Security Bulletin: Due to the use of c3p0, IBM webMethods BPM is vulnerable to attack via maliciously crafted Java-serialized objects (CVE-2026-27830)

Summary IBM webMethods BPM includes the standalone utility which includes the vulnerable component c3p0. The tool operates as a standalone utility and is not part of the main runtime environments. Vulnerability Details CVEID:CVE-2026-27830 DESCRIPTION: c3p0, a JDBC Connection pooling library, is...

CVE-2026-43498

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Disallow re-exporting imported GEM objects Prevent re-exporting of imported GEM buffers by adding a custom primehandletofd callback that checks if the object is imported and returns -EOPNOTSUPP if so. Re-exporting...

EUVD-2026-31272

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Disallow re-exporting imported GEM objects Prevent re-exporting of imported GEM buffers by adding a custom primehandletofd callback that checks if the object is imported and returns -EOPNOTSUPP if so. Re-exporting...

Linux Distros Unpatched Vulnerability : CVE-2021-47952

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSO...

F5 Networks BIG-IP : iControl REST and tmsh vulnerability (K000160981)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000160981 advisory. A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of a check to re-export GEM objects in accel/ivpu. This could lead to the loss of buffer...

F5 Networks BIG-IP : BIG-IP privilege escalation vulnerability (K000160975)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000160975 advisory. A vulnerability exists in BIG-IP systems where a highly privileged, authenticated attacker with at lea...

F5 Networks BIG-IP : BIG-IP iControl SOAP vulnerability (K000160926)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4 / 21.0.0.1. It is, therefore, affected by a vulnerability as referenced in the K000160926 advisory. An authenticated attacker with the Resource Administrator or Administrator role can create SNMP...

CVE-2026-6366

A flaw was found in Drupal core. This vulnerability, categorized as an Improperly Controlled Modification of Dynamically-Determined Object Attributes, allows for object injection. An attacker could exploit this to potentially manipulate application logic or achieve other impacts depending on the...

Deserialization of Untrusted Data

Overview net.sf.jasperreports:jasperreports is an open source reporting engine for Java. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the ObjectInputStream subclasses. An attacker can achieve remote code execution on the JVM host by sending a specially...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fixed handling of partial GPU mapping of BOs. This commit fixes the bug in the handling of partial mapping of buffer objects to the GPU, which caused kernel warnings. Panthor did not correctly handle cases where the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Do not allow eviction of BOs within the same VM in an array of VM binds. An array of VM binds may potentially evict other buffer objects BOs within the same VM under certain conditions, which could lead to NULL pointer...

Astra Linux - уязвимость в firefox

An attacker was able to perform out-of-bounds read or write operations on a JavaScript object by exploiting a bug related to range-based bounds checks. This vulnerability affects Firefox versions prior to 124.0.1...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: A memory leak occurs during the stateful object update process. Stateful objects can be updated from the control plane. The transaction logic allocates a temporary object for this purpose. The -init function ...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/i915/ttm: fixed handling of CCS Crucible + recent Mesa sometimes causes the following issue: GEMBUGONnumccsblks NUMCCSBLKSPERXFER It seems that this issue can also be triggered with gemlmemswapping, if we modify the tests ...

Astra Linux - уязвимость в git

Git is an open-source, scalable, distributed version control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are vulnerable to exposure of sensitive information by malicious actors. When performing a local clone where the source and target of the clone...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fixed the memory leak of PBLE objects. In the case of rmmod for irdma, the memory of PBLE objects is not freed. PBLE objects’ memory is not statically allocated at the time of function initialization—unlike other HMC...

Astra Linux - уязвимость в bouncycastle

Bouncy Castle for Java before version 1.73 contains a potential Denial of Service DoS issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM-encoded streams containing X.509 certificates, PKCS8-encoded keys, and PKCS7 objects. Parsing a file that...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: PCI/DOE: Fixed a memory leak when CONFIGDEBUGOBJECTS=y is enabled. After a pcidoetask completes, its workstruct needs to be destroyed to avoid a memory leak when CONFIGDEBUGOBJECTS=y is set...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/xe/sync: Cleanup of partially initialized sync objects occurs during parse failures. The function xesyncentryparse can allocate references such as syncobjs, fences, chain fences, or user fences before encountering subsequent...