6088 matches found
SUSE-SU-2026:0674-1 Security update for the Linux Kernel RT (Live Patch 0 for SUSE Linux Enterprise 15 SP7)
This update for the SUSE Linux Enterprise kernel 6.4.0-150700.5 fixes one security issue The following security issue was fixed: - CVE-2025-38129: pagepool: fix use-after-free in pagepoolrecycleinring bsc1258139...
SUSE CVE-2026-27830
c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and javax.naming.Reference instances. Several c3p0 ConnectionPoolDataSource implementations have a property called userOverridesAsString which conceptually represents a Map. Prior to...
Oracle Linux 9 : kernel (ELSA-2026-3066)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-3066 advisory. - pagepool: Fix use-after-free in pagepoolrecycleinring Paolo Abeni RHEL-137841 CVE-2025-38129 Tenable has extracted the preceding description block...
Deserialization of Untrusted Data
Overview com.mchange:c3p0 is a mature, highly concurrent JDBC Connection pooling library, with support for caching and reuse of PreparedStatements. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the userOverridesAsString property of...
CVE-2026-27830 c3p0 vulnerable to Remote Code Execution via unsafe deserialization of userOverridesAsString property
c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and javax.naming.Reference instances. Several c3p0 ConnectionPoolDataSource implementations have a property called userOverridesAsString which conceptually represents a Map. Prior to...
Oracle Linux 8 : kernel (ELSA-2026-3083)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-3083 advisory. - autofs: fix memory leak of waitqueues in autofscatatonicmode Ian Kent RHEL-143685 CVE-2023-54134 - bridge: mcast: Fix use-after-free during router po...
c3p0 代码问题漏洞
c3p0 is an open-source JDBC connection pool library developed by Steve Waldman. Versions of c3p0 prior to 0.12.0 had code vulnerabilities, which stemmed from improper deserialization and could lead to the execution of arbitrary code...
GHSA-5476-XC4J-RQCV c3p0 vulnerable to Remote Code Execution via unsafe deserialization of userOverridesAsString property
Impact c3p0 is vulnerable to attack via maliciously crafted Java-serialized objects and javax.naming.Reference instances. Several c3p0 ConnectionPoolDataSource implementations have a property called userOverridesAsString which conceptually represents a Map. Prior to v0.12.0, that property was...
PT-2026-22063
Name of the Vulnerable Software and Affected Versions c3p0 versions prior to 0.12.0 Description c3p0, a JDBC Connection pooling library, is susceptible to attack through maliciously crafted Java-serialized objects and javax.naming.Reference instances. Specifically, the userOverridesAsString...
kernel security update
5.14.0-611.35.1 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug:...
Important: Red Hat Security Advisory: kernel-rt security update
An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
kernel: Linux kernel: Use-after-free vulnerability in page_pool_recycle_in_ring can lead to arbitrary code execution
A flaw was found in the Linux kernel. This vulnerability, known as a use-after-free UAF, occurs in the pagepoolrecycleinring function. A local attacker could exploit this by manipulating the system's memory management, causing a freed memory region to be improperly accessed. This can lead to syst...
Important: Red Hat Security Advisory: kernel security update
An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
kernel: Linux kernel: Use-after-free vulnerability in page_pool_recycle_in_ring can lead to arbitrary code execution
A flaw was found in the Linux kernel. This vulnerability, known as a use-after-free UAF, occurs in the pagepoolrecycleinring function. A local attacker could exploit this by manipulating the system's memory management, causing a freed memory region to be improperly accessed. This can lead to syst...
kernel: Linux kernel: Use-after-free vulnerability in page_pool_recycle_in_ring can lead to arbitrary code execution
A flaw was found in the Linux kernel. This vulnerability, known as a use-after-free UAF, occurs in the pagepoolrecycleinring function. A local attacker could exploit this by manipulating the system's memory management, causing a freed memory region to be improperly accessed. This can lead to syst...
Moderate: Red Hat Security Advisory: kernel security update
An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
Important: kernel-rt security update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: pagepool: Fix use-after-free in pagepoolrecycleinring CVE-2025-38129 kernel: Linux kernel:A use-after-free in bridge multicast in...
Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: pagepool: Fix use-after-free in pagepoolrecycleinring CVE-2025-38129 kernel: Linux kernel:A use-after-free in bridge multicast in brmulticastportctxinit CVE-2025-38248 kernel: smc: Fix...
ALSA-2026:3110 Important: kernel-rt security update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: pagepool: Fix use-after-free in pagepoolrecycleinring CVE-2025-38129 kernel: Linux kernel:A use-after-free in bridge multicast in...
ALSA-2026:3083 Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: pagepool: Fix use-after-free in pagepoolrecycleinring CVE-2025-38129 kernel: Linux kernel:A use-after-free in bridge multicast in brmulticastportctxinit CVE-2025-38248 kernel: smc: Fix...