Security update for MozillaFirefox, MozillaFirefox-branding-SLE

This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues: This is the Firefox Extended Support Release 140.0esr ESR Major changes: General: Reader View now has an enhanced Text and Layout menu with new options for character spacing, word spacing, and text alignment...

SUSE-SU-2025:02339-1 Security update for MozillaFirefox, MozillaFirefox-branding-SLE

This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues: This is the Firefox Extended Support Release 140.0esr ESR Major changes: General: - Reader View now has an enhanced Text and Layout menu with new options for character spacing, word spacing, and text alignment...

OSV-2025-547 Security exception in com.alibaba.fastjson2.JSONReader.readArray

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=431584944 Crash type: Security exception Crash state: com.alibaba.fastjson2.JSONReader.readArray java.base/java.nio.charset.CharsetEncoder. java.base/java.nio.charset.CharsetEncoder...

CVE-2025-44003

Missing Release of Resource after Effective Lifetime CWE-772 in the Gallagher T-Series Reader allows an attacker with physical access to the reader to perform a limited denial of service when 125 kHz Card Technology is enabled. This issue affects T-Series Readers: 9.20 prior to vCR9.20.250213a...

Expected Behavior Violation

Overview llama-index is an Interface between LLMs and your data Affected versions of this package are vulnerable to Expected Behavior Violation via the DocugamiReader class. An attacker can cause loss of important document content, disrupt parent-child chunk hierarchies, and lead to inaccurate AI...

DEBIAN-CVE-2025-38267

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Do not trigger WARNON due to a commitoverrun When reading a memory mapped buffer the reader page is just swapped out with the last page written in the write buffer. If the reader page is the same as the commit buffer...

CVE-2025-44003

Missing Release of Resource after Effective Lifetime CWE-772 in the Gallagher T-Series Reader allows an attacker with physical access to the reader to perform a limited denial of service when 125 kHz Card Technology is enabled. This issue affects T-Series Readers: 9.20 prior to vCR9.20.250213a...

CVE-2025-44003

CVE-2025-44003 affects Gallagher T-Series Reader. A CWE-772 resource leak in the reader allows a limited denial of service when 125 kHz Card Technology is enabled, exploitable by someone with physical access. Affected versions include: prior to 9.20.250213a, prior to 9.10.250213a, prior to 9.00.2...

CVE-2025-44003

Missing Release of Resource after Effective Lifetime CWE-772 in the Gallagher T-Series Reader allows an attacker with physical access to the reader to perform a limited denial of service when 125 kHz Card Technology is enabled. This issue affects T-Series Readers: 9.20 prior to vCR9.20.250213a...

CVE-2025-44003

Missing Release of Resource after Effective Lifetime CWE-772 in the Gallagher T-Series Reader allows an attacker with physical access to the reader to perform a limited denial of service when 125 kHz Card Technology is enabled. This issue affects T-Series Readers: 9.20 prior to vCR9.20.250213a...

Gallagher T-Series Reader 安全漏洞

The Gallagher T-Series Reader is a card reader in an access control system from Gallagher of New Zealand. A security vulnerability exists in the Gallagher T-Series Reader that stems from improper resource release and could lead to a denial of service attack. The following versions are affected:...

Medium: apache-commons-io

Issue Overview: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are...

PT-2025-28973 · Gallagher · Gallagher T-Series Reader

Name of the Vulnerable Software and Affected Versions: Gallagher T-Series Reader versions prior to 9.20.250213a Gallagher T-Series Reader versions prior to 9.10.250213a Gallagher T-Series Reader versions prior to 9.00.250619a Gallagher T-Series Reader versions 8.90 and earlier Description: A...

Expected Behavior Violation

Overview llama-index-readers-papers is a llama-index readers papers integration Affected versions of this package are vulnerable to Expected Behavior Violation via the ArxivReader process. An attacker can cause data loss by uploading papers with identical titles but different contents, resulting ...

Directory Traversal

Overview llama-index is an Interface between LLMs and your data Affected versions of this package are vulnerable to Directory Traversal via the ObsidianReader process. An attacker can access arbitrary files outside the intended directory by creating symbolic links that point to sensitive files,...

Directory Traversal

Overview llama-index is an Interface between LLMs and your data Affected versions of this package are vulnerable to Directory Traversal via the loaddata method in the ObsidianReader class. An attacker can access sensitive system files by exploiting hardlinks to bypass path restrictions. Details A...

Uncontrolled Recursion

Overview llama-index-core is an Interface between LLMs and your data Affected versions of this package are vulnerable to Uncontrolled Recursion via the JSONReader process. An attacker can cause the application to crash by submitting deeply nested JSON structures, resulting in a stack overflow and...

Uncontrolled Recursion

Overview llama-index is an Interface between LLMs and your data Affected versions of this package are vulnerable to Uncontrolled Recursion via the JSONReader process. An attacker can cause the application to crash by submitting deeply nested JSON structures, resulting in a stack overflow and...

LlamaIndex 安全漏洞

LlamaIndex is a data framework for LLM applications from the LlamaIndex open source. A security vulnerability exists in LlamaIndex 0.12.22.post1 and earlier versions, which stems from an MD5 hash conflict when generating filenames in the ArxivReader class, which could lead to data loss...

Vulnerabilities fixed in Adobe Acrobat Reader

Adobe has fixed vulnerabilities in Acrobat Reader Specifically for versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier. The vulnerabilities include a Use After Free, out-of-bounds write, out-of-bounds read and NULL Pointer Dereference. These vulnerabilities can lead to the execution of...