Side ...)
- TODO: check
+ NOT-FOR-US: parisneo/lollms-webui
CVE-2024-12761 (A Denial of Service (DoS) vulnerability exists in the brycedrennan/ima ...)
- TODO: check
+ NOT-FOR-US: brycedrennan/imaginairy
CVE-2024-12760 (An open redirect vulnerability in bentoml/bentoml v1.3.9 allows a remo ...)
- TODO: check
+ NOT-FOR-US: bentoml/bentoml
CVE-2024-12759 (In bentoml/bentoml version 1.3.9, the `/login` endpoint of the newly i ...)
- TODO: check
+ NOT-FOR-US: bentoml/bentoml
CVE-2024-12720 (A Regular Expression Denial of Service (ReDoS) vulnerability was ident ...)
TODO: check
CVE-2024-12704 (A vulnerability in the LangChainLLM class of the run-llama/llama_index ...)
TODO: check
CVE-2024-12580 (A vulnerability in danny-avila/librechat prior to version 0.7.6 allows ...)
- TODO: check
+ NOT-FOR-US: danny-avila/librechat
CVE-2024-12537 (In version 0.3.32 of open-webui/open-webui, the absence of authenticat ...)
- TODO: check
+ NOT-FOR-US: open-webui/open-webui
CVE-2024-12534 (In version v0.3.32 of open-webui/open-webui, the application allows us ...)
- TODO: check
+ NOT-FOR-US: open-webui/open-webui
CVE-2024-12450 (In infiniflow/ragflow versions 0.12.0, the `web_crawl` function in `do ...)
- TODO: check
+ NOT-FOR-US: infiniflow/ragflow
CVE-2024-12433 (A vulnerability in infiniflow/ragflow versions v0.12.0 allows for remo ...)
- TODO: check
+ NOT-FOR-US: infiniflow/ragflow
CVE-2024-12392 (A Server-Side Request Forgery (SSRF) vulnerability exists in binary-hu ...)
- TODO: check
+ NOT-FOR-US: binary-husky/gpt_academic
CVE-2024-12391 (A vulnerability in binary-husky/gpt_academic, as of commit 310122f, al ...)
- TODO: check
+ NOT-FOR-US: binary-husky/gpt_academic
CVE-2024-12390 (A vulnerability in binary-husky/gpt_academic version git 310122f allow ...)
- TODO: check
+ NOT-FOR-US: binary-husky/gpt_academic
CVE-2024-12389 (A path traversal vulnerability exists in binary-husky/gpt_academic ver ...)
- TODO: check
+ NOT-FOR-US: binary-husky/gpt_academic
CVE-2024-12388 (A vulnerability in binary-husky/gpt_academic version 310122f allows fo ...)
- TODO: check
+ NOT-FOR-US: binary-husky/gpt_academic
CVE-2024-12387 (A vulnerability in the binary-husky/gpt_academic repository, as of com ...)
- TODO: check
+ NOT-FOR-US: binary-husky/gpt_academic
CVE-2024-12376 (A Server-Side Request Forgery (SSRF) vulnerability was identified in t ...)
- TODO: check
+ NOT-FOR-US: lm-sys/fastchat
CVE-2024-12375 (A local file inclusion vulnerability was identified in automatic1111/s ...)
- TODO: check
+ NOT-FOR-US: automatic1111/stable-diffusion-webui
CVE-2024-12374 (A stored cross-site scripting (XSS) vulnerability exists in automatic1 ...)
- TODO: check
+ NOT-FOR-US: automatic1111/stable-diffusion-webui
CVE-2024-12217 (A vulnerability in the gradio-app/gradio repository, version git 67e40 ...)
- TODO: check
+ NOT-FOR-US: Gradio
CVE-2024-12216 (A vulnerability in the `ImageClassificationDataset.from_csv()` API of ...)
TODO: check
CVE-2024-12215 (In kedro-org/kedro version 0.19.8, the `pull_package()` API function a ...)
TODO: check
CVE-2024-12074 (A Denial of Service (DoS) vulnerability was discovered in the file upl ...)
- TODO: check
+ NOT-FOR-US: automatic1111/stable-diffusion-webui
CVE-2024-12070 (A Denial of Service (DoS) vulnerability exists in the file upload feat ...)
- TODO: check
+ NOT-FOR-US: haotian-liu/llava
CVE-2024-12068 (A Server-Side Request Forgery (SSRF) vulnerability was discovered in h ...)
- TODO: check
+ NOT-FOR-US: haotian-liu/llava
CVE-2024-12065 (A local file inclusion vulnerability exists in haotian-liu/llava at co ...)
- TODO: check
+ NOT-FOR-US: haotian-liu/llava
CVE-2024-12063 (A Denial of Service (DoS) vulnerability exists in the file upload feat ...)
- TODO: check
+ NOT-FOR-US: imartinez/privategpt
CVE-2024-12055 (A vulnerability in Ollama versions <=0.3.14 allows a malicious user to ...)
- ollama <itp> (bug #1094806)
CVE-2024-12048 (An IDOR (Insecure Direct Object Reference) vulnerability exists in tra ...)
- TODO: check
+ NOT-FOR-US: transformeroptimus/superagi
CVE-2024-12044 (A remote code execution vulnerability exists in open-mmlab/mmdetection ...)
- TODO: check
+ NOT-FOR-US: open-mmlab/mmdetection
CVE-2024-12039 (langgenius/dify version v0.10.1 contains a vulnerability where there a ...)
- TODO: check
+ NOT-FOR-US: langgenius/dify
CVE-2024-12029 (A remote code execution vulnerability exists in invoke-ai/invokeai ver ...)
- TODO: check
+ NOT-FOR-US: invoke-ai/invokeai
CVE-2024-11958 (A SQL injection vulnerability exists in the `duckdb_retriever` compone ...)
- TODO: check
+ NOT-FOR-US: run-llama/llama_index
CVE-2024-11850 (A stored cross-site scripting (XSS) vulnerability exists in the latest ...)
- TODO: check
+ NOT-FOR-US: langgenius/dify
CVE-2024-11824 (A stored cross-site scripting (XSS) vulnerability exists in langgenius ...)
- TODO: check
+ NOT-FOR-US: langgenius/dify
CVE-2024-11822 (langgenius/dify version 0.9.1 contains a Server-Side Request Forgery ( ...)
- TODO: check
+ NOT-FOR-US: langgenius/dify
CVE-2024-11821 (A privilege escalation vulnerability exists in langgenius/dify version ...)
- TODO: check
+ NOT-FOR-US: langgenius/dify
CVE-2024-11603 (A Server-Side Request Forgery (SSRF) vulnerability exists in lm-sys/fa ...)
- TODO: check
+ NOT-FOR-US: lm-sys/fastchat
CVE-2024-11602 (A Cross-Origin Resource Sharing (CORS) vulnerability exists in feast-d ...)
TODO: check
CVE-2024-11449 (A vulnerability in haotian-liu/llava version 1.2.0 (LLaVA-1.6) allows ...)
- TODO: check
+ NOT-FOR-US: haotian-liu/llava
CVE-2024-11441 (A stored cross-site scripting (XSS) vulnerability exists in Serge vers ...)
- TODO: check
+ NOT-FOR-US: Serge
CVE-2024-11302 (A missing check_access() function in the lollms_binding_infos module o ...)
TODO: check
CVE-2024-11301 (In lunary-ai/lunary before version 1.6.3, the application allows the c ...)
- TODO: check
+ NOT-FOR-US: lunary-ai/lunary
CVE-2024-11300 (In lunary-ai/lunary before version 1.6.3, an improper access control v ...)
- TODO: check
+ NOT-FOR-US: lunary-ai/lunary
CVE-2024-11173 (An unhandled exception in the danny-avila/librechat repository, versio ...)
- TODO: check
+ NOT-FOR-US: danny-avila/librechat
CVE-2024-11172 (A vulnerability in danny-avila/librechat version git a1647d7 allows an ...)
- TODO: check
+ NOT-FOR-US: danny-avila/librechat
CVE-2024-11171 (In danny-avila/librechat version git 0c2a583, there is an improper inp ...)
- TODO: check
+ NOT-FOR-US: danny-avila/librechat
CVE-2024-11170 (A vulnerability in danny-avila/librechat version git 81f2936 allows fo ...)
- TODO: check
+ NOT-FOR-US: danny-avila/librechat
CVE-2024-11169 (An unhandled exception in danny-avila/librechat version 3c94ff2 can le ...)
- TODO: check
+ NOT-FOR-US: danny-avila/librechat
CVE-2024-11167 (An improper access control vulnerability in danny-avila/librechat vers ...)
- TODO: check
+ NOT-FOR-US: danny-avila/librechat
CVE-2024-11137 (An Insecure Direct Object Reference (IDOR) vulnerability exists in the ...)
- TODO: check
+ NOT-FOR-US: lunary-ai/lunary
CVE-2024-11045 (A Cross-Site WebSocket Hijacking (CSWSH) vulnerability in automatic111 ...)
- TODO: check
+ NOT-FOR-US: automatic1111/stable-diffusion-webui
CVE-2024-11044 (An open redirect vulnerability in automatic1111/stable-diffusion-webui ...)
- TODO: check
+ NOT-FOR-US: automatic1111/stable-diffusion-webui
CVE-2024-11043 (A Denial of Service (DoS) vulnerability was discovered in the /api/v1/ ...)
- TODO: check
+ NOT-FOR-US: invoke-ai/invokeai
CVE-2024-11042 (In invoke-ai/invokeai version v5.0.2, the web API `POST /api/v1/images ...)
- TODO: check
+ NOT-FOR-US: invoke-ai/invokeai
CVE-2024-11041 (vllm-project vllm version v0.6.2 contains a vulnerability in the Messa ...)
- vllm <itp> (bug #1095237)
CVE-2024-11040 (vllm-project vllm version 0.5.2.2 is vulnerable to Denial of Service a ...)
- vllm <itp> (bug #1095237)
CVE-2024-11039 (A pickle deserialization vulnerability exists in the Latex English err ...)
- TODO: check
+ NOT-FOR-US: binary-husky/gpt_academic
CVE-2024-11037 (A path traversal vulnerability exists in binary-husky/gpt_academic at ...)
- TODO: check
+ NOT-FOR-US: binary-husky/gpt_academic
CVE-2024-11033 (A Denial of Service (DoS) vulnerability exists in the file upload feat ...)
- TODO: check
+ NOT-FOR-US: binary-husky/gpt_academic
CVE-2024-11031 (In version 3.83 of binary-husky/gpt_academic, a Server-Side Request Fo ...)
- TODO: check
+ NOT-FOR-US: binary-husky/gpt_academic
CVE-2024-11030 (GPT Academic version 3.83 is vulnerable to a Server-Side Request Forge ...)
- TODO: check
+ NOT-FOR-US: binary-husky/gpt_academic
CVE-2024-10986 (GPT Academic version 3.83 is vulnerable to a Local File Read (LFI) vul ...)
- TODO: check
+ NOT-FOR-US: binary-husky/gpt_academic
CVE-2024-10956 (GPT Academy version 3.83 in the binary-husky/gpt_academic repository i ...)
- TODO: check
+ NOT-FOR-US: binary-husky/gpt_academic
CVE-2024-10955 (A Regular Expression Denial of Service (ReDoS) vulnerability exists in ...)
- TODO: check
+ NOT-FOR-US: gaizhenbiao/chuanhuchatgpt
CVE-2024-10954 (In the `manim` plugin of binary-husky/gpt_academic, versions prior to ...)
- TODO: check
+ NOT-FOR-US: binary-husky/gpt_academic
CVE-2024-10950 (In binary-husky/gpt_academic version <= 3.83, the plugin `CodeInterpre ...)
- TODO: check
+ NOT-FOR-US: binary-husky/gpt_academic
CVE-2024-10948 (A vulnerability in the upload function of binary-husky/gpt_academic al ...)
- TODO: check
+ NOT-FOR-US: binary-husky/gpt_academic
CVE-2024-10940 (A vulnerability in langchain-core versions >=0.1.17,<0.1.53, >=0.2.0,< ...)
TODO: check
CVE-2024-10935 (automatic1111/stable-diffusion-webui version 1.10.0 contains a vulnera ...)
- TODO: check
+ NOT-FOR-US: automatic1111/stable-diffusion-webui
CVE-2024-10912 (A Denial of Service (DoS) vulnerability exists in the file upload feat ...)
TODO: check
CVE-2024-10908 (An open redirect vulnerability in lm-sys/fastchat Release v0.2.36 allo ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29eb098655c1bbc4cee2f0fbc886f1b6147273c7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29eb098655c1bbc4cee2f0fbc886f1b6147273c7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250320/044e4004/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list