Security Bulletin: This Power System update is being released to address CVE-2026-22796

Summary This impacts the BMC administrator function to upload a certificate or firmware image. Uploading a malicious digitally-signed file may cause the BMC the become unavailable. Vulnerability Details CVEID:CVE-2026-22796 DESCRIPTION: Issue summary: A type confusion vulnerability exists in the...

Security Bulletin: This Power System update is being released to address CVE-2026-22796

Summary This impacts the FSP administrator function to upload a certificate or firmware image. Uploading a malicious digitally-signed file may cause the FSP the become unavailable. Vulnerability Details CVEID:CVE-2026-22796 DESCRIPTION: Issue summary: A type confusion vulnerability exists in the...

Security Bulletin: This Power System update is being released to address CVE-2026-22796

Summary PowerVM relies on OpenSSL to support a range of features, such as virtual TPM, LPM, and other functionalities that require cryptographic operations. This bulletin provides a remediation for the impacted vulnerability, CVE-2026-22796 by upgrading PowerVM and thus addressing the exposure to...

SUSE CVE-2026-22796

Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS7 data where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS7 data. Impact summary: An application...

OpenSSL 3.5.0 < 3.5.5 Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 3.5.5. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.5.5 advisory. - Issue summary: If an application using the SSLCIPHERfind function in a QUIC protocol client or server receives an unknown cipher sui...

MiracleLinux 7 : openssl-1.0.2k-26.0.4.el7.AXS7 (AXSA:2025-10514:03)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10514:03 advisory. CVE-2019-1563: fix information disclosure in PKCS7dataDecode and CMSdecryptset1pkey CVEs: CVE-2019-1563 In situations where an attacker receives automated...

OpenSSL PKCS7_dataDecode Function Denial of Service Vulnerability

OpenSSL is an open source implementation of SSL used to enable strong encryption of network communications and is now widely used in a variety of web applications. A security vulnerability exists in the 'PKCS7dataDecode' function in the crypto/pkcs7/pk7doit.c file of OpenSSL. A remote attacker ca...