Lucene search
K

7 matches found

Cvelist
Cvelist
added 2025/08/07 12:0 a.m.21 views

CVE-2025-44779

An issue in Ollama v0.1.33 allows attackers to delete arbitrary files via sending a crafted packet to the endpoint /api/pull...

0.00174EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/03/20 10:11 a.m.27 views

CVE-2025-0313

...

Exploits0
Vulnrichment
Vulnrichment
added 2025/03/20 10:10 a.m.8 views

CVE-2025-0317 Divide By Zero in ollama/ollama

A vulnerability in ollama/ollama versions =0.3.14 allows a malicious user to upload and create a customized GGUF model file on the Ollama server. This can lead to a division by zero error in the ggufPadding function, causing the server to crash and resulting in a Denial of Service DoS attack...

7.5CVSS7.5AI score0.13476EPSS
Exploits1References1
CVE
CVE
added 2024/10/31 12:0 a.m.116 views

CVE-2024-39720

CVE-2024-39720 affects Ollama prior to 0.1.46. An attacker can craft and send two HTTP requests to upload a malformed GGUF file (4 bytes) beginning with the GGUF header, using a malicious Modelfile that FROM-references an attacker-controlled blob file. This triggers a crash in the CreateModel rou...

8.2CVSS7AI score0.02479EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2024/10/31 12:0 a.m.26 views

CVE-2024-39720

An issue was discovered in Ollama before 0.1.46. An attacker can use two HTTP requests to upload a malformed GGUF file containing just 4 bytes starting with the GGUF custom magic header. By leveraging a custom Modelfile that includes a FROM statement pointing to the attacker-controlled blob file,...

0.02479EPSS
Exploits1References2
CVE
CVE
added 2024/10/31 12:0 a.m.111 views

CVE-2024-39722

CVE-2024-39722 affects Ollama prior to 0.1.46. A path traversal in the /api/push route can disclose which files exist on the server (information disclosure). The issue has been referenced across multiple feeds (Red Hat, NVD, SUSE, OSS/OSV) and is graded CVSSv3.1 v3.1 with a base score of 7.5 (Hig...

7.5CVSS7AI score0.03938EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2024/10/31 12:0 a.m.12 views

CVE-2024-39721

An issue was discovered in Ollama before 0.1.34. The CreateModelHandler function uses os.Open to read a file until completion. The req.Path parameter is user-controlled and can be set to /dev/random, which is blocking, causing the goroutine to run infinitely even after the HTTP request is aborted...

7.5CVSS6.8AI score0.02683EPSS
Exploits1References5
Rows per page
Query Builder