Lucene search
K

29 matches found

Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-55223

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - c3p0 is a JDBC Connection pooling library. In versions prior to 0.14.0, c3p0 in combination with other libraries, can compose to a sink for deserialization...

6.3CVSS5.9AI score0.00284EPSS
Exploits0References3
OSV
OSV
added 2026/06/30 11:17 p.m.4 views

UBUNTU-CVE-2026-55223

c3p0 is a JDBC Connection pooling library. In versions prior to 0.14.0, c3p0 in combination with other libraries, can compose to a "sink" for deserialization gadgets. The JDBC spec's DataSource.getConnection and ConnectionPoolDataSource.getPooledConnection match the getXXX form, so JavaBean...

6.3CVSS5.7AI score0.00284EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.10 views

PT-2026-54435

Name of the Vulnerable Software and Affected Versions c3p0 versions prior to 0.14.0 Description c3p0, a JDBC Connection pooling library, can act as a sink for deserialization gadgets when used with other libraries. The DataSource.getConnection and ConnectionPoolDataSource.getPooledConnection...

6.3CVSS5.8AI score0.00284EPSS
Exploits0References9
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 1:11 p.m.4 views

Security Bulletin: Vulnerability in node-tar affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in node-tar has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

8.9CVSS7.4AI score0.00534EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/26 5:14 p.m.10 views

Security Bulletin: Due to the use of c3p0, IBM webMethods BPM is vulnerable to attack via maliciously crafted Java-serialized objects (CVE-2026-27830)

Summary IBM webMethods BPM includes the standalone utility which includes the vulnerable component c3p0. The tool operates as a standalone utility and is not part of the main runtime environments. Vulnerability Details CVEID:CVE-2026-27830 DESCRIPTION: c3p0, a JDBC Connection pooling library, is...

8.9CVSS6.1AI score0.00534EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/16 1:8 p.m.9 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses c3p0-0.11.2.jar and mchange-commons-java-0.3.2.jar which are vulnerable to CVE-2026-27830 and CVE-2026-27727.

Summary IBM Maximo Application Suite - Monitor Component uses c3p0-0.11.2.jar and mchange-commons-java-0.3.2.jar which are vulnerable to CVE-2026-27830 and CVE-2026-27727. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-27727 DESCRIPTION:...

9.8CVSS6.1AI score0.00812EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 7:25 a.m.7 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses c3p0-0.11.2.jar and mchange-commons-java-0.3.2.jar which are vulnerable to CVE-2026-27830 and CVE-2026-27727.

Summary IBM Maximo Application Suite - Monitor Component uses c3p0-0.11.2.jar and mchange-commons-java-0.3.2.jar which are vulnerable to CVE-2026-27830 and CVE-2026-27727. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-27830 DESCRIPTION: c3p0...

9.8CVSS6.2AI score0.00812EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/02 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-27830

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and javax.naming.Reference instances. Several...

8.9CVSS7.7AI score0.00534EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2026/02/26 3:13 a.m.7 views

be.yildiz-games:module-database-pool-c3p0 (=1.0.1), com.codbex.atlas:codbex-atlas-application (>=1.1.0 <=2.97.0) +109 more potentially affected by CVE-2026-27830 via com.mchange:c3p0 (>=0.10.0-pre2 <=0.11.2)

com.mchange:c3p0 MAVEN version =0.10.0-pre2, =1.1.0, =2.55.0, =1.0.5, =1.1.0, =1.1.0, =1.1.0, =0.2.0, =1.1.0, =4.1.2, =3.4.5, =5.0.4, =6.0.3 and more Source cves: CVE-2026-27830 Source advisory: SNYK:JAVA-COMMCHANGE-15353395...

8.9CVSS7.4AI score0.00534EPSS
Exploits0
OSV
OSV
added 2026/02/26 1:16 a.m.5 views

UBUNTU-CVE-2026-27830

c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and javax.naming.Reference instances. Several c3p0 ConnectionPoolDataSource implementations have a property called userOverridesAsString which conceptually represents a Map. Prior to...

8.9CVSS7.5AI score0.00534EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/02/26 12:45 a.m.5 views

CVE-2026-27830 c3p0 vulnerable to Remote Code Execution via unsafe deserialization of userOverridesAsString property

c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and javax.naming.Reference instances. Several c3p0 ConnectionPoolDataSource implementations have a property called userOverridesAsString which conceptually represents a Map. Prior to...

8.9CVSS7.4AI score0.00534EPSS
Exploits0References5
CVE
CVE
added 2026/02/26 12:45 a.m.124 views

CVE-2026-27830

CVE-2026-27830 affects the c3p0 JDBC connection pool. Before 0.12.0, the property userOverridesAsString was stored as a hex-encoded serialized object, enabling an attacker to reset it and trigger deserialization that could load code from a remote factoryClassLocation via embedded JNDI references....

8.9CVSS6.1AI score0.00534EPSS
Exploits0References14
OSV
OSV
added 2026/02/26 12:45 a.m.5 views

CVE-2026-27830 c3p0 vulnerable to Remote Code Execution via unsafe deserialization of userOverridesAsString property

c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and javax.naming.Reference instances. Several c3p0 ConnectionPoolDataSource implementations have a property called userOverridesAsString which conceptually represents a Map. Prior to...

8.9CVSS6.2AI score0.00534EPSS
Exploits0References16
UbuntuCve
UbuntuCve
added 2026/02/26 12:0 a.m.6 views

CVE-2026-27830

c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and javax.naming.Reference instances. Several c3p0 ConnectionPoolDataSource implementations have a property called userOverridesAsString which conceptually represents a Map. Prior to...

8.9CVSS6.2AI score0.00534EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/02/25 6:35 p.m.10 views

c3p0 vulnerable to Remote Code Execution via unsafe deserialization of userOverridesAsString property

Impact c3p0 is vulnerable to attack via maliciously crafted Java-serialized objects and javax.naming.Reference instances. Several c3p0 ConnectionPoolDataSource implementations have a property called userOverridesAsString which conceptually represents a Map. Prior to v0.12.0, that property was...

8.9CVSS6.1AI score0.00534EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.8 views

PT-2026-22063

Name of the Vulnerable Software and Affected Versions c3p0 versions prior to 0.12.0 Description c3p0, a JDBC Connection pooling library, is susceptible to attack through maliciously crafted Java-serialized objects and javax.naming.Reference instances. Specifically, the userOverridesAsString...

9.8CVSS6.3AI score0.00812EPSS
Exploits1References23
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-0409

Malware in sbrugna...

7.5CVSS7AI score0.04882EPSS
Exploits1References16
Tenable Nessus
Tenable Nessus
added 2025/06/18 12:0 a.m.8 views

Ubuntu 14.04 LTS : c3p0 vulnerability (USN-7571-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-7571-1 advisory. Aaron Massey discovered that c3p0 could be made to crash when parsing certain input. An attacker able to modify the applications XML configuration file could...

7.5CVSS6.9AI score0.04882EPSS
Exploits1References2
OSV
OSV
added 2025/06/16 1:40 p.m.3 views

USN-7571-1 c3p0 vulnerability

Aaron Massey discovered that c3p0 could be made to crash when parsing certain input. An attacker able to modify the application’s XML configuration file could possibly use this issue to cause a denial of service...

7.5CVSS6.7AI score0.04882EPSS
Exploits1References2
Ubuntu
Ubuntu
added 2025/06/16 1:40 p.m.6 views

USN-7571-1: c3p0 vulnerability

Aaron Massey discovered that c3p0 could be made to crash when parsing certain input. An attacker able to modify the application’s XML configuration file could possibly use this issue to cause a denial of service...

7.5CVSS7AI score0.04882EPSS
Exploits1
Rows per page
Query Builder