Lucene search
K

6088 matches found

OSV
OSV
added 2026/02/27 7:4 a.m.1 views

SUSE-SU-2026:0674-1 Security update for the Linux Kernel RT (Live Patch 0 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise kernel 6.4.0-150700.5 fixes one security issue The following security issue was fixed: - CVE-2025-38129: pagepool: fix use-after-free in pagepoolrecycleinring bsc1258139...

7.8CVSS7.1AI score0.00161EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/02/27 12:24 a.m.3 views

SUSE CVE-2026-27830

c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and javax.naming.Reference instances. Several c3p0 ConnectionPoolDataSource implementations have a property called userOverridesAsString which conceptually represents a Map. Prior to...

8CVSS6AI score0.00534EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/02/27 12:0 a.m.7 views

Oracle Linux 9 : kernel (ELSA-2026-3066)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-3066 advisory. - pagepool: Fix use-after-free in pagepoolrecycleinring Paolo Abeni RHEL-137841 CVE-2025-38129 Tenable has extracted the preceding description block...

7.8CVSS7.3AI score0.00161EPSS
Exploits0References3
Snyk
Snyk
added 2026/02/26 3:13 a.m.6 views

Deserialization of Untrusted Data

Overview com.mchange:c3p0 is a mature, highly concurrent JDBC Connection pooling library, with support for caching and reuse of PreparedStatements. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the userOverridesAsString property of...

8.9CVSS6.7AI score0.00534EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/26 12:45 a.m.31 views

CVE-2026-27830 c3p0 vulnerable to Remote Code Execution via unsafe deserialization of userOverridesAsString property

c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and javax.naming.Reference instances. Several c3p0 ConnectionPoolDataSource implementations have a property called userOverridesAsString which conceptually represents a Map. Prior to...

8.9CVSS0.00534EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/02/26 12:0 a.m.23 views

Oracle Linux 8 : kernel (ELSA-2026-3083)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-3083 advisory. - autofs: fix memory leak of waitqueues in autofscatatonicmode Ian Kent RHEL-143685 CVE-2023-54134 - bridge: mcast: Fix use-after-free during router po...

7.8CVSS6.7AI score0.00248EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/02/26 12:0 a.m.8 views

c3p0 代码问题漏洞

c3p0 is an open-source JDBC connection pool library developed by Steve Waldman. Versions of c3p0 prior to 0.12.0 had code vulnerabilities, which stemmed from improper deserialization and could lead to the execution of arbitrary code...

8.9CVSS7.5AI score0.00534EPSS
Exploits0References6
OSV
OSV
added 2026/02/25 6:35 p.m.5 views

GHSA-5476-XC4J-RQCV c3p0 vulnerable to Remote Code Execution via unsafe deserialization of userOverridesAsString property

Impact c3p0 is vulnerable to attack via maliciously crafted Java-serialized objects and javax.naming.Reference instances. Several c3p0 ConnectionPoolDataSource implementations have a property called userOverridesAsString which conceptually represents a Map. Prior to v0.12.0, that property was...

8.9CVSS6.2AI score0.00534EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.8 views

PT-2026-22063

Name of the Vulnerable Software and Affected Versions c3p0 versions prior to 0.12.0 Description c3p0, a JDBC Connection pooling library, is susceptible to attack through maliciously crafted Java-serialized objects and javax.naming.Reference instances. Specifically, the userOverridesAsString...

9.8CVSS6.3AI score0.00812EPSS
Exploits1References23
Oracle linux
Oracle linux
added 2026/02/24 12:0 a.m.12 views

kernel security update

5.14.0-611.35.1 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug:...

7.8CVSS6.5AI score0.00161EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/02/23 5:45 p.m.12 views

Important: Red Hat Security Advisory: kernel-rt security update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

7.8CVSS6.8AI score0.00248EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/02/23 5:45 p.m.1 views

kernel: Linux kernel: Use-after-free vulnerability in page_pool_recycle_in_ring can lead to arbitrary code execution

A flaw was found in the Linux kernel. This vulnerability, known as a use-after-free UAF, occurs in the pagepoolrecycleinring function. A local attacker could exploit this by manipulating the system's memory management, causing a freed memory region to be improperly accessed. This can lead to syst...

7.8CVSS5.8AI score0.00161EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/23 1:25 p.m.6 views

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

7.8CVSS6.7AI score0.00248EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/02/23 1:25 p.m.3 views

kernel: Linux kernel: Use-after-free vulnerability in page_pool_recycle_in_ring can lead to arbitrary code execution

A flaw was found in the Linux kernel. This vulnerability, known as a use-after-free UAF, occurs in the pagepoolrecycleinring function. A local attacker could exploit this by manipulating the system's memory management, causing a freed memory region to be improperly accessed. This can lead to syst...

7.8CVSS5.8AI score0.00161EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/23 10:50 a.m.3 views

kernel: Linux kernel: Use-after-free vulnerability in page_pool_recycle_in_ring can lead to arbitrary code execution

A flaw was found in the Linux kernel. This vulnerability, known as a use-after-free UAF, occurs in the pagepoolrecycleinring function. A local attacker could exploit this by manipulating the system's memory management, causing a freed memory region to be improperly accessed. This can lead to syst...

7.8CVSS5.8AI score0.00161EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/23 10:50 a.m.6 views

Moderate: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

7.8CVSS6.6AI score0.00161EPSS
Exploits0References3
AlmaLinux
AlmaLinux
added 2026/02/23 12:0 a.m.5 views

Important: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: pagepool: Fix use-after-free in pagepoolrecycleinring CVE-2025-38129 kernel: Linux kernel:A use-after-free in bridge multicast in...

7.8CVSS5.6AI score0.00248EPSS
Exploits1References12
AlmaLinux
AlmaLinux
added 2026/02/23 12:0 a.m.6 views

Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: pagepool: Fix use-after-free in pagepoolrecycleinring CVE-2025-38129 kernel: Linux kernel:A use-after-free in bridge multicast in brmulticastportctxinit CVE-2025-38248 kernel: smc: Fix...

7.8CVSS5.5AI score0.00248EPSS
Exploits1References12
OSV
OSV
added 2026/02/23 12:0 a.m.9 views

ALSA-2026:3110 Important: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: pagepool: Fix use-after-free in pagepoolrecycleinring CVE-2025-38129 kernel: Linux kernel:A use-after-free in bridge multicast in...

7.8CVSS5.5AI score0.00248EPSS
Exploits1References12
OSV
OSV
added 2026/02/23 12:0 a.m.7 views

ALSA-2026:3083 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: pagepool: Fix use-after-free in pagepoolrecycleinring CVE-2025-38129 kernel: Linux kernel:A use-after-free in bridge multicast in brmulticastportctxinit CVE-2025-38248 kernel: smc: Fix...

7.8CVSS6.6AI score0.00248EPSS
Exploits1References12
Rows per page
Query Builder