Moderate: java-17-openjdk security update

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: JDK: Better TLS connection support CVE-2025-21587 JDK: Improve compiler transformations CVE-2025-30691 JDK: Enhance Buffered Image handling CVE-2025-30698...

Moderate: java-21-openjdk security update

The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fixes: JDK: Better TLS connection support CVE-2025-21587 JDK: Improve compiler transformations CVE-2025-30691 JDK: Enhance Buffered Image handling CVE-2025-30698 For...

RHEL 9 : libxslt (RHSA-2025:3613)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:3613 advisory. libxslt is a library for transforming XML files into other textual formats including HTML, plain text, and other XML representations of the underlyin...

RHEL 8 : libxslt (RHSA-2025:3625)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:3625 advisory. libxslt is a library for transforming XML files into other textual formats including HTML, plain text, and other XML representations of the...

firefox: thunderbird: Use-after-free triggered by XSLTProcessor

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free...

ALSA-2025:3615 Important: libxslt security update

libxslt is a library for transforming XML files into other textual formats including HTML, plain text, and other XML representations of the underlying data using the standard XSLT stylesheet transformation mechanism. Security Fixes: libxslt: Use-After-Free in libxslt numbers.c CVE-2025-24855...

CVE-2025-29069

A heap buffer overflow vulnerability has been identified in the lcms2-2.16. The vulnerability exists in the UnrollChunkyBytes function in cmspack.c, which is responsible for handling color space transformations. NOTE: this is disputed by the Supplier because the finding identified a bug in a...

UBUNTU-CVE-2025-29069

A heap buffer overflow vulnerability has been identified in the lcms2-2.16. The vulnerability exists in the UnrollChunkyBytes function in cmspack.c, which is responsible for handling color space transformations...

CVE-2025-29069

A heap buffer overflow vulnerability has been identified in the lcms2-2.16. The vulnerability exists in the UnrollChunkyBytes function in cmspack.c, which is responsible for handling color space transformations. NOTE: this is disputed by the Supplier because the finding identified a bug in a...

CVE-2025-29069

A heap buffer overflow vulnerability has been identified in the lcms2-2.16. The vulnerability exists in the UnrollChunkyBytes function in cmspack.c, which is responsible for handling color space transformations. NOTE: this is disputed by the Supplier because the finding identified a bug in a...

CVE-2025-29069

CVE-2025-29069 : A heap buffer overflow vulnerability is described in Little CMS (lcms2) version 2.16, located in the UnrollChunkyBytes function of cmspack.c which handles color space transformations. The supplier disputes the finding, stating the bug is in a third‑party calling program, not in l...

CVE-2025-30225

Directus is a real-time API and App dashboard for managing SQL database content. The @directus/storage-driver-s3 package starting in version 9.22.0 and prior to version 12.0.1, corresponding to Directus starting in version 9.22.0 and prior to 11.5.0, is vulnerable to asset unavailability after a...

Directus's S3 assets become unavailable after a burst of malformed transformations

Summary When making many malformed transformation requests at once, at some point, all assets are being served as 403. Details When I was investigating this issue, I have found that after a burst of malformed asset transformation requests, the amount of sockets held on Agent on NodeHttpHandler wa...

CVE-2025-30225

Directus is a real-time API and App dashboard for managing SQL database content. The @directus/storage-driver-s3 package starting in version 9.22.0 and prior to version 12.0.1, corresponding to Directus starting in version 9.22.0 and prior to 11.5.0, is vulnerable to asset unavailability after a...

CVE-2025-30225 Directus's S3 assets become unavailable after a burst of malformed transformations

Directus is a real-time API and App dashboard for managing SQL database content. The @directus/storage-driver-s3 package starting in version 9.22.0 and prior to version 12.0.1, corresponding to Directus starting in version 9.22.0 and prior to 11.5.0, is vulnerable to asset unavailability after a...

CVE-2025-30225 Directus's S3 assets become unavailable after a burst of malformed transformations

Directus is a real-time API and App dashboard for managing SQL database content. The @directus/storage-driver-s3 package starting in version 9.22.0 and prior to version 12.0.1, corresponding to Directus starting in version 9.22.0 and prior to 11.5.0, is vulnerable to asset unavailability after a...

CVE-2025-30225

The CVE affects Directus users via the @directus/storage-driver-s3 driver: versions 9.22.0 up to 11.5.0 (paired Directus 9.22.0 to 11.5.0) are vulnerable to asset unavailability after a burst of malformed transformation requests, causing all assets to return 403 under load. The issue is fixed in ...

CVE-2025-30225 Directus's S3 assets become unavailable after a burst of malformed transformations

Directus is a real-time API and App dashboard for managing SQL database content. The @directus/storage-driver-s3 package starting in version 9.22.0 and prior to version 12.0.1, corresponding to Directus starting in version 9.22.0 and prior to 11.5.0, is vulnerable to asset unavailability after a...

[SECURITY] Fedora 40 Update: libxslt-1.1.43-1.fc40

This C library allows to transform XML files into other XML files or HTML, text, ... using the standard XSLT stylesheet transformation mechanism. To use it you need to have a version of libxml2 =3D 2.6.27 installed. The xsltproc command is a command line interface to the XSLT engine...

CVE-2025-27097

GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL. When a user transforms on the root level or single source with...