[Git][security-tracker-team/security-tracker][master] Process more NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Mar 20 21:39:10 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
131a490a by Salvatore Bonaccorso at 2025-03-20T22:38:48+01:00
Process more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -296,7 +296,7 @@ CVE-2024-8063 (A divide by zero vulnerability exists in ollama/ollama version v0
 CVE-2024-8062 (A vulnerability in the typeahead endpoint of h2oai/h2o-3 version 3.46. ...)
 	TODO: check
 CVE-2024-8061 (In version 3.23.0 of aimhubio/aim, certain methods that request data f ...)
-	TODO: check
+	NOT-FOR-US: aimhubio/aim
 CVE-2024-8060 (OpenWebUI version 0.3.0 contains a vulnerability in the audio API endp ...)
 	NOT-FOR-US: OpenWebUI
 CVE-2024-8057 (In version 0.4.1 of danswer-ai/danswer, a vulnerability exists where a ...)
@@ -624,37 +624,37 @@ CVE-2024-10940 (A vulnerability in langchain-core versions >=0.1.17,<0.1.53, >=0
 CVE-2024-10935 (automatic1111/stable-diffusion-webui version 1.10.0 contains a vulnera ...)
 	NOT-FOR-US: automatic1111/stable-diffusion-webui
 CVE-2024-10912 (A Denial of Service (DoS) vulnerability exists in the file upload feat ...)
-	TODO: check
+	NOT-FOR-US: lm-sys/fastchat
 CVE-2024-10908 (An open redirect vulnerability in lm-sys/fastchat Release v0.2.36 allo ...)
-	TODO: check
+	NOT-FOR-US: lm-sys/fastchat
 CVE-2024-10907 (In lm-sys/fastchat Release v0.2.36, the server fails to handle excessi ...)
-	TODO: check
+	NOT-FOR-US: lm-sys/fastchat
 CVE-2024-10906 (In version 0.6.0 of eosphoros-ai/db-gpt, the `uvicorn` app created by  ...)
-	TODO: check
+	NOT-FOR-US: eosphoros-ai/db-gpt
 CVE-2024-10902 (In eosphoros-ai/db-gpt version v0.6.0, the web API `POST /v1/personal/ ...)
-	TODO: check
+	NOT-FOR-US: eosphoros-ai/db-gpt
 CVE-2024-10901 (In eosphoros-ai/db-gpt version v0.6.0, the web API `POST /api/v1/edito ...)
-	TODO: check
+	NOT-FOR-US: eosphoros-ai/db-gpt
 CVE-2024-10835 (In eosphoros-ai/db-gpt version v0.6.0, the web API `POST /api/v1/edito ...)
-	TODO: check
+	NOT-FOR-US: eosphoros-ai/db-gpt
 CVE-2024-10834 (eosphoros-ai/db-gpt version 0.6.0 contains a vulnerability in the RAG- ...)
-	TODO: check
+	NOT-FOR-US: eosphoros-ai/db-gpt
 CVE-2024-10833 (eosphoros-ai/db-gpt version 0.6.0 is vulnerable to an arbitrary file w ...)
-	TODO: check
+	NOT-FOR-US: eosphoros-ai/db-gpt
 CVE-2024-10831 (In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files ...)
-	TODO: check
+	NOT-FOR-US: eosphoros-ai/db-gpt
 CVE-2024-10830 (A Path Traversal vulnerability exists in the eosphoros-ai/db-gpt versi ...)
-	TODO: check
+	NOT-FOR-US: eosphoros-ai/db-gpt
 CVE-2024-10829 (A Denial of Service (DoS) vulnerability in the multipart request bound ...)
-	TODO: check
+	NOT-FOR-US: eosphoros-ai/db-gpt
 CVE-2024-10821 (A Denial of Service (DoS) vulnerability in the multipart request bound ...)
-	TODO: check
+	NOT-FOR-US: Invoke-AI
 CVE-2024-10819 (A Cross-Site Request Forgery (CSRF) vulnerability in version 3.83 of b ...)
-	TODO: check
+	NOT-FOR-US: binary-husky/gpt_academic
 CVE-2024-10812 (An open redirect vulnerability exists in binary-husky/gpt_academic ver ...)
-	TODO: check
+	NOT-FOR-US: binary-husky/gpt_academic
 CVE-2024-10762 (In lunary-ai/lunary before version 1.5.9, the /v1/evaluators/ endpoint ...)
-	TODO: check
+	NOT-FOR-US: lunary-ai/lunary
 CVE-2024-10727 (A reflected cross-site scripting (XSS) vulnerability exists in phpipam ...)
 	TODO: check
 CVE-2024-10725 (A stored cross-site scripting (XSS) vulnerability exists in phpipam/ph ...)
@@ -674,21 +674,21 @@ CVE-2024-10719 (A stored cross-site scripting (XSS) vulnerability exists in phpi
 CVE-2024-10718 (In phpipam/phpipam version 1.5.1, the Secure attribute for sensitive c ...)
 	TODO: check
 CVE-2024-10714 (A vulnerability in binary-husky/gpt_academic version 3.83 allows an at ...)
-	TODO: check
+	NOT-FOR-US: binary-husky/gpt_academic
 CVE-2024-10713 (A vulnerability in szad670401/hyperlpr v3.0 allows for a Denial of Ser ...)
 	TODO: check
 CVE-2024-10707 (gaizhenbiao/chuanhuchatgpt version git d4ec6a3 is affected by a local  ...)
-	TODO: check
+	NOT-FOR-US: gaizhenbiao/chuanhuchatgpt
 CVE-2024-10650 (An unauthenticated Denial of Service (DoS) vulnerability was identifie ...)
-	TODO: check
+	NOT-FOR-US: ChuanhuChatGPT
 CVE-2024-10648 (A path traversal vulnerability exists in the Gradio Audio component of ...)
-	TODO: check
+	NOT-FOR-US: Gradio
 CVE-2024-10624 (A Regular Expression Denial of Service (ReDoS) vulnerability exists in ...)
-	TODO: check
+	NOT-FOR-US: Gradio
 CVE-2024-10572 (In h2oai/h2o-3 version 3.46.0.1, the `run_tool` command exposes classe ...)
 	TODO: check
 CVE-2024-10569 (A vulnerability in the dataframe component of gradio-app/gradio (versi ...)
-	TODO: check
+	NOT-FOR-US: Gradio
 CVE-2024-10553 (A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows u ...)
 	TODO: check
 CVE-2024-10550 (A vulnerability in the `/3/ParseSetup` endpoint of h2oai/h2o-3 version ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/131a490ae4c689019e2ec19748955fed2e2659c2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/131a490ae4c689019e2ec19748955fed2e2659c2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250320/26f771ac/attachment.htm>

More information about the debian-security-tracker-commits mailing list