31 matches found
SUSE CVE-2026-7020
A security flaw has been discovered in Ollama up to 0.20.2. This affects the function digestToPath of the file x/imagegen/transfer/transfer.go of the component Tensor Model Transfer Handler. The manipulation of the argument digest results in path traversal. The attack may be performed from remote...
Ollama is Vulnerable to Path Traversal
A security flaw has been discovered in Ollama up to 0.20.2. This affects the function digestToPath of the file x/imagegen/transfer/transfer.go of the component Tensor Model Transfer Handler. The manipulation of the argument digest results in path traversal. The attack may be performed from remote...
GHSA-X99G-8V8J-25J2 Ollama is Vulnerable to Path Traversal
A security flaw has been discovered in Ollama up to 0.20.2. This affects the function digestToPath of the file x/imagegen/transfer/transfer.go of the component Tensor Model Transfer Handler. The manipulation of the argument digest results in path traversal. The attack may be performed from remote...
CVE-2026-7020
CVE-2026-7020 affects Ollama up to version 0.20.2. The vulnerability lies in the digestToPath function (x/imagegen/transfer/transfer.go) where manipulating the digest enables path traversal. The attack can be performed remotely and is described as high complexity with a documented PoC/exploit. Co...
CVE-2026-7020
A security flaw has been discovered in Ollama up to 0.20.2. This affects the function digestToPath of the file x/imagegen/transfer/transfer.go of the component Tensor Model Transfer Handler. The manipulation of the argument digest results in path traversal. The attack may be performed from remote...
PT-2026-35201
A security flaw has been discovered in Ollama up to 0.20.2. This affects the function digestToPath of the file x/imagegen/transfer/transfer.go of the component Tensor Model Transfer Handler. The manipulation of the argument digest results in path traversal. The attack may be performed from remote...
CVE-2026-33312 Read-only Vikunja users can delete project background images via broken object-level authorization
Vikunja is an open-source self-hosted task management platform. Starting in version 0.20.2 and prior to version 2.2.0, the DELETE /api/v1/projects/:project/background endpoint checks CanRead permission instead of CanUpdate, allowing any user with read-only access to a project to permanently delet...
litestar-ormar (>=0.0.1 <=0.0.6) potentially affected by CVE-2026-27953 via ormar (=0.20.2)
ormar PYPI version =0.20.2 is affected by a known vulnerability. The following packages have a transitive dependency on ormar and may be impacted: - litestar-ormar =0.0.1, =0.0.6 Source cves: CVE-2026-27953 Source advisory: OSV:GHSA-F964-WHRQ-44H8...
External Secrets Security Vulnerabilities
External Secrets is an open-source Kubernetes-related application developed by External Secrets. There were security vulnerabilities in versions 0.20.2 to 1.2.0 of External Secrets. These vulnerabilities stemmed from the getSecretKey template function, which allowed access to secrets across...
MiracleLinux 9 : LibRaw-0.20.2-6.el9 (AXSA:2023-6676:01)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6676:01 advisory. LibRaw: stack buffer overflow in LibRawbufferdatastream::gets in src/librawdatastream.cpp CVE-2021-32142 Tenable has extracted the preceding description bloc...
CLEANSTART-2025-JL63399 Security fixes for CVE-2025-61729 applied in versions: 0.20.2-r1
Security vulnerability affects the trust-manager package. This issue is resolved in later releases. See references for CVE details...
Moderate: Red Hat Security Advisory: Submariner v0.20.2 security fixes and container updates
Submariner v0.20.2 General Availability release images, which provide enhancements, security fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization when operator-imposed boundlocations restrictions are in effect, due to missing validation of Azure-issued JWTs against vmname or vmssname values. A user can bypass the intended geographic restrictions by...
DEBIAN-CVE-2025-32699
Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid.This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1; Parsoid: before 0.16.5, 0.19.2, 0.20.2...
GHSA-5PGG-2G8V-P4X9 SheetJS Regular Expression Denial of Service (ReDoS)
SheetJS Community Edition before 0.20.2 is vulnerable.to Regular Expression Denial of Service ReDoS. A non-vulnerable version cannot be found via npm, as the repository hosted on GitHub and the npm package xlsx are no longer maintained. Version 0.20.2 can be downloaded via https://cdn.sheetjs.com...
CVE-2024-22363
SheetJS Community Edition before 0.20.2 is vulnerable.to Regular Expression Denial of Service ReDoS...
SheetJS 安全漏洞
SheetJS is a software application. A parser and writer for various spreadsheet formats. A security vulnerability exists in SheetJS Community Edition prior to version 0.20.2 that stems from vulnerability to regular expression denial of service attacks...
CVE-2024-22363
SheetJS Community Edition before 0.20.2 is vulnerable.to Regular Expression Denial of Service ReDoS...
CVE-2024-22363
SheetJS Community Edition before 0.20.2 is vulnerable to Regular Expression Denial of Service (ReDoS) caused by an inefficient regular expression. Impact is resource exhaustion (high) as stated in the CVE entry with CVSSv3.1: 7.5 (Network attack, no user interaction, all else unchanged; availabil...
PT-2024-19365 · Unknown · Sheetjs Community Edition
Name of the Vulnerable Software and Affected Versions: SheetJS Community Edition versions prior to 0.20.2 Description: The issue is related to a Regular Expression Denial of Service ReDoS in the SheetJS Community Edition. It is estimated that over 2,000,000 devices are potentially affected due to...