Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
131a490a by Salvatore Bonaccorso at 2025-03-20T22:38:48+01:00
Process more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -296,7 +296,7 @@ CVE-2024-8063 (A divide by zero vulnerability exists in
ollama/ollama version v0
CVE-2024-8062 (A vulnerability in the typeahead endpoint of h2oai/h2o-3
version 3.46. ...)
TODO: check
CVE-2024-8061 (In version 3.23.0 of aimhubio/aim, certain methods that request
data f ...)
- TODO: check
+ NOT-FOR-US: aimhubio/aim
CVE-2024-8060 (OpenWebUI version 0.3.0 contains a vulnerability in the audio
API endp ...)
NOT-FOR-US: OpenWebUI
CVE-2024-8057 (In version 0.4.1 of danswer-ai/danswer, a vulnerability exists
where a ...)
@@ -624,37 +624,37 @@ CVE-2024-10940 (A vulnerability in langchain-core
versions >=0.1.17,<0.1.53, >=0
CVE-2024-10935 (automatic1111/stable-diffusion-webui version 1.10.0 contains a
vulnera ...)
NOT-FOR-US: automatic1111/stable-diffusion-webui
CVE-2024-10912 (A Denial of Service (DoS) vulnerability exists in the file
upload feat ...)
- TODO: check
+ NOT-FOR-US: lm-sys/fastchat
CVE-2024-10908 (An open redirect vulnerability in lm-sys/fastchat Release
v0.2.36 allo ...)
- TODO: check
+ NOT-FOR-US: lm-sys/fastchat
CVE-2024-10907 (In lm-sys/fastchat Release v0.2.36, the server fails to handle
excessi ...)
- TODO: check
+ NOT-FOR-US: lm-sys/fastchat
CVE-2024-10906 (In version 0.6.0 of eosphoros-ai/db-gpt, the `uvicorn` app
created by ...)
- TODO: check
+ NOT-FOR-US: eosphoros-ai/db-gpt
CVE-2024-10902 (In eosphoros-ai/db-gpt version v0.6.0, the web API `POST
/v1/personal/ ...)
- TODO: check
+ NOT-FOR-US: eosphoros-ai/db-gpt
CVE-2024-10901 (In eosphoros-ai/db-gpt version v0.6.0, the web API `POST
/api/v1/edito ...)
- TODO: check
+ NOT-FOR-US: eosphoros-ai/db-gpt
CVE-2024-10835 (In eosphoros-ai/db-gpt version v0.6.0, the web API `POST
/api/v1/edito ...)
- TODO: check
+ NOT-FOR-US: eosphoros-ai/db-gpt
CVE-2024-10834 (eosphoros-ai/db-gpt version 0.6.0 contains a vulnerability in
the RAG- ...)
- TODO: check
+ NOT-FOR-US: eosphoros-ai/db-gpt
CVE-2024-10833 (eosphoros-ai/db-gpt version 0.6.0 is vulnerable to an
arbitrary file w ...)
- TODO: check
+ NOT-FOR-US: eosphoros-ai/db-gpt
CVE-2024-10831 (In eosphoros-ai/db-gpt version 0.6.0, the endpoint for
uploading files ...)
- TODO: check
+ NOT-FOR-US: eosphoros-ai/db-gpt
CVE-2024-10830 (A Path Traversal vulnerability exists in the
eosphoros-ai/db-gpt versi ...)
- TODO: check
+ NOT-FOR-US: eosphoros-ai/db-gpt
CVE-2024-10829 (A Denial of Service (DoS) vulnerability in the multipart
request bound ...)
- TODO: check
+ NOT-FOR-US: eosphoros-ai/db-gpt
CVE-2024-10821 (A Denial of Service (DoS) vulnerability in the multipart
request bound ...)
- TODO: check
+ NOT-FOR-US: Invoke-AI
CVE-2024-10819 (A Cross-Site Request Forgery (CSRF) vulnerability in version
3.83 of b ...)
- TODO: check
+ NOT-FOR-US: binary-husky/gpt_academic
CVE-2024-10812 (An open redirect vulnerability exists in
binary-husky/gpt_academic ver ...)
- TODO: check
+ NOT-FOR-US: binary-husky/gpt_academic
CVE-2024-10762 (In lunary-ai/lunary before version 1.5.9, the /v1/evaluators/
endpoint ...)
- TODO: check
+ NOT-FOR-US: lunary-ai/lunary
CVE-2024-10727 (A reflected cross-site scripting (XSS) vulnerability exists in
phpipam ...)
TODO: check
CVE-2024-10725 (A stored cross-site scripting (XSS) vulnerability exists in
phpipam/ph ...)
@@ -674,21 +674,21 @@ CVE-2024-10719 (A stored cross-site scripting (XSS)
vulnerability exists in phpi
CVE-2024-10718 (In phpipam/phpipam version 1.5.1, the Secure attribute for
sensitive c ...)
TODO: check
CVE-2024-10714 (A vulnerability in binary-husky/gpt_academic version 3.83
allows an at ...)
- TODO: check
+ NOT-FOR-US: binary-husky/gpt_academic
CVE-2024-10713 (A vulnerability in szad670401/hyperlpr v3.0 allows for a
Denial of Ser ...)
TODO: check
CVE-2024-10707 (gaizhenbiao/chuanhuchatgpt version git d4ec6a3 is affected by
a local ...)
- TODO: check
+ NOT-FOR-US: gaizhenbiao/chuanhuchatgpt
CVE-2024-10650 (An unauthenticated Denial of Service (DoS) vulnerability was
identifie ...)
- TODO: check
+ NOT-FOR-US: ChuanhuChatGPT
CVE-2024-10648 (A path traversal vulnerability exists in the Gradio Audio
component of ...)
- TODO: check
+ NOT-FOR-US: Gradio
CVE-2024-10624 (A Regular Expression Denial of Service (ReDoS) vulnerability
exists in ...)
- TODO: check
+ NOT-FOR-US: Gradio
CVE-2024-10572 (In h2oai/h2o-3 version 3.46.0.1, the `run_tool` command
exposes classe ...)
TODO: check
CVE-2024-10569 (A vulnerability in the dataframe component of
gradio-app/gradio (versi ...)
- TODO: check
+ NOT-FOR-US: Gradio
CVE-2024-10553 (A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4
allows u ...)
TODO: check
CVE-2024-10550 (A vulnerability in the `/3/ParseSetup` endpoint of h2oai/h2o-3
version ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/131a490ae4c689019e2ec19748955fed2e2659c2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/131a490ae4c689019e2ec19748955fed2e2659c2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
