EUVD-2026-2022

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, AES/CBC/PKCS5Padding lacks authentication, making it vulnerable to padding oracle attacks and ciphertext manipulation. This vulnerability is fixed in 2.2...

AZL-74357 CVE-2025-68798 affecting package kernel for versions less than 6.6.121.1-1

In the Linux kernel, the following vulnerability has been resolved: perf/x86/amd: Check event before enable to avoid GPF On AMD machines cpuc-eventsidx can become NULL in a subtle race condition with NMI-throttle-x86pmustop. Check event for NULL in amdpmuenableall before enable to avoid a GPF. Th...

CVE-2025-68798

In the Linux kernel, the following vulnerability has been resolved: perf/x86/amd: Check event before enable to avoid GPF On AMD machines cpuc-eventsidx can become NULL in a subtle race condition with NMI-throttle-x86pmustop. Check event for NULL in amdpmuenableall before enable to avoid a GPF. Th...

UBUNTU-CVE-2025-68798

In the Linux kernel, the following vulnerability has been resolved: perf/x86/amd: Check event before enable to avoid GPF On AMD machines cpuc-eventsidx can become NULL in a subtle race condition with NMI-throttle-x86pmustop. Check event for NULL in amdpmuenableall before enable to avoid a GPF. Th...

CVE-2025-68798 perf/x86/amd: Check event before enable to avoid GPF

In the Linux kernel, the following vulnerability has been resolved: perf/x86/amd: Check event before enable to avoid GPF On AMD machines cpuc-eventsidx can become NULL in a subtle race condition with NMI-throttle-x86pmustop. Check event for NULL in amdpmuenableall before enable to avoid a GPF. Th...

CVE-2025-68798

CVE-2025-68798: Linux kernel AMD perf event hotpath GPF in amd_pmu_enable_all due to a race where cpuc->events[idx] could be NULL. The patch adds a NULL check in amd_pmu_enable_all() before enabling events to avoid a general protection fault (GPF). Public writeups in the connected OSV update c...

Astra Linux - уязвимость в linux-6.12

In the Linux kernel, the following vulnerability has been resolved: iommu/amd/pgtbl: Fix possible race while increase page table level The AMD IOMMU host page table implementation supports dynamic page table levels up to 6 levels, starting with a 3-level configuration that expands based on IOVA...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Ensure that the XFD state is preserved during signal delivery. Sean reported the following error when running KVM tests: WARNING: CPU: 232 PID: 15391 at xfdvalidatestate+0x65/0x70 Call Trace: fpuclearuserstates+0x9c/0x10...

Security Bulletin: IBM B2B Advanced Communications is affected by vulnerability in XStream

Summary IBM B2B Advanced Communications has addressed a vulnerability in XStream library shipped with product CVE-2024-47072. Vulnerability Details CVEID:CVE-2024-47072 DESCRIPTION: XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote...

Security Bulletin: IBM B2B Advanced Communications is affected by vulnerabilities in kjd/idna library

Summary IBM B2B Advanced Communications has addressed vulnerabilities in idna library shipped with product CVE-2024-3651. Vulnerability Details CVEID:CVE-2024-3651 DESCRIPTION: A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version...

ROS-20260113-7360

A vulnerability in the drivers/gpu/drm/amd/display component of the Linux operating system kernel is related to synchronization errors. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20260113-7330

A vulnerability in the dcn32addphantompipes function of the drivers/gpu/drm/amd/display/dc/dcn32/dcn32/dcn32resource.c module of the Direct Rendering Infrastructure DRI support driver for AMD graphics cards in the Linux operating system kernel is related to pointer dereferencing. Exploitation of...

ROS-20260113-7305

A vulnerability in the dcnbwupdatefrompplibfclks function of the Direct Rendering Infrastructure DRI support driver of AMD graphics cards in the Linux operating system kernel is related to integer overflow or cyclic shift. Exploitation of the vulnerability could allow an attacker to cause a denia...

ROS-20260113-7335

A vulnerability in the dcn20setoutputtransferfunc function of the drivers/gpu/drm/amd/display/dc/dcn20/dcn20/dcn20hwseq.c module of the Direct Rendering Infrastructure DRI support driver for AMD graphics cards in the Linux operating system kernel is related to pointer dereferencing. Exploitation ...

Linux Distros Unpatched Vulnerability : CVE-2025-68798

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - perf/x86/amd: Check event before enable to avoid GPF On AMD machines cpuc-eventsidx can become NULL in a subtle race condition with NMI-throttle-x86pmustop. Che...

Jervis 加密问题漏洞

Jervis is an automation tool from the personal developer Sam Gleske. Versions of Jervis prior to 2.2 suffer from a cryptographic issue vulnerability that stems from the lack of authentication in AES/CBC/PKCS5Padding, which makes it susceptible to padded predicate attacks and ciphertext manipulati...

ROS-20260113-7310

A vulnerability in the resourcebuildbitdepthreductionparams function of the Direct Rendering Infrastructure DRI support driver for AMD graphics cards in the Linux operating system kernel is related to pointer dereference. Exploitation of the vulnerability could allow an attacker to cause a denial...

CVE-2005-1866

Cross-site scripting XSS vulnerability in calendar.php in Calendarix Advanced 1.5 allows remote attackers to inject arbitrary web script or HTML via the year parameter...

CVE-2023-50975

The TD Bank TD Advanced Dashboard client through 3.0.3 for macOS allows arbitrary code execution because of the lack of electron::fuses::IsRunAsNodeEnabled i.e., ELECTRONRUNASNODE can be used in production. This makes it easier for a compromised process to access banking information...

CVE-2023-40068

Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product with the administrative...