CVE-2026-0622

Open 5GS WebUI uses a hard-coded JWT signing key change-me whenever the environment variable JWTSECRETKEY is unset...

CVE-2026-0622

Open 5GS WebUI uses a hard-coded JWT signing key change-me whenever the environment variable JWTSECRETKEY is unset...

CVE-2026-0622 Open 5GS WebUI uses a hard-coded JWT signing key

Open 5GS WebUI uses a hard-coded JWT signing key change-me whenever the environment variable JWTSECRETKEY is unset...

MiracleLinux 7 : java-11-openjdk-11.0.11.0.9-1.el7 (AXSA:2021-1697:07)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1697:07 advisory. OpenJDK: Incomplete enforcement of JAR signing disabled algorithms 8249906 CVE-2021-2163 Tenable has extracted the preceding description block directly from...

MiracleLinux 9 : samba-4.17.5-103.el9.ML.1 (AXSA:2023-6312:10)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6312:10 advisory. samba: SMB2 packet signing is not enforced when server signing = required is set CVE-2023-3347 Tenable has extracted the preceding description block directly...

Open5GS security vulnerabilities

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for Lte/Nr networks. Open5GS has a security vulnerability, which stems from the use of a hardcoded JWT signing key...

Open5GS WebUI uses a hard-coded secrets including JSON Web Token signing key

Overview The Open5GS WebUI component contains default hardcoded secrets used for security-sensitive operations, including JSON Web Token JWT signing. If these defaults are not changed, an attacker can forge valid authentication tokens and gain administrative access to the WebUI. This can result i...

MiracleLinux 8 : samba-4.17.5-3.el8.ML.1 (AXSA:2023-6311:09)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6311:09 advisory. samba: SMB2 packet signing is not enforced when server signing = required is set CVE-2023-3347 Tenable has extracted the preceding description block directly...

MiracleLinux 8 : java-1.8.0-openjdk-1.8.0.292.b10-0.el8 (AXSA:2021-1703:07)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1703:07 advisory. OpenJDK: Incomplete enforcement of JAR signing disabled algorithms 8249906 CVE-2021-2163 Tenable has extracted the preceding description block directly from...

MiracleLinux 7 : java-1.8.0-openjdk-1.8.0.292.b10-1.el7 (AXSA:2021-1701:06)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1701:06 advisory. OpenJDK: Incomplete enforcement of JAR signing disabled algorithms 8249906 CVE-2021-2163 Tenable has extracted the preceding description block directly from...

MiracleLinux 8 : bind-9.11.20-5.el8 (AXSA:2021-1277:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1277:01 advisory. bind: asterisk character in an empty non-terminal can cause an assertion failure in rbtdb.c CVE-2020-8619 bind: truncated TSIG response can lead to ...

MiracleLinux 8 : java-11-openjdk-11.0.11.0.9-0.el8 (AXSA:2021-1704:08)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1704:08 advisory. OpenJDK: Incomplete enforcement of JAR signing disabled algorithms 8249906 CVE-2021-2163 Tenable has extracted the preceding description block directly from...

kernel security update

5.14.0-611.24.1 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug:...

kernel security update

6.12.0-124.28.1 - Add new Oracle Linux Driver Signing key 1 certificate Orabug: 37985782 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list...

MiracleLinux 4 : samba-3.6.23-45.AXS4 (AXSA:2017-2303:05)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2303:05 advisory. A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories in areas of the server file...

kernel security update

4.18.0-553.94.1 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...

CVE-2025-59870

HCL MyXalytics is affected by improper management of a static JWT signing secret in the web application, where the secret lacks rotation , introducing a security risk...

CVE-2025-59870 Improper management of a static JWT signing secret in the web application, where the secret lacks rotation , introducing a security risk

HCL MyXalytics v6.7 is affected by improper management of a static JWT signing secret in the web application, where the secret lacks rotation , introducing a security risk...

CVE-2025-59870

Summary: CVE-2025-59870 affects HCL MyXalytics web applications. The issue is improper management of a static JWT signing secret that is not rotated, creating a risk to confidentiality and integrity. The cited sources consistently describe the secret as static and non-rotated across multiple feed...

MiracleLinux 4 : samba4-4.2.10-11.AXS4 (AXSA:2017-2304:03)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2304:03 advisory. It was found that samba did not enforce SMB signing when certain configuration options were enabled. A remote attacker could launch a...