GHSA-27W2-87XV-37C6 nimiq-keys: Unchecked Ed25519 signature length in TaggedPublicKey::verify causes remote node panic via DHT

Impact A malicious network peer can crash any Nimiq full node by publishing a crafted Kademlia DHT record containing a TaggedSigned with a signature field whose byte length is not exactly 64. When the victim node's DHT verifier calls TaggedSigned::verify, execution reaches...

ROOT-APP-MAVEN-CVE-2025-11226 CVE-2025-11226 in io.root.ch.qos.logback:logback-core - Patched by Root

Root has patched CVE-2025-11226 in the io.root.ch.qos.logback:logback-core package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-GHSA-2M67-WJPJ-XHG9 GHSA-2m67-wjpj-xhg9 in io.root.tools.jackson.core:jackson-core - Patched by Root

Root has patched GHSA-2m67-wjpj-xhg9 in the io.root.tools.jackson.core:jackson-core package for Root:Maven. Multiple fixed versions available...

jackson-core has Nesting Depth Constraint Bypass in `UTF8DataInputJsonParser` potentially allowing Resource Exhaustion

Summary The UTF8DataInputJsonParser, which is used when parsing from a java.io.DataInput source, bypasses the maxNestingDepth constraint default: 500 defined in StreamReadConstraints. A similar issue was found in ReaderBasedJsonParser. This allows a user to supply a JSON document with excessive...

UBUNTU-CVE-2022-48838

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: Fix use-after-free bug by not setting udc-dev.driver The syzbot fuzzer found a use-after-free bug: BUG: KASAN: use-after-free in devuevent+0x712/0x780 drivers/base/core.c:2320 Read of size 8 at addr ffff88802b934098 ...

keycloak-core: open redirect via "form_post.jwt" JARM response mode

An incomplete fix was found in Keycloak Core patch. An attacker can steal authorization codes or tokens from clients using a wildcard in the JARM response mode "formpost.jwt". It is observed that changing the responsemode parameter in the original proof of concept from "formpost" to "formpost.jwt...

Hackers Actively Exploiting Latest Drupal RCE Flaw Published Last Week

Cybercriminals have actively started exploiting an already patched security vulnerability in the wild to install cryptocurrency miners on vulnerable Drupal websites that have not yet applied patches and are still vulnerable. Last week, developers of the popular open-source content management syst...

Solaris 10 (sparc) : 138826-12

SunOS 5.10: PostgreSQL 8.3 core patch. Date this patch was last updated by Sun : Mar/29/13 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if...

Solaris 10 (x86) : 124582-08

commcli 7.0-8.00x86: core patch. Date this patch was last updated by Sun : Nov/06/13 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

Solaris 10 (x86) : 137632-17

Sun Convergence 1.0-17.01x86: core patch. Date this patch was last updated by Sun : Jun/24/11 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if...

Solaris 10 (sparc) : 137204-33

Messaging Server 64bit 7.0.5.33.0: core patch. Date this patch was last updated by Sun : Sep/15/14 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if...

Unbreakable Enterprise kernel security update

2.6.39-400.283.1 - atl2: Disable unimplemented scatter/gather feature Ben Hutchings Orabug: 23703990 CVE-2016-2117 - mlx4core: add module parameter to disable background init Mukesh Kacker Orabug: 23292107 - NFSv4: Don't decode fslocations if we didn't ask for them... Trond Myklebust Orabug:...

Solaris 10 (sparc) : 142785-17 (deprecated)

Oracle Communications Calendar Server 7u5-17.22: core patch. Date this patch was last updated by Sun : Feb/21/15 This plugin has been deprecated and either replaced with individual 142785 patch-revision plugins, or deemed non-security related. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

HP-UX PHSS_41363 : s700_800 11.X OV DP6.11 HP-UX PA-Risc - Core patch

s700800 11.X OV DP6.11 HP-UX PA-Risc - Core patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP OpenView Storage Data Protector. The vulnerability could be remotely exploited to execute arbitrary code. HPSBMA0263...

Solaris 9 (x86) : 116569-99

Messaging Server 6.1x86: core patch. Date this patch was last updated by Sun : Feb/09/05 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if descriptio...

Solaris 10 (x86) : 121658-54 (deprecated)

Calendar Server SunOS 5.9x86 5.10x86: Core patch. Date this patch was last updated by Sun : Aug/14/13 This plugin has been deprecated and either replaced with individual 121658 patch-revision plugins, or deemed non-security related. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. @DEPRECATED...

Solaris 9 (x86) : 121658-54

Calendar Server SunOS 5.9x86 5.10x86: Core patch. Date this patch was last updated by Sun : Aug/14/13 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; ...

Solaris 9 (sparc) : 126105-42

Sun Cluster 3.2: CORE patch for Solaris 9. Date this patch was last updated by Sun : Apr/27/10 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if...

Solaris 9 (x86) : 120229-45

Messaging Server 6.3-16.01x86: core patch. Date this patch was last updated by Sun : Nov/30/11 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if...

Solaris 9 (sparc) : 122793-36

Sun Java System Communications Express 6.3-23.01: core patch. Date this patch was last updated by Sun : Jun/25/12 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc';...