PT-2026-46036

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description Certain physical adapters on Power systems fail to support segmentation offload when the Maximum Segment Size MSS is less than 224 bytes. When the hardware attempts to perform segmentati...

Security Bulletin: This Power System update is being released to address CVE-2026-22796

Summary This impacts the FSP administrator function to upload a certificate or firmware image. Uploading a malicious digitally-signed file may cause the FSP the become unavailable. Vulnerability Details CVEID:CVE-2026-22796 DESCRIPTION: Issue summary: A type confusion vulnerability exists in the...

CVE-2026-26289

PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions only...

CVE-2026-35555 Subnet Solutions PowerSYSTEM Center Incorrect Authorization

PowerSYSTEM Center feature for device project groups allows an authenticated user with limited permissions to perform an unauthorized deletion of project groups...

Security Bulletin: This Power System update is being released to address CVE-2025-38556

Summary The affects the Universal Serial Bus USB ports of the system's management interface. Vulnerability Details CVEID:CVE-2025-38556 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: HID: core: Harden s32ton against conversion to 0 bits Testing by the syzbot fuzz...

Security Bulletin: This Power System update is being released to address CVE-2025-38556

Summary This affects the system management Universal Serial Bus USB interface. Vulnerability Details CVEID:CVE-2025-38556 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: HID: core: Harden s32ton against conversion to 0 bits Testing by the syzbot fuzzer showed that...

CVE-2025-36194 This Power System update is being released to address

IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 may expose a limited amount of data to a peer partition in specific shared processor configurations during certain operations...

CVE-2025-36194

Summary: CVE-2025-36194 affects IBM PowerVM Hypervisor. The hypervisor may expose a limited amount of data to a peer partition in specific shared processor configurations during certain operations. Affected versions: PowerVM Hypervisor FW1110.00–FW1110.03, FW1060.00–FW1060.51, and FW950.00–FW950....

Security Bulletin: This Power System update is being released to address CVE-2025-52497

Summary When Linux Secure Boot is enabled, a malformed public key certificate in the grubdb or grubdbx can cause a DoS blocking Linux partition boot or make a limited amount of partition memory available. Vulnerability Details CVEID:CVE-2025-52497 DESCRIPTION: Mbed TLS before 3.6.4 has a PEM...

Security Bulletin: This Power System update is being released to address CVE-2025-49087

Summary Mbed-TLS is used by partition firmware for Linux secure boot. This update is being released to mitigate any potential impacts to Linux partitions with secure boot enabled. Vulnerability Details CVEID:CVE-2025-49087 DESCRIPTION: In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing...

Security Bulletin: This Power System update is being released to address CVE-2025-36238

Summary If an attacker is able to gain system administrator access a Virtual TPM can be compromised through the use of a series of PowerVM service procedures. Vulnerability Details CVEID:CVE-2025-36238 DESCRIPTION: IBM PowerVM Hypervisor could allow a local user with administration privileges to...

MiracleLinux 7 : glibc-2.17-106.el7.4 (AXSA:2016-096:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-096:01 advisory. The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as t...

EUVD-2021-16321

Malware in sbrugna...

CVE-2025-42958

Due to a missing authentication check in the SAP NetWeaver application on IBM i-series, the application allows high privileged unauthorized users to read, modify, or delete sensitive information, as well as access administrative or privileged functionalities. This results in a high impact on the...

Security Bulletin: This Power System update is being released to address CVE-2023-1206

Summary The Linux kernel is used by the Virtualization Management Interface in PowerVM to support network communication with the Hardware Management Console. This bulletin provides a remediation for the impacted vulnerability, CVE-2023-1206, by upgrading PowerVM and thus addressing the exposure t...

Security Bulletin: This Power System update is being released to address CVE-2024-35857

Summary The Linux kernel is used by the Virtualization Management Interface in PowerVM to support network communication with the Hardware Management Console. This bulletin provides a remediation for the impacted vulnerability, CVE-2024-35857, by upgrading PowerVM and thus addressing the exposure ...

Security Bulletin: This Power System update is being released to address CVE-2025-0395

Summary The Linux kernel is used by the Virtualization Management Interface in PowerVM to support network communication with the Hardware Management Console and by the Runtime Processor Diagnostics in PowerVM. This bulletin provides a remediation for the impacted vulnerability, CVE-2025-0395, by...

CVE-2025-48059

PowSyBl Power System Blocks is a framework to build power system oriented software. In com.powsybl:powsybl-iidm-criteria versions 6.3.0 to before 6.7.2 and com.powsybl:powsybl-contingency-api versions 5.0.0 to before 6.3.0, there is a a potential polynomial Regular Expression Denial of Service...

Security Bulletin: This Power System update is being released to address CVE-2025-0395

Summary The Linux kernel is used by the Virtualization Management Interface in PowerVM to support network communication with the Hardware Management Console and by the Runtime Processor Diagnostics in PowerVM. This bulletin provides a remediation for the impacted vulnerability, CVE-2025-0395, by...

com.farao-community.farao:csa-runner-app (>=1.2.1 <=2.6.1), com.farao-community.farao:farao-crac-creator-cim (>=4.6.1 <=5.0.0) +41 more potentially affected by CVE-2025-47293 via com.powsybl:powsybl-cgmes-model (>=6.0.0-RC1 <=6.7.1)

com.powsybl:powsybl-cgmes-model MAVEN version =6.0.0-RC1, =1.2.1, =4.6.1, =4.6.1, =1.27.0, =1.27.0, =1.18.0, =1.18.0, =1.14.0, =1.18.0, =6.1.0, =5.0.1, =6.1.0, =5.0.1, =6.5.0 and more Source cves: CVE-2025-47293 Source advisory: SNYK:JAVA-COMPOWSYBL-10442133...