Ollama

Ollama

20 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-66959

Exploit
  • EPSS 0.28%
  • Veröffentlicht 21.01.2026 00:00:00
  • Zuletzt bearbeitet 02.02.2026 17:27:47

An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the GGUF decoder

7.5

CVE-2025-66960

Exploit
  • EPSS 0.28%
  • Veröffentlicht 21.01.2026 00:00:00
  • Zuletzt bearbeitet 02.02.2026 17:27:26

An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the fs/ggml/gguf.go, function readGGUFV1String reads a string length from untrusted GGUF metadata

7.5

CVE-2025-15514

Exploit
  • EPSS 0.09%
  • Veröffentlicht 12.01.2026 23:03:52
  • Zuletzt bearbeitet 21.01.2026 17:52:04

Ollama 0.11.5-rc0 through current version 0.13.5 contain a null pointer dereference vulnerability in the multi-modal model image processing functionality. When processing base64-encoded image data via the /api/chat endpoint, the application fails to ...

9.8

CVE-2025-63389

  • EPSS 0.18%
  • Veröffentlicht 18.12.2025 00:00:00
  • Zuletzt bearbeitet 22.01.2026 18:16:43

A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without requiring authentication, enabling remote attackers to perform un...

6.6

CVE-2025-44779

  • EPSS 0.03%
  • Veröffentlicht 07.08.2025 00:00:00
  • Zuletzt bearbeitet 14.08.2025 20:00:57

An issue in Ollama v0.1.33 allows attackers to delete arbitrary files via sending a crafted packet to the endpoint /api/pull.

6.9

CVE-2025-51471

Exploit
  • EPSS 0.03%
  • Veröffentlicht 22.07.2025 00:00:00
  • Zuletzt bearbeitet 17.10.2025 18:15:36

Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authentication tokens and bypass access controls via a malicious realm value in a WWW-Authenticate header returned by the /api/pull endp...

7.5

CVE-2025-1975

Exploit
  • EPSS 0.18%
  • Veröffentlicht 16.05.2025 08:25:57
  • Zuletzt bearbeitet 24.06.2025 16:40:44

A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service (DoS) attack by customizing the manifest content and spoofing a service. This is due to improper validation of array index access when downloadin...

7.5

CVE-2024-8063

Exploit
  • EPSS 0.25%
  • Veröffentlicht 20.03.2025 10:10:56
  • Zuletzt bearbeitet 13.05.2025 13:28:05

A divide by zero vulnerability exists in ollama/ollama version v0.3.3. The vulnerability occurs when importing GGUF models with a crafted type for `block_count` in the Modelfile. This can lead to a denial of service (DoS) condition when the server pr...

7.5

CVE-2025-0312

Exploit
  • EPSS 0.23%
  • Veröffentlicht 20.03.2025 10:10:53
  • Zuletzt bearbeitet 28.03.2025 14:11:12

A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to create a customized GGUF model file that, when uploaded and created on the Ollama server, can cause a crash due to an unchecked null pointer dereference. This can lead to a...

7.5

CVE-2024-12886

  • EPSS 0.14%
  • Veröffentlicht 20.03.2025 10:10:28
  • Zuletzt bearbeitet 15.10.2025 13:15:41

An Out-Of-Memory (OOM) vulnerability exists in the `ollama` server version 0.3.14. This vulnerability can be triggered when a malicious API server responds with a gzip bomb HTTP response, leading to the `ollama` server crashing. The vulnerability is ...