[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Thu, 20 Mar 2025 13:46:38 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
a6abc538 by Salvatore Bonaccorso at 2025-03-20T21:36:18+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -85,11 +85,11 @@ CVE-2025-1040 (AutoGPT versions 0.3.4 and earlier are 
vulnerable to a Server-Sid
 CVE-2025-0655 (A vulnerability in man-group/dtale versions 3.15.1 allows an 
attacker  ...)
        NOT-FOR-US: man-group/dtale
 CVE-2025-0628 (An improper authorization vulnerability exists in the 
main-latest vers ...)
-       TODO: check
+       NOT-FOR-US: BerriAI/litellm
 CVE-2025-0508 (A vulnerability in the SageMaker Workflow component of 
aws/sagemaker-p ...)
        NOT-FOR-US: SageMaker
 CVE-2025-0454 (A Server-Side Request Forgery (SSRF) vulnerability was 
identified in t ...)
-       TODO: check
+       NOT-FOR-US: significant-gravitas/autogpt
 CVE-2025-0453 (In mlflow/mlflow version 2.17.2, the `/graphql` endpoint is 
vulnerable ...)
        NOT-FOR-US: mlflow
 CVE-2025-0452 (eosphoros-ai/DB-GPT version latest is vulnerable to arbitrary 
file del ...)
@@ -105,53 +105,53 @@ CVE-2025-0313 (A vulnerability in ollama/ollama versions 
<=0.3.14 allows a malic
 CVE-2025-0312 (A vulnerability in ollama/ollama versions <=0.3.14 allows a 
malicious  ...)
        - ollama <itp> (bug #1094806)
 CVE-2025-0281 (A stored cross-site scripting (XSS) vulnerability exists in 
lunary-ai/ ...)
-       TODO: check
+       NOT-FOR-US: lunary-ai/lunary
 CVE-2025-0254 (HCL Digital Experience components Ring API and dxclient may be 
vulnera ...)
        NOT-FOR-US: HCL
 CVE-2025-0192 (A stored Cross-site Scripting (XSS) vulnerability exists in the 
latest ...)
-       TODO: check
+       NOT-FOR-US: wandb/openui
 CVE-2025-0191 (A Denial of Service (DoS) vulnerability exists in the file 
upload feat ...)
-       TODO: check
+       NOT-FOR-US: gaizhenbiao/chuanhuchatgpt
 CVE-2025-0190 (In version 3.25.0 of aimhubio/aim, a denial of service 
vulnerability e ...)
-       TODO: check
+       NOT-FOR-US: aimhubio/aim
 CVE-2025-0189 (In version 3.25.0 of aimhubio/aim, the tracking server is 
vulnerable t ...)
-       TODO: check
+       NOT-FOR-US: aimhubio/aim
 CVE-2025-0188 (A Server-Side Request Forgery (SSRF) vulnerability was 
discovered in g ...)
-       TODO: check
+       NOT-FOR-US: gaizhenbiao/chuanhuchatgpt
 CVE-2025-0187 (A Denial of Service (DoS) vulnerability was discovered in the 
file upl ...)
-       TODO: check
+       NOT-FOR-US: Gradio
 CVE-2025-0185 (A vulnerability in the Dify Tools' Vanna module of the 
langgenius/dify ...)
        TODO: check
 CVE-2025-0184 (A Server-Side Request Forgery (SSRF) vulnerability was 
identified in l ...)
-       TODO: check
+       NOT-FOR-US: langgenius/dify
 CVE-2025-0183 (A stored cross-site scripting (XSS) vulnerability exists in the 
Latex  ...)
-       TODO: check
+       NOT-FOR-US: binary-husky/gpt_academic
 CVE-2025-0182 (A vulnerability in danswer-ai/danswer version 0.9.0 allows for 
denial  ...)
-       TODO: check
+       NOT-FOR-US: danswer-ai/danswer
 CVE-2024-9920 (In version v12 of parisneo/lollms-webui, the 'Send file to AL' 
functio ...)
-       TODO: check
+       NOT-FOR-US: parisneo/lollms-webui
 CVE-2024-9919 (A missing authentication check in the uninstall endpoint of 
parisneo/l ...)
-       TODO: check
+       NOT-FOR-US: parisneo/lollms-webui
 CVE-2024-9901 (LocalAI version v2.19.4 
(af0545834fd565ab56af0b9348550ca9c3cb5349) con ...)
-       TODO: check
+       NOT-FOR-US: LocalAI
 CVE-2024-9900 (mudler/localai version v2.21.1 contains a Cross-Site Scripting 
(XSS) v ...)
-       TODO: check
+       NOT-FOR-US: LocalAI
 CVE-2024-9880 (A command injection vulnerability exists in the 
`pandas.DataFrame.quer ...)
        TODO: check
 CVE-2024-9847 (FlatPress CMS version latest is vulnerable to Cross-Site 
Request Forge ...)
        TODO: check
 CVE-2024-9840 (A Denial of Service (DoS) vulnerability exists in 
open-webui/open-webu ...)
-       TODO: check
+       NOT-FOR-US: open-webui/open-webui
 CVE-2024-9701 (A Remote Code Execution (RCE) vulnerability has been identified 
in the ...)
        TODO: check
 CVE-2024-9699 (A vulnerability in the file upload functionality of the 
FlatPress CMS  ...)
        TODO: check
 CVE-2024-9617 (An IDOR vulnerability in danswer-ai/danswer v0.3.94 allows an 
attacker ...)
-       TODO: check
+       NOT-FOR-US: danswer-ai/danswer
 CVE-2024-9612 (In danswer-ai/danswer v0.3.94, administrators can set the 
visibility o ...)
-       TODO: check
+       NOT-FOR-US: danswer-ai/danswer
 CVE-2024-9606 (In berriai/litellm before version 1.44.12, the 
`litellm/litellm_core_u ...)
-       TODO: check
+       NOT-FOR-US: berriai/litellm
 CVE-2024-9597 (A Path Traversal vulnerability exists in the `/wipe_database` 
endpoint ...)
        TODO: check
 CVE-2024-9447 (An information disclosure vulnerability exists in the latest 
version o ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6abc538ff4e7f9cad485202df25a02284800485

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6abc538ff4e7f9cad485202df25a02284800485
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to