9 matches found
CVE-2026-52957
A flaw was found in the Linux kernel's libceph component. When processing a CEPHMSGOSDMAP message containing a specially crafted CRUSH map, a remote attacker could potentially trigger a null pointer dereference. This issue arises during the decoding of crushchooseargmap if a bucketindex refers to...
CVE-2026-52955
A flaw was found in the libceph component of the Linux kernel. A remote attacker could send a specially crafted CEPHMSGOSDMAP message where two internal fields, alg and b-alg, contain differing bucket algorithm values. This discrepancy can lead to an out-of-bounds memory access during processing ...
CVE-2026-52955
The CVE-2026-52955 vulnerability affects the Linux kernel’s libceph crush_decode(). A CEPH_MSG_OSD_MAP containing a crush map with at least one bucket could have two bucket algorithm fields (alg and b->alg) that differ, leading to potential out-of-bounds access during allocation or destruction...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the JmsBinding.extractBodyFromJms function in camel-jms and it's equivalents in camel-sjms that does not apply any ObjectInputFilter. An attacker can execute arbitrary code by sending a crafted JMS...
EUVD-2026-21412
Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values NaN, Infinity, or -Infinity, which are prohibited by RFC 8259. Th...
Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayout
Apache Log4j's JsonTemplateLayout, in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values NaN, Infinity, or -Infinity, which are prohibited by RFC 8259. This may cause downstream log processing systems to reject or fail to ind...
CVE-2026-34481 Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayout
Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values NaN, Infinity, or -Infinity, which are prohibited by RFC 8259. Th...
CVE-2025-38341 eth: fbnic: avoid double free when failing to DMA-map FW msg
In the Linux kernel, the following vulnerability has been resolved: eth: fbnic: avoid double free when failing to DMA-map FW msg The semantics are that caller of fbnicmbxmapmsg retains the ownership of the message on error. All existing callers dutifully free the page...
SUSE CVE-2020-9430
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the WiMax DLMAP dissector could crash. This was addressed in plugins/epan/wimax/msgdlmap.c by validating a length field...