Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3dd6b442 by Moritz Muehlenhoff at 2025-03-21T08:07:12+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -294,7 +294,7 @@ CVE-2024-8065 (A Cross-Site Request Forgery (CSRF)
vulnerability in version v1.4
CVE-2024-8063 (A divide by zero vulnerability exists in ollama/ollama version
v0.3.3. ...)
- ollama <itp> (bug #1094806)
CVE-2024-8062 (A vulnerability in the typeahead endpoint of h2oai/h2o-3
version 3.46. ...)
- TODO: check
+ NOT-FOR-US: h2oai/h2o-3
CVE-2024-8061 (In version 3.23.0 of aimhubio/aim, certain methods that request
data f ...)
NOT-FOR-US: aimhubio/aim
CVE-2024-8060 (OpenWebUI version 0.3.0 contains a vulnerability in the audio
API endp ...)
@@ -310,17 +310,17 @@ CVE-2024-8029 (An XSS vulnerability was discovered in the
upload file(s) process
CVE-2024-8028 (A vulnerability in danswer-ai/danswer v0.3.94 allows an
attacker to ca ...)
NOT-FOR-US: danswer-ai/danswer
CVE-2024-8027 (A stored Cross-Site Scripting (XSS) vulnerability exists in
netease-yo ...)
- TODO: check
+ NOT-FOR-US: netease-youdao/QAnything
CVE-2024-8026 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the
backen ...)
- TODO: check
+ NOT-FOR-US: netease-youdao/QAnything
CVE-2024-8024 (A CORS misconfiguration vulnerability exists in
netease-youdao/qanythi ...)
- TODO: check
+ NOT-FOR-US: netease-youdao/qanything
CVE-2024-8021 (An open redirect vulnerability exists in the latest version of
gradio- ...)
NOT-FOR-US: Gradio
CVE-2024-8020 (A vulnerability in lightning-ai/pytorch-lightning version 2.3.2
allows ...)
- TODO: check
+ NOT-FOR-US: pytorch-lightning
CVE-2024-8019 (In lightning-ai/pytorch-lightning version 2.3.2, a
vulnerability exist ...)
- TODO: check
+ NOT-FOR-US: pytorch-lightning
CVE-2024-8018 (A vulnerability in imartinez/privategpt version 0.5.0 allows
for a Den ...)
NOT-FOR-US: imartinez/privategpt
CVE-2024-8017 (An XSS vulnerability exists in open-webui/open-webui versions
<= 0.3.8 ...)
@@ -492,7 +492,7 @@ CVE-2024-12759 (In bentoml/bentoml version 1.3.9, the
`/login` endpoint of the n
CVE-2024-12720 (A Regular Expression Denial of Service (ReDoS) vulnerability
was ident ...)
TODO: check
CVE-2024-12704 (A vulnerability in the LangChainLLM class of the
run-llama/llama_index ...)
- TODO: check
+ NOT-FOR-US: run-llama/llama_index
CVE-2024-12580 (A vulnerability in danny-avila/librechat prior to version
0.7.6 allows ...)
NOT-FOR-US: danny-avila/librechat
CVE-2024-12537 (In version 0.3.32 of open-webui/open-webui, the absence of
authenticat ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3dd6b442e25bf4b6f7e7f65116011012cbf27970
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3dd6b442e25bf4b6f7e7f65116011012cbf27970
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
