VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
221754 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2026-42006 | redhat_vex | dovecot: Dovecot: Denial of Service via excessive IMAP bracing | known affected: 30 | 2026-07-09T18:46:22+00:00 | Vulnerability · Source |
| CVE-2026-56374 | redhat_vex | ImageMagick: ImageMagick: Denial of Service and Information Disclosure via heap buffer overflow in FTXT encoder | known affected: 14 | 2026-07-09T18:02:07+00:00 | Vulnerability · Source |
| CVE-2026-53422 | redhat_vex | erlang: ssh: Erlang OTP ssh: Information disclosure via SFTP REALPATH handler | fixed: 3 known affected: 42 | 2026-07-09T18:01:53+00:00 | Vulnerability · Source |
| CVE-2026-59998 | redhat_vex | openssh: OpenSSH: Undocumented GSSAPIStrictAcceptorCheck behavior impacts security in Windows Active Directory | fixed: 3 known affected: 41 | 2026-07-09T18:01:51+00:00 | Vulnerability · Source |
| CVE-2026-59995 | redhat_vex | openssh: OpenSSH: sftp client allows attacker to control downloaded file location | fixed: 3 known affected: 41 | 2026-07-09T18:01:51+00:00 | Vulnerability · Source |
| CVE-2026-60000 | redhat_vex | openssh: OpenSSH: Denial of Service via excessive GSSAPI authentication attempts | fixed: 3 known affected: 41 | 2026-07-09T17:43:28+00:00 | Vulnerability · Source |
| CVE-2026-59999 | redhat_vex | openssh: OpenSSH sshd: Security bypass due to incorrect handling of forwarding and tunneling options | fixed: 3 known affected: 41 | 2026-07-09T17:43:26+00:00 | Vulnerability · Source |
| CVE-2026-59997 | redhat_vex | openssh: OpenSSH: SFTP security bypass due to command-line argument parsing flaw | fixed: 3 known affected: 41 | 2026-07-09T17:43:22+00:00 | Vulnerability · Source |
| CVE-2026-60002 | redhat_vex | openssh: OpenSSH: Use-after-free vulnerability during host key re-exchange on the client side | fixed: 3 known affected: 41 | 2026-07-09T17:43:12+00:00 | Vulnerability · Source |
| CVE-2026-54499 | redhat_vex | stanza: Stanza: Remote Code Execution via unsafe deserialization in model loaders | known affected: 6 known not affected: 1 | 2026-07-09T17:43:05+00:00 | Vulnerability · Source |
| CVE-2026-46300 | redhat_vex | kernel: "Fragnesia" is a variant of Dirty Frag vulnerability in the ESP/XFRM leading to Local Privilege Escalation (LPE) vulnerability in the Linux kernel | fixed: 2874 known not affected: 42 | 2026-07-09T17:38:55+00:00 | Vulnerability · Source |
| CVE-2026-43284 | redhat_vex | kernel: "Dirty Frag" ESP XFRM variant is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel | fixed: 3875 known not affected: 42 | 2026-07-09T17:38:49+00:00 | Vulnerability · Source |
| CVE-2026-43037 | redhat_vex | kernel: ip6_tunnel: clear skb2->cb[] in ip4ip6_err() | fixed: 2439 known affected: 33 known not affected: 1 | 2026-07-09T17:38:47+00:00 | Vulnerability · Source |
| CVE-2026-41035 | redhat_vex | rsync: Rsync: Use-after-free vulnerability in extended attribute handling | fixed: 125 known not affected: 69 | 2026-07-09T17:38:45+00:00 | Vulnerability · Source |
| CVE-2026-40164 | redhat_vex | jq: jq: Denial of Service via crafted JSON object causing hash collisions | fixed: 362 | 2026-07-09T17:38:41+00:00 | Vulnerability · Source |
| CVE-2026-39979 | redhat_vex | jq: out-of-bounds read in jv_parse_sized() on error formatting for non-NUL-terminated buffers | fixed: 362 known affected: 2 known not affected: 2 | 2026-07-09T17:38:37+00:00 | Vulnerability · Source |
| CVE-2026-35385 | redhat_vex | OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode | fixed: 1012 known affected: 2 known not affected: 220 under investigation: 1 | 2026-07-09T17:38:36+00:00 | Vulnerability · Source |
| CVE-2026-35535 | redhat_vex | sudo: Sudo: Privilege escalation due to failure in privilege drop calls | fixed: 409 known not affected: 2 | 2026-07-09T17:38:33+00:00 | Vulnerability · Source |
| CVE-2026-41316 | redhat_vex | erb: ERB: Arbitrary code execution via deserialization bypass | fixed: 1349 known affected: 1 known not affected: 30 | 2026-07-09T17:38:08+00:00 | Vulnerability · Source |
| CVE-2026-27851 | redhat_vex | dovecot: Dovecot: SQL/LDAP injection via incorrect safe filter interpretation with variable expansion | known affected: 6 known not affected: 18 | 2026-07-09T16:30:27+00:00 | Vulnerability · Source |
| CVE-2026-35188 | redhat_vex | openssl: Double-free When Checking OCSP Stapled Response | known not affected: 61 | 2026-07-09T16:20:09+00:00 | Vulnerability · Source |
| CVE-2026-60001 | redhat_vex | openssh: OpenSSH: Brute-force attacks facilitated due to insufficient authentication delay | fixed: 3 known affected: 41 | 2026-07-09T15:32:27+00:00 | Vulnerability · Source |
| CVE-2026-34481 | redhat_vex | org.apache.logging.log4j: Apache Log4j JsonTemplateLayout: Denial of Service via invalid JSON output | fixed: 4 known affected: 9 known not affected: 3 | 2026-07-09T15:32:05+00:00 | Vulnerability · Source |
| CVE-2026-50633 | redhat_vex | apache-cxf: org.apache.cxf/cxf-integration-jca: Apache CXF: Arbitrary code execution via JNDI Injection | fixed: 1 known affected: 1 known not affected: 1 | 2026-07-09T15:31:11+00:00 | Vulnerability · Source |
| CVE-2026-50632 | redhat_vex | cxf: org.apache.cxf/cxf-rt-transports-jms: Apache CXF: Arbitrary code execution via untrusted JMS configuration | fixed: 1 known affected: 4 known not affected: 1 | 2026-07-09T15:31:06+00:00 | Vulnerability · Source |
| CVE-2026-50628 | redhat_vex | cxf: org.apache.cxf/cxf-rt-rs-security-oauth2: cxf: Unauthorized access due to logic error in OAuthRequestFilter | fixed: 1 known affected: 4 known not affected: 2 | 2026-07-09T15:31:02+00:00 | Vulnerability · Source |
| CVE-2026-50627 | redhat_vex | apache-cxf: org.apache.cxf/cxf-rt-rs-security-oauth2: Apache CXF: Token Confusion/Routing attacks due to improper validation of JWT audience claims | fixed: 1 known affected: 4 known not affected: 2 | 2026-07-09T15:31:01+00:00 | Vulnerability · Source |
| CVE-2026-50011 | redhat_vex | netty-codec-redis: Netty: Denial of Service via malicious Redis array header | fixed: 1 known affected: 4 known not affected: 1 | 2026-07-09T15:30:56+00:00 | Vulnerability · Source |
| CVE-2026-50010 | redhat_vex | netty-handler: Netty: Improper trust manager handling leads to hostname verification bypass | fixed: 7 known affected: 35 known not affected: 17 | 2026-07-09T15:30:52+00:00 | Vulnerability · Source |
| CVE-2026-49875 | redhat_vex | cxf: org.apache.cxf/cxf-core: Apache CXF: Information disclosure via out-of-band external entity resolution due to missing JAXP hardening | fixed: 2 known affected: 7 | 2026-07-09T15:30:51+00:00 | Vulnerability · Source |
| CVE-2026-48059 | redhat_vex | netty-codec-haproxy: Netty HAProxy PROXY protocol v2 codec: Denial of Service via memory leak from crafted PROXY protocol headers | fixed: 9 known affected: 27 known not affected: 66 | 2026-07-09T15:30:47+00:00 | Vulnerability · Source |
| CVE-2026-48043 | redhat_vex | netty-codec-http2: netty-codec-http2: Denial of Service due to resource leak | fixed: 21 known affected: 33 known not affected: 56 | 2026-07-09T15:30:43+00:00 | Vulnerability · Source |
| CVE-2026-48006 | redhat_vex | netty-codec-redis: Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator | fixed: 1 known affected: 4 known not affected: 1 | 2026-07-09T15:30:42+00:00 | Vulnerability · Source |
| CVE-2026-47691 | redhat_vex | io.netty/netty-resolver-dns: Netty has Insufficient Bailiwick Validation for NS Records | fixed: 5 known affected: 31 known not affected: 11 | 2026-07-09T15:30:37+00:00 | Vulnerability · Source |
| CVE-2026-46340 | redhat_vex | netty-transport-sctp: Netty-transport-sctp: Denial of Service due to unbounded memory growth from SctpMessage fragments | fixed: 1 known affected: 4 known not affected: 2 | 2026-07-09T15:30:35+00:00 | Vulnerability · Source |
| CVE-2026-45674 | redhat_vex | netty-resolver-dns: Netty: Information disclosure and data manipulation due to improper CNAME record validation | fixed: 5 known affected: 31 known not affected: 11 | 2026-07-09T15:30:32+00:00 | Vulnerability · Source |
| CVE-2026-45416 | redhat_vex | netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake | fixed: 7 known affected: 35 known not affected: 17 | 2026-07-09T15:30:31+00:00 | Vulnerability · Source |
| CVE-2026-44930 | redhat_vex | apache-cxf: org.apache.cxf.services.xkms/cxf-services-xkms-x509-repo-ldap: Apache CXF: Information Disclosure via LDAP Injection | fixed: 1 known affected: 2 | 2026-07-09T15:30:27+00:00 | Vulnerability · Source |
| CVE-2026-44893 | redhat_vex | netty-codec-haproxy: Netty-codec-haproxy: Denial of Service via malformed HAProxy message | fixed: 9 known affected: 25 known not affected: 67 | 2026-07-09T15:30:26+00:00 | Vulnerability · Source |
| CVE-2026-44890 | redhat_vex | netty-codec-redis: netty-codec-redis: Denial of Service via crafted Redis payloads | fixed: 1 known affected: 4 known not affected: 1 | 2026-07-09T15:30:23+00:00 | Vulnerability · Source |
| CVE-2026-44249 | redhat_vex | netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation | fixed: 19 known affected: 33 known not affected: 68 | 2026-07-09T15:30:21+00:00 | Vulnerability · Source |
| CVE-2026-44417 | redhat_vex | org.apache.cxf/cxf-rt-transports-jms: Apache CXF: Remote Code Execution via untrusted JMS configuration | fixed: 1 known affected: 4 known not affected: 1 | 2026-07-09T15:30:21+00:00 | Vulnerability · Source |
| CVE-2026-44250 | redhat_vex | netty-codec-redis: netty-codec-redis: Denial of Service via crafted Redis payload with deeply nested arrays | fixed: 1 known affected: 4 known not affected: 1 | 2026-07-09T15:30:18+00:00 | Vulnerability · Source |
| CVE-2026-44248 | redhat_vex | netty: io.netty/netty-codec-mqtt: Netty: Denial of Service due to excessive resource consumption from crafted MQTT 5 header | fixed: 1 known affected: 4 known not affected: 3 | 2026-07-09T15:30:13+00:00 | Vulnerability · Source |
| CVE-2026-42584 | redhat_vex | netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion | fixed: 25 known affected: 34 known not affected: 140 | 2026-07-09T15:30:07+00:00 | Vulnerability · Source |
| CVE-2026-42581 | redhat_vex | netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers | fixed: 25 known not affected: 125 under investigation: 49 | 2026-07-09T15:30:04+00:00 | Vulnerability · Source |
| CVE-2026-42579 | redhat_vex | netty: Netty: High integrity impact due to improper DNS domain name constraint enforcement | fixed: 25 known not affected: 125 under investigation: 38 | 2026-07-09T15:29:58+00:00 | Vulnerability · Source |
| CVE-2026-42578 | redhat_vex | netty: io.netty/netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation | fixed: 25 known affected: 33 known not affected: 141 | 2026-07-09T15:29:53+00:00 | Vulnerability · Source |
| CVE-2024-5535 | redhat_vex | openssl: SSL_select_next_proto buffer overread | fixed: 390 known affected: 50 known not affected: 182 | 2026-07-09T15:29:23+00:00 | Vulnerability · Source |
| CVE-2026-6352 | redhat_vex | gitlab: GitLab EE: Auditor-level users can modify compliance records via improper authorization in GraphQL | known not affected: 4 | 2026-07-09T15:29:22+00:00 | Vulnerability · Source |