Lucene search
K

7 matches found

OSV
OSV
added 2025/07/22 9:31 p.m.16 views

GHSA-X9HG-5Q6G-Q3JR Ollama vulnerable to Cross-Domain Token Exposure

Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authentication tokens and bypass access controls via a malicious realm value in a WWW-Authenticate header returned by the /api/pull endpoint...

6.9CVSS6.5AI score0.03837EPSS
Exploits2References6
OSV
OSV
added 2025/03/31 5:3 p.m.11 views

GO-2025-3559 Ollama Divide By Zero vulnerability in github.com/ollama/ollama

Ollama Divide By Zero vulnerability in github.com/ollama/ollama...

7.5CVSS6.7AI score0.13476EPSS
Exploits1References2
OSV
OSV
added 2025/03/31 5:3 p.m.15 views

GO-2025-3558 Ollama Allows Out-of-Bounds Read in github.com/ollama/ollama

Ollama Allows Out-of-Bounds Read in github.com/ollama/ollama...

7.5CVSS6.7AI score0.00822EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.16 views

Ollama Allows Out-of-Bounds Read

A vulnerability in Ollama versions =0.3.14 allows a malicious user to create a customized gguf model file that can be uploaded to the public Ollama server. When the server processes this malicious model, it crashes, leading to a Denial of Service DoS attack. The root cause of the issue is an...

7.5CVSS6.5AI score0.00822EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.6 views

PT-2025-12118 · Ollama · Ollama

Name of the Vulnerable Software and Affected Versions: Ollama versions =0.3.14 Description: A malicious user can create a customized gguf model file that can be uploaded to the public Ollama server, causing it to crash and leading to a Denial of Service DoS attack. The root cause of the issue is ...

7.5CVSS7.2AI score0.13476EPSS
Exploits5References14
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.4 views

PT-2025-12309 · Ollama · Ollama

Name of the Vulnerable Software and Affected Versions: ollama/ollama versions prior to 0.3.14 Description: The issue allows a malicious user to create a customized GGUF model file that, when uploaded and created on the Ollama server, can cause a crash due to an unchecked null pointer dereference...

9.6CVSS7.4AI score0.00872EPSS
Exploits2References20
OSV
OSV
added 2024/08/29 12:0 a.m.16 views

CVE-2024-45436

extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a ZIP archive outside of the parent directory...

9.1CVSS7.5AI score0.02581EPSS
Exploits2References4
Rows per page
Query Builder