Critical Flaws in Ollama AI Framework Could Enable DoS, Model Theft, and Poisoning

November 4, 2024 at 09:45AM Cybersecurity researchers identified six vulnerabilities in the Ollama AI framework, enabling attacks like denial-of-service, model poisoning, and theft. Two unresolved issues remain unpatched, emphasizing the need for users to restrict internet exposure of certain endpoints. Of 9,831 instances analyzed, one in four is vulnerable. ### Meeting Takeaways – Cybersecurity Vulnerabilities … Read more

Critical RCE Vulnerability Discovered in Ollama AI Infrastructure Tool

June 24, 2024 at 10:24AM Cybersecurity researchers disclosed a security flaw, CVE-2024-37032, affecting the Ollama open-source AI platform, enabling remote code execution. The issue was fixed in version 0.1.34. Exploiting the vulnerability involves manipulating HTTP requests. In default Linux installations, the risk is lowered, but Docker deployments are at high risk. Wiz identified over 1,000 … Read more