11 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-49844
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper encoding of non-finite floating-point values during MapMessage JSON serialization in Apache Log4j API produces output that is not valid JSON. This issu...
CVE-2026-49844 Apache Log4j API: Improper serialization of non-finite floating-point values in MapMessage.asJson()
Improper encoding of non-finite floating-point values during MapMessage JSON serialization in Apache Log4j API produces output that is not valid JSON. This issue affects Apache Log4j API versions 2.13.1 through 2.25.4 and version 2.26.0. The fix for CVE-2026-34481 did not cover all code paths: wh...
CVE-2026-52957
A flaw was found in the Linux kernel's libceph component. When processing a CEPHMSGOSDMAP message containing a specially crafted CRUSH map, a remote attacker could potentially trigger a null pointer dereference. This issue arises during the decoding of crushchooseargmap if a bucketindex refers to...
CVE-2026-52955
A flaw was found in the libceph component of the Linux kernel. A remote attacker could send a specially crafted CEPHMSGOSDMAP message where two internal fields, alg and b-alg, contain differing bucket algorithm values. This discrepancy can lead to an out-of-bounds memory access during processing ...
CVE-2026-52955
The CVE-2026-52955 vulnerability affects the Linux kernel’s libceph crush_decode(). A CEPH_MSG_OSD_MAP containing a crush map with at least one bucket could have two bucket algorithm fields (alg and b->alg) that differ, leading to potential out-of-bounds access during allocation or destruction...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the JmsBinding.extractBodyFromJms function in camel-jms and it's equivalents in camel-sjms that does not apply any ObjectInputFilter. An attacker can execute arbitrary code by sending a crafted JMS...
EUVD-2026-21412
Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values NaN, Infinity, or -Infinity, which are prohibited by RFC 8259. Th...
Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayout
Apache Log4j's JsonTemplateLayout, in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values NaN, Infinity, or -Infinity, which are prohibited by RFC 8259. This may cause downstream log processing systems to reject or fail to ind...
CVE-2026-34481 Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayout
Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values NaN, Infinity, or -Infinity, which are prohibited by RFC 8259. Th...
CVE-2025-38341 eth: fbnic: avoid double free when failing to DMA-map FW msg
In the Linux kernel, the following vulnerability has been resolved: eth: fbnic: avoid double free when failing to DMA-map FW msg The semantics are that caller of fbnicmbxmapmsg retains the ownership of the message on error. All existing callers dutifully free the page...
SUSE CVE-2020-9430
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the WiMax DLMAP dissector could crash. This was addressed in plugins/epan/wimax/msgdlmap.c by validating a length field...