33 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-49844
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper encoding of non-finite floating-point values during MapMessage JSON serialization in Apache Log4j API produces output that is not valid JSON. This issu...
EUVD-2026-43102
Improper encoding of non-finite floating-point values during MapMessage JSON serialization in Apache Log4j API produces output that is not valid JSON. This issue affects Apache Log4j API versions 2.13.1 through 2.25.4 and version 2.26.0. The fix for CVE-2026-34481 did not cover all code paths: wh...
CVE-2026-49844
Improper encoding of non-finite floating-point values during MapMessage JSON serialization in Apache Log4j API produces output that is not valid JSON. This issue affects Apache Log4j API versions 2.13.1 through 2.25.4 and version 2.26.0. The fix for CVE-2026-34481 did not cover all code paths: wh...
CVE-2026-49844 Apache Log4j API: Improper serialization of non-finite floating-point values in MapMessage.asJson()
Improper encoding of non-finite floating-point values during MapMessage JSON serialization in Apache Log4j API produces output that is not valid JSON. This issue affects Apache Log4j API versions 2.13.1 through 2.25.4 and version 2.26.0. The fix for CVE-2026-34481 did not cover all code paths: wh...
CVE-2026-49844
CVE-2026-49844 describes an issue in the Apache Log4j API where MapMessage.asJson() can emit non-finite IEEE 754 values (NaN, Infinity, -Infinity) as bare tokens during JSON serialization. This affects Log4j API versions 2.13.1–2.25.4 and 2.26.0. The fault occurs when a MapMessage contains an att...
PT-2026-57319
Name of the Vulnerable Software and Affected Versions Apache Log4j API versions 2.13.1 through 2.25.4 Apache Log4j API version 2.26.0 Description Improper encoding of non-finite IEEE 754 floating-point values NaN, Infinity, or -Infinity during MapMessage JSON serialization produces output that is...
Improper Validation of Specified Type of Input
Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input due to improper validation of the temperature parameter while sampling. An attacker can cause the...
SUSE SLED15 / SLES15 Security Update : log4j (SUSE-SU-2026:1843-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1843-1 advisory. - CVE-2026-34477: TLS connections vulnerable to interception due to incomplete hostname verification...
Security update for log4j
This update for log4j fixes the following issues: CVE-2026-34477: TLS connections vulnerable to interception due to incomplete hostname verification configuration checks bsc1262050. CVE-2026-34479: silent log event loss due to improper XML escaping in Log4j1XmlLayout bsc1262091. CVE-2026-34480:...
SUSE-SU-2026:1843-1 Security update for log4j
This update for log4j fixes the following issues: - CVE-2026-34477: TLS connections vulnerable to interception due to incomplete hostname verification configuration checks bsc1262050. - CVE-2026-34479: silent log event loss due to improper XML escaping in Log4j1XmlLayout bsc1262091. -...
Improper Validation of Specified Quantity in Input
Overview Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input via the emission of non-finite color values in the content stream. An attacker can cause PDF viewers to reject the content stream, affected page, or entire document by supplying special...
oxidize-pdf: NaN/inf bypass in colour content-stream emission causes PDF rejection (DoS)
Impact oxidize-pdf defines Color as a pub enum with public tuple-struct variants Rgbf64, f64, f64, Grayf64, and Cmykf64, f64, f64, f64. The constructors Color::rgb, Color::gray, and Color::cmyk clamp incoming components to 0.0, 1.0, but because the variants are pub, callers can construct values...
Improper Validation of Specified Quantity in Input
Overview oxidize-pdf is a Python bindings for oxidize-pdf — generate, parse, split, merge, and manipulate PDF files Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input via the emission of non-finite color values in the content stream. An attacker...
SUSE CVE-2026-34481
Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values NaN, Infinity, or -Infinity, which are prohibited by RFC 8259. Th...
Linux Distros Unpatched Vulnerability : CVE-2026-34481
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces inval...
Improper Output Handling
Apache Log4j is vulnerable to Improper Output Handling. The vulnerability is due to JsonTemplateLayout generating invalid JSON when processing non-finite floating-point values e.g., NaN, Infinity, which are not compliant with RFC 8259, allowing attacker-controlled data in log events to produce...
EUVD-2026-21412
Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values NaN, Infinity, or -Infinity, which are prohibited by RFC 8259. Th...
GHSA-W35J-PV5H-Q9Q9 Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayout
Apache Log4j's JsonTemplateLayout, in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values NaN, Infinity, or -Infinity, which are prohibited by RFC 8259. This may cause downstream log processing systems to reject or fail to ind...
Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayout
Apache Log4j's JsonTemplateLayout, in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values NaN, Infinity, or -Infinity, which are prohibited by RFC 8259. This may cause downstream log processing systems to reject or fail to ind...
Improper Encoding or Escaping of Output
Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output when JsonTemplateLayout logs a MapMessage. An attacker can cause downstream log processing systems to reject or fail to index affected records by supplying non-finite floating-point values such as...