VEX records

Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.

Reset

221754 VEX records

API response
Vulnerability Source Title Product status Imported Links
CVE-2026-52998 microsoft_vex netfilter: nfnetlink_osf: fix potential NULL dereference in ttl check fixed: 1 known affected: 1 2026-07-09T14:40:04+00:00 Vulnerability · Source
CVE-2026-53023 microsoft_vex fs/ntfs3: terminate the cached volume label after UTF-8 conversion fixed: 1 known affected: 1 2026-07-09T14:39:55+00:00 Vulnerability · Source
CVE-2026-53223 microsoft_vex net: guard timestamp cmsgs to real error queue skbs fixed: 1 known affected: 1 2026-07-09T14:39:54+00:00 Vulnerability · Source
CVE-2026-53075 microsoft_vex ppp: require CAP_NET_ADMIN in target netns for unattached ioctls fixed: 1 known affected: 1 2026-07-09T14:39:47+00:00 Vulnerability · Source
CVE-2026-12413 microsoft_vex IKEv2 Denial of Service via malformed fragmentation fixed: 1 known affected: 1 2026-07-09T14:39:45+00:00 Vulnerability · Source
CVE-2026-53011 microsoft_vex net/sched: taprio: fix use-after-free in advance_sched() on schedule switch fixed: 1 known affected: 1 2026-07-09T14:39:39+00:00 Vulnerability · Source
CVE-2026-50722 microsoft_vex IKEv2 Denial of Service via RSA-SHA1 (PKCS#1 RSASSA-PKCS1-v1_5) authentication payload fixed: 1 known affected: 1 2026-07-09T14:39:37+00:00 Vulnerability · Source
CVE-2026-53077 microsoft_vex net/rds: Restrict use of RDS/IB to the initial network namespace fixed: 1 known affected: 1 2026-07-09T14:39:30+00:00 Vulnerability · Source
CVE-2026-50721 microsoft_vex IKEv1 Denial of Service via RSA-SHA1 (PKCS#1 Version 1.5 Encrypted) authentication payload fixed: 1 known affected: 1 2026-07-09T14:39:28+00:00 Vulnerability · Source
CVE-2026-52936 microsoft_vex crypto: jitterentropy - replace long-held spinlock with mutex fixed: 1 known affected: 1 2026-07-09T14:39:21+00:00 Vulnerability · Source
CVE-2026-12912 microsoft_vex Libtiff: libtiff: heap-based buffer overflow via crafted pixarlog-compressed tiff image fixed: 1 known affected: 1 2026-07-09T14:39:20+00:00 Vulnerability · Source
CVE-2026-53003 microsoft_vex pppoe: drop PFC frames fixed: 1 known affected: 1 2026-07-09T14:39:13+00:00 Vulnerability · Source
CVE-2026-14164 microsoft_vex Libarchive: double-free vulnerability in rar5 decompression logic via dangling filtered_buf pointer in init_unpack() fixed: 1 known affected: 1 2026-07-09T14:39:11+00:00 Vulnerability · Source
CVE-2026-53082 microsoft_vex net: hamradio: 6pack: fix uninit-value in sixpack_receive_buf fixed: 1 known affected: 1 2026-07-09T14:39:05+00:00 Vulnerability · Source
CVE-2026-52920 microsoft_vex netfilter: xt_policy: fix strict mode inbound policy matching fixed: 1 known affected: 1 2026-07-09T14:38:56+00:00 Vulnerability · Source
CVE-2026-53357 microsoft_vex Bluetooth: fix UAF in l2cap_sock_cleanup_listen() vs l2cap_conn_del() fixed: 1 known affected: 1 2026-07-09T14:38:55+00:00 Vulnerability · Source
CVE-2026-53086 microsoft_vex net: bcmgenet: fix racing timeout handler fixed: 1 known affected: 1 2026-07-09T14:38:48+00:00 Vulnerability · Source
CVE-2026-37555 microsoft_vex An issue was discovered in libsndfile 1.2.2 IMA ADPCM codec. The AIFF code path (line 241) was fixed with (sf_count_t) cast, but the WAV code path (line 235) and close path (line 167) were not. When samplesperblock (int) * blocks (int) exceeds INT_MAX, the 32-bit multiplication overflows before being assigned to sf.frames (sf_count_t/int64). With samplesperblock=50000 and blocks=50000, the product 2500000000 overflows to -1794967296. This causes incorrect frame count leading to heap buffer overflow or denial of service. Both values come from the WAV file header and are attacker-controlled. This issue was discovered after an incomplete fix for CVE-2022-33065. fixed: 1 known affected: 2 2026-07-09T14:38:36+00:00 Vulnerability · Source
CVE-2026-42765 redhat_vex openssl: NULL Dereference in Certificate Verification with OCSP Checking known not affected: 1 2026-07-09T14:31:15+00:00 Vulnerability · Source
CVE-2026-43303 redhat_vex kernel: mm/page_alloc: clear page->private in free_pages_prepare() fixed: 1658 known affected: 36 known not affected: 76 2026-07-09T13:55:08+00:00 Vulnerability · Source
CVE-2026-30892 redhat_vex crun: crun: Privilege escalation due to incorrect parsing of the `--user` option fixed: 71 known affected: 1 known not affected: 2 2026-07-09T13:53:06+00:00 Vulnerability · Source
CVE-2026-32289 redhat_vex html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals fixed: 29 known affected: 354 2026-07-09T13:42:21+00:00 Vulnerability · Source
CVE-2026-44332 redhat_vex github.com/gofiber/fiber: GoFiber: Remote Username Enumeration via BasicAuth Middleware Short-Circuit Evaluation known not affected: 1 2026-07-09T13:35:03+00:00 Vulnerability · Source
CVE-2026-59927 redhat_vex mistune: Mistune: Denial of Service via unbounded recursion in Markdown include directive known affected: 1 under investigation: 24 2026-07-09T13:30:36+00:00 Vulnerability · Source
CVE-2026-31488 redhat_vex kernel: drm/amd/display: Do not skip unrelated mode changes in DSC validation fixed: 453 known affected: 98 known not affected: 42 2026-07-09T13:30:33+00:00 Vulnerability · Source
CVE-2026-46150 redhat_vex kernel: fanotify: fix false positive on permission events known affected: 274 2026-07-09T13:14:03+00:00 Vulnerability · Source
CVE-2026-41606 redhat_vex Apache Thrift: Apache Thrift: Denial of Service via uncontrolled recursion fixed: 36 known affected: 13 known not affected: 439 2026-07-09T13:07:23+00:00 Vulnerability · Source
CVE-2026-41603 redhat_vex Apache Thrift: apache.com/apache/thrift: Apache Thrift: Security Bypass via Improper Certificate Hostname Validation fixed: 36 known affected: 14 known not affected: 438 2026-07-09T13:07:08+00:00 Vulnerability · Source
CVE-2025-3110 redhat_vex OpenVPN Access Server: OpenVPN Access Server: HTTP request smuggling via bare line-feed sequences in HTTP headers known not affected: 1 2026-07-09T12:55:22+00:00 Vulnerability · Source
CVE-2026-54591 redhat_vex asyncssh: AsyncSSH: Arbitrary file write via path traversal in SCP client known not affected: 1 2026-07-09T12:45:11+00:00 Vulnerability · Source
CVE-2026-59892 redhat_vex @opentelemetry/propagator-jaeger: OpenTelemetry JavaScript: Denial of Service via malformed HTTP header decoding known affected: 11 2026-07-09T12:05:07+00:00 Vulnerability · Source
CVE-2026-59928 redhat_vex mistune: Mistune: Denial of Service via crafted Markdown document with reference-link definitions known affected: 25 2026-07-09T11:55:15+00:00 Vulnerability · Source
CVE-2026-54267 redhat_vex @angular/core: Angular Client Hydration DOM Clobbering & Response-Cache Poisoning known not affected: 81 2026-07-09T11:11:08+00:00 Vulnerability · Source
CVE-2026-59691 redhat_vex gstreamer: gstreamer: rfbsrc/librfb Hextile heap out-of-bounds write with 16bpp framebuffer known affected: 24 2026-07-09T11:06:10+00:00 Vulnerability · Source
CVE-2026-59692 redhat_vex gstreamer: gstreamer: DTLS certificate Subject DN stack buffer overflow in openssl_verify_callback known affected: 24 2026-07-09T11:05:32+00:00 Vulnerability · Source
CVE-2026-53262 redhat_vex kernel: l2tp: pppol2tp: hold reference to session in pppol2tp_ioctl() known affected: 274 2026-07-09T10:45:28+00:00 Vulnerability · Source
CVE-2026-13201 redhat_vex kubevirt: virt-handler-rhel9: kubevirt: safepath symlink following in virt-handler enables notify socket hijacking and node-level VM disruption known affected: 2 2026-07-09T10:20:24+00:00 Vulnerability · Source
CVE-2026-11827 redhat_vex gitlab-ee: GitLab EE: Information disclosure via improper authorization controls known affected: 4 2026-07-09T09:35:35+00:00 Vulnerability · Source
CVE-2026-54906 redhat_vex concurrent-ruby: rubygem-concurrent-ruby: concurrent-ruby: Synchronization flaw in ReadWriteLock allows unauthorized lock release and denial of service known not affected: 20 2026-07-09T09:22:36+00:00 Vulnerability · Source
CVE-2026-54753 redhat_vex Nx: Nx: `nx graph` dev server permissive CORS policy known affected: 7 2026-07-09T09:22:21+00:00 Vulnerability · Source
CVE-2026-45692 redhat_vex github.com/caddyserver/caddy/v2: Caddy: Remote Admin Authorization Bypass in `/config` API via Array Index Normalization known not affected: 1 2026-07-09T09:22:01+00:00 Vulnerability · Source
CVE-2026-46056 redhat_vex kernel: Bluetooth: hci_event: fix potential UAF in SSP passkey handlers fixed: 762 known affected: 64 2026-07-09T09:21:00+00:00 Vulnerability · Source
CVE-2026-53705 redhat_vex gstreamer1-plugins-good: GStreamer: Heap buffer overflow in WavPack decoder via integer overflow fixed: 82 known affected: 2 2026-07-09T08:54:08+00:00 Vulnerability · Source
CVE-2026-50021 redhat_vex pnpm: pnpm: Integrity bypass allows installation of altered packages via modified lockfile known affected: 1 known not affected: 3 2026-07-09T08:44:40+00:00 Vulnerability · Source
CVE-2026-50016 redhat_vex pnpm: pnpm: Arbitrary code execution due to path traversal in dependency aliases known affected: 1 known not affected: 3 2026-07-09T08:40:10+00:00 Vulnerability · Source
CVE-2026-55698 redhat_vex pnpm: pnpm: Arbitrary code execution via malicious package-manager lockfile known affected: 1 known not affected: 3 2026-07-09T08:39:53+00:00 Vulnerability · Source
CVE-2026-55697 redhat_vex pnpm: pnpm: Arbitrary code execution via improper handling of config dependencies known affected: 1 known not affected: 3 2026-07-09T08:35:54+00:00 Vulnerability · Source
CVE-2026-43866 redhat_vex camel-jms: Apache Camel JMS components: Arbitrary Exchange state injection known affected: 1 known not affected: 1 2026-07-09T08:21:11+00:00 Vulnerability · Source
CVE-2026-48995 redhat_vex pnpm: pnpm: Supply chain compromise from unverified dependencies known affected: 1 known not affected: 3 2026-07-09T08:20:01+00:00 Vulnerability · Source
CVE-2026-55700 redhat_vex pnpm: pnpm: Unauthorized file modification via crafted package manifest known affected: 1 known not affected: 3 2026-07-09T08:10:40+00:00 Vulnerability · Source