MiracleLinux 8 : java-1.8.0-openjdk-1.8.0.482.b08-1.el8 (AXSA:2026-109:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-109:02 advisory. JDK: Improve JMX connections CVE-2026-21925 JDK: Improve HttpServer Request handling CVE-2026-21933 JDK: Enhance Certificate Checking CVE-2026-21945...

MAL-2025-6149 Malicious code in api-key-provider (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0a88a62f8ea00d632d4e82aaad35c4ba5fc30f8c8974e967235a721edb9df9c6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in api-key-provider (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0a88a62f8ea00d632d4e82aaad35c4ba5fc30f8c8974e967235a721edb9df9c6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SUSE CVE-2022-45047

Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD = 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys ...

GHSA-FHW8-8J55-VWGQ Unsafe deserialization in Apache MINA SSHD

Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD = 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys ...

Deserialization of untrusted data

Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD = 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys ...

Citrix Federated Authentication Service (FAS) Security Update

An issue has been identified in Citrix Federated Authentication Service FAS which causes deployments that have been configured to store a registration authority certificate's private key in a Trusted Platform Module TPM to incorrectly store that key in the Microsoft Software Key Storage Provider...

GHSA-4PH2-8337-HM62 Key Caching behavior in the DynamoDB Encryption Client.

Impact This advisory concerns users of MostRecentProvider in the DynamoDB Encryption Client with a key provider like AWS Key Management Service that allows for permissions on keys to be modified. When key usage permissions were changed at the key provider, time-based key reauthorization logic in...

Encrypt - Moderately Critical - Weak Encryption - SA-CONTRIB-2015-166

This module enables you to encrypt data within Drupal using a user-configurable encryption method and key provider. The module did not sufficiently validate good configurations and api usage resulting in multiple potential weaknesses depending on module usage. The default encryption method could...