[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3dd6b442 by Moritz Muehlenhoff at 2025-03-21T08:07:12+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -294,7 +294,7 @@ CVE-2024-8065 (A Cross-Site Request Forgery (CSRF) vulnerability in version v1.4
 CVE-2024-8063 (A divide by zero vulnerability exists in ollama/ollama version v0.3.3. ...)
 	- ollama <itp> (bug #1094806)
 CVE-2024-8062 (A vulnerability in the typeahead endpoint of h2oai/h2o-3 version 3.46. ...)
-	TODO: check
+	NOT-FOR-US: h2oai/h2o-3
 CVE-2024-8061 (In version 3.23.0 of aimhubio/aim, certain methods that request data f ...)
 	NOT-FOR-US: aimhubio/aim
 CVE-2024-8060 (OpenWebUI version 0.3.0 contains a vulnerability in the audio API endp ...)
@@ -310,17 +310,17 @@ CVE-2024-8029 (An XSS vulnerability was discovered in the upload file(s) process
 CVE-2024-8028 (A vulnerability in danswer-ai/danswer v0.3.94 allows an attacker to ca ...)
 	NOT-FOR-US: danswer-ai/danswer
 CVE-2024-8027 (A stored Cross-Site Scripting (XSS) vulnerability exists in netease-yo ...)
-	TODO: check
+	NOT-FOR-US: netease-youdao/QAnything
 CVE-2024-8026 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the backen ...)
-	TODO: check
+	NOT-FOR-US: netease-youdao/QAnything
 CVE-2024-8024 (A CORS misconfiguration vulnerability exists in netease-youdao/qanythi ...)
-	TODO: check
+	NOT-FOR-US: netease-youdao/qanything
 CVE-2024-8021 (An open redirect vulnerability exists in the latest version of gradio- ...)
 	NOT-FOR-US: Gradio
 CVE-2024-8020 (A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows ...)
-	TODO: check
+	NOT-FOR-US: pytorch-lightning
 CVE-2024-8019 (In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exist ...)
-	TODO: check
+	NOT-FOR-US: pytorch-lightning
 CVE-2024-8018 (A vulnerability in imartinez/privategpt version 0.5.0 allows for a Den ...)
 	NOT-FOR-US: imartinez/privategpt
 CVE-2024-8017 (An XSS vulnerability exists in open-webui/open-webui versions <= 0.3.8 ...)
@@ -492,7 +492,7 @@ CVE-2024-12759 (In bentoml/bentoml version 1.3.9, the `/login` endpoint of the n
 CVE-2024-12720 (A Regular Expression Denial of Service (ReDoS) vulnerability was ident ...)
 	TODO: check
 CVE-2024-12704 (A vulnerability in the LangChainLLM class of the run-llama/llama_index ...)
-	TODO: check
+	NOT-FOR-US: run-llama/llama_index
 CVE-2024-12580 (A vulnerability in danny-avila/librechat prior to version 0.7.6 allows ...)
 	NOT-FOR-US: danny-avila/librechat
 CVE-2024-12537 (In version 0.3.32 of open-webui/open-webui, the absence of authenticat ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3dd6b442e25bf4b6f7e7f65116011012cbf27970

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3dd6b442e25bf4b6f7e7f65116011012cbf27970
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250321/998b7c1f/attachment.htm>