CVE-2025-58359 frost-core: refresh shares with smaller min_signers will reduce group security

ZF FROST is a Rust implementation of FROST Flexible Round-Optimised Schnorr Threshold signatures. In versions 2.0.0 through 2.1.0, refresh shares with smaller minsigners will reduce security of group. The inability to change minsigners i.e. the threshold with the refresh share functionality...

CVE-2025-58359 frost-core: refresh shares with smaller min_signers will reduce group security

ZF FROST is a Rust implementation of FROST Flexible Round-Optimised Schnorr Threshold signatures. In versions 2.0.0 through 2.1.0, refresh shares with smaller minsigners will reduce security of group. The inability to change minsigners i.e. the threshold with the refresh share functionality...

tls: always refresh the queue when reading sock

...

PT-2025-36104

Name of the Vulnerable Software and Affected Versions: ZF FROST versions 2.0.0 through 2.1.0 Description: ZF FROST is a Rust implementation of FROST Flexible Round-Optimised Schnorr Threshold signatures. Refresh shares with smaller min signers values in versions 2.0.0 through 2.1.0 can reduce...

frost-core: refresh shares with smaller min_signers will reduce security of group

Impact It was not clear that it is not possible to change minsigners i.e. the threshold with the refresh share functionality frostcore::keys::refresh module. Using a smaller value would not decrease the threshold, and attempts to sign using a smaller threshold would fail. Additionally, after...

GHSA-WGQ8-VR6R-MQXM frost-core: refresh shares with smaller min_signers will reduce security of group

Impact It was not clear that it is not possible to change minsigners i.e. the threshold with the refresh share functionality frostcore::keys::refresh module. Using a smaller value would not decrease the threshold, and attempts to sign using a smaller threshold would fail. Additionally, after...

RHEL 9 : kpatch-patch-5_14_0-427_13_1, kpatch-patch-5_14_0-427_31_1, kpatch-patch-5_14_0-427_44_1, kpatch-patch-5_14_0-427_55_1, and kpatch-patch-5_14_0-427_68_2 (RHSA-2025:14811)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:14811 advisory. This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. This patch module ...

CVE-2025-50986

diskover-web v2.3.0 Community Edition suffers from multiple stored cross-site scripting XSS vulnerabilities in its administrative settings interface. Various configuration fields such as ESHOST, ESINDEXREFRESH, ESPORT, ESSCROLLSIZE, ESTRANSLOGSIZE, ESTRANSLOGSYNCINT, EXCLUDESFILES, FILETYPES,...

GHSA-3RW9-WMC8-8948 Coder accepts an APIKey beyond the linked OIDC expiry if there is no refresh token

Summary If users log in to Coder via OIDC, and the OpenID Identity Provider does not return a refresh token, then Coder may allow their web session to continue beyond the expiration of the token returned by the OpenID Identity Provider. Details When a user logs in via OIDC, Coder stores the OIDC...

Use of a Key Past its Expiration Date

Overview Affected versions of this package are vulnerable to Use of a Key Past its Expiration Date due to improper enforcement of OIDC token expiry in the authentication process when no refresh token is provided. An attacker can maintain unauthorized access to the service by continuously using a...

Coder accepts an APIKey beyond the linked OIDC expiry if there is no refresh token

Summary If users log in to Coder via OIDC, and the OpenID Identity Provider does not return a refresh token, then Coder may allow their web session to continue beyond the expiration of the token returned by the OpenID Identity Provider. Details When a user logs in via OIDC, Coder stores the OIDC...

Use of a Key Past its Expiration Date

Overview Affected versions of this package are vulnerable to Use of a Key Past its Expiration Date due to improper enforcement of OIDC token expiry in the authentication process when no refresh token is provided. An attacker can maintain unauthorized access to the service by continuously using a...

kernel: tls: always refresh the queue when reading sock

In the Linux kernel, the following vulnerability has been resolved: tls: always refresh the queue when reading sock After recent changes in net-next TCP compacts skbs much more aggressively. This unearthed a bug in TLS where we may try to operate on an old skb when checking if all skbs in the que...

CVE-2025-50986

diskover-web v2.3.0 Community Edition suffers from multiple stored cross-site scripting XSS vulnerabilities in its administrative settings interface. Various configuration fields such as ESHOST, ESINDEXREFRESH, ESPORT, ESSCROLLSIZE, ESTRANSLOGSIZE, ESTRANSLOGSYNCINT, EXCLUDESFILES, FILETYPES,...

Linux Distros Unpatched Vulnerability : CVE-2018-19516

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE Applications before 18.12.0 does not properly restrict the handling of an http-equiv=REFRESH...

AlmaLinux 9 : kernel (ALSA-2025:13962)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:13962 advisory. kernel: bpf, testrun: Fix use-after-free issue in ethskbpkttype CVE-2025-21867 microcodectl: From CVEorg collector CVE-2024-28956 kernel: mm/hugetlb:...

Linux Distros Unpatched Vulnerability : CVE-2024-52946

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in LemonLDAP::NG before 2.20.1. An Improper Check during session refresh allows an authenticated user to raise their authentication leve...

kernel: tls: always refresh the queue when reading sock

In the Linux kernel, the following vulnerability has been resolved: tls: always refresh the queue when reading sock After recent changes in net-next TCP compacts skbs much more aggressively. This unearthed a bug in TLS where we may try to operate on an old skb when checking if all skbs in the que...

Linux Distros Unpatched Vulnerability : CVE-2024-0985

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. T...

RHEL 9 : kernel (RHSA-2025:14082)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14082 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: i2c/designware: Fix an...