nebula-mesh: Decrypted CA private key persists in heap after signing

internal/pki/resolver.go:36-64 constructs a CAManager with the plaintext ed25519.PrivateKey after unwrapping via the master key; internal/pki/ca.go:13-16 stores it. Callers at internal/api/enroll.go:116, internal/api/updates.go:297, and internal/api/mobilebundle.go:40 use the manager for one Sign...

Fedora 44 : rust-sequoia-cert-store / rust-sequoia-chameleon-gnupg / etc (2026-5c5f4f40a4)

The remote Fedora 44 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-5c5f4f40a4 advisory. - Update the sequoia-wot crate to version 0.15.2. - Update the sequoia-keystore crate to version 0.7.3. This includes a rebuild of all dependent applications...

Fedora 43 : rust-sequoia-cert-store / rust-sequoia-chameleon-gnupg / etc (2026-ecfadb29a1)

The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-ecfadb29a1 advisory. - Update the sequoia-wot crate to version 0.15.2. - Update the sequoia-keystore crate to version 0.7.3. This includes a rebuild of all dependent applications...

[SECURITY] Fedora 43 Update: rust-sequoia-keystore-server-0.2.0-7.fc43

Sequoia keystore daemon...

[SECURITY] Fedora 42 Update: rust-sequoia-keystore-server-0.2.0-7.fc42

Sequoia keystore daemon...

[SECURITY] Fedora 44 Update: rust-sequoia-keystore-server-0.2.0-7.fc44

Sequoia keystore daemon...

About the security content of macOS Sequoia 15.7.5

About the security content of macOS Sequoia 15.7.5 This document describes the security content of macOS Sequoia 15.7.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...

About the security content of iOS 18.7.7 and iPadOS 18.7.7

About the security content of iOS 18.7.7 and iPadOS 18.7.7 About the security content of iOS 18.7.7 and iPadOS 18.7.7. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or release...

[SECURITY] Fedora 42 Update: rust-sequoia-keystore-server-0.2.0-6.fc42

Sequoia keystore daemon...

[SECURITY] Fedora 43 Update: rust-sequoia-keystore-server-0.2.0-6.fc43

Sequoia keystore daemon...

[SECURITY] Fedora 43 Update: rust-sequoia-keystore-server-0.2.0-5.fc43

Sequoia keystore daemon...

[SECURITY] Fedora 42 Update: rust-sequoia-keystore-server-0.2.0-5.fc42

Sequoia keystore daemon...

Fedora 43 : rust-sequoia-keystore-server / rust-sequoia-octopus-librnp / etc (2026-9317b8ea7b)

The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-9317b8ea7b advisory. Rebuild with sequoia-openpgp v2.1.0 to apply fixes for RUSTSEC-2025-0136 / CVE-2025-67897. Tenable has extracted the preceding description block directly fro...

Fedora: Security Advisory (FEDORA-2026-9317b8ea7b)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2026-1814

Rapid7 Nexpose versions 6.4.50 and later are vulnerable to an insufficient entropy issue in the CredentialsKeyStorePassword.generateRandomPassword method. When updating legacy keystore passwords, the application generates a new password with insufficient length 7-12 characters and a static prefix...

CVE-2026-1814

Rapid7 Nexpose versions 6.4.50 and later are vulnerable to an insufficient entropy issue in the CredentialsKeyStorePassword.generateRandomPassword method. When updating legacy keystore passwords, the application generates a new password with insufficient length 7-12 characters and a static prefix...

CVE-2026-1814

CVE-2026-1814 affects Rapid7 Nexpose versions 6.4.50 and later. The root cause is an insufficient entropy issue in Password key generation: CredentialsKeyStorePassword.generateRandomPassword() creates passwords with insufficient length (7–12 chars) and a static prefix 'p', yielding a weak keyspac...

EUVD-2026-5222

Rapid7 Nexpose versions 6.4.50 and later are vulnerable to an insufficient entropy issue in the CredentialsKeyStorePassword.generateRandomPassword method. When updating legacy keystore passwords, the application generates a new password with insufficient length 7-12 characters and a static prefix...

CVE-2026-1814 Rapid7 Nexpose Insecure Java Keystore Password Generation

Rapid7 Nexpose versions 6.4.50 and later are vulnerable to an insufficient entropy issue in the CredentialsKeyStorePassword.generateRandomPassword method. When updating legacy keystore passwords, the application generates a new password with insufficient length 7-12 characters and a static prefix...

CVE-2026-1814 Rapid7 Nexpose Insecure Java Keystore Password Generation

Rapid7 Nexpose versions 6.4.50 and later are vulnerable to an insufficient entropy issue in the CredentialsKeyStorePassword.generateRandomPassword method. When updating legacy keystore passwords, the application generates a new password with insufficient length 7-12 characters and a static prefix...