VEX records

Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.

Reset

221692 VEX records

API response
Vulnerability Source Title Product status Imported Links
CVE-2026-44827 redhat_vex diffusers: Diffusers: Arbitrary Code Execution via malicious model loading known affected: 13 known not affected: 5 2026-07-09T19:15:10+00:00 Vulnerability · Source
CVE-2026-42006 redhat_vex dovecot: Dovecot: Denial of Service via excessive IMAP bracing known affected: 30 2026-07-09T18:46:22+00:00 Vulnerability · Source
CVE-2026-56374 redhat_vex ImageMagick: ImageMagick: Denial of Service and Information Disclosure via heap buffer overflow in FTXT encoder known affected: 14 2026-07-09T18:02:07+00:00 Vulnerability · Source
CVE-2026-53422 redhat_vex erlang: ssh: Erlang OTP ssh: Information disclosure via SFTP REALPATH handler fixed: 3 known affected: 42 2026-07-09T18:01:53+00:00 Vulnerability · Source
CVE-2026-59998 redhat_vex openssh: OpenSSH: Undocumented GSSAPIStrictAcceptorCheck behavior impacts security in Windows Active Directory fixed: 3 known affected: 41 2026-07-09T18:01:51+00:00 Vulnerability · Source
CVE-2026-59995 redhat_vex openssh: OpenSSH: sftp client allows attacker to control downloaded file location fixed: 3 known affected: 41 2026-07-09T18:01:51+00:00 Vulnerability · Source
CVE-2026-60000 redhat_vex openssh: OpenSSH: Denial of Service via excessive GSSAPI authentication attempts fixed: 3 known affected: 41 2026-07-09T17:43:28+00:00 Vulnerability · Source
CVE-2026-59999 redhat_vex openssh: OpenSSH sshd: Security bypass due to incorrect handling of forwarding and tunneling options fixed: 3 known affected: 41 2026-07-09T17:43:26+00:00 Vulnerability · Source
CVE-2026-59997 redhat_vex openssh: OpenSSH: SFTP security bypass due to command-line argument parsing flaw fixed: 3 known affected: 41 2026-07-09T17:43:22+00:00 Vulnerability · Source
CVE-2026-60002 redhat_vex openssh: OpenSSH: Use-after-free vulnerability during host key re-exchange on the client side fixed: 3 known affected: 41 2026-07-09T17:43:12+00:00 Vulnerability · Source
CVE-2026-54499 redhat_vex stanza: Stanza: Remote Code Execution via unsafe deserialization in model loaders known affected: 6 known not affected: 1 2026-07-09T17:43:05+00:00 Vulnerability · Source
CVE-2026-46300 redhat_vex kernel: "Fragnesia" is a variant of Dirty Frag vulnerability in the ESP/XFRM leading to Local Privilege Escalation (LPE) vulnerability in the Linux kernel fixed: 2874 known not affected: 42 2026-07-09T17:38:55+00:00 Vulnerability · Source
CVE-2026-43284 redhat_vex kernel: "Dirty Frag" ESP XFRM variant is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel fixed: 3875 known not affected: 42 2026-07-09T17:38:49+00:00 Vulnerability · Source
CVE-2026-43037 redhat_vex kernel: ip6_tunnel: clear skb2->cb[] in ip4ip6_err() fixed: 2439 known affected: 33 known not affected: 1 2026-07-09T17:38:47+00:00 Vulnerability · Source
CVE-2026-41035 redhat_vex rsync: Rsync: Use-after-free vulnerability in extended attribute handling fixed: 125 known not affected: 69 2026-07-09T17:38:45+00:00 Vulnerability · Source
CVE-2026-40164 redhat_vex jq: jq: Denial of Service via crafted JSON object causing hash collisions fixed: 362 2026-07-09T17:38:41+00:00 Vulnerability · Source
CVE-2026-39979 redhat_vex jq: out-of-bounds read in jv_parse_sized() on error formatting for non-NUL-terminated buffers fixed: 362 known affected: 2 known not affected: 2 2026-07-09T17:38:37+00:00 Vulnerability · Source
CVE-2026-35385 redhat_vex OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode fixed: 1012 known affected: 2 known not affected: 220 under investigation: 1 2026-07-09T17:38:36+00:00 Vulnerability · Source
CVE-2026-35535 redhat_vex sudo: Sudo: Privilege escalation due to failure in privilege drop calls fixed: 409 known not affected: 2 2026-07-09T17:38:33+00:00 Vulnerability · Source
CVE-2026-41316 redhat_vex erb: ERB: Arbitrary code execution via deserialization bypass fixed: 1349 known affected: 1 known not affected: 30 2026-07-09T17:38:08+00:00 Vulnerability · Source
CVE-2026-27851 redhat_vex dovecot: Dovecot: SQL/LDAP injection via incorrect safe filter interpretation with variable expansion known affected: 6 known not affected: 18 2026-07-09T16:30:27+00:00 Vulnerability · Source
CVE-2026-35188 redhat_vex openssl: Double-free When Checking OCSP Stapled Response known not affected: 61 2026-07-09T16:20:09+00:00 Vulnerability · Source
CVE-2026-60001 redhat_vex openssh: OpenSSH: Brute-force attacks facilitated due to insufficient authentication delay fixed: 3 known affected: 41 2026-07-09T15:32:27+00:00 Vulnerability · Source
CVE-2026-34481 redhat_vex org.apache.logging.log4j: Apache Log4j JsonTemplateLayout: Denial of Service via invalid JSON output fixed: 4 known affected: 9 known not affected: 3 2026-07-09T15:32:05+00:00 Vulnerability · Source
CVE-2026-50633 redhat_vex apache-cxf: org.apache.cxf/cxf-integration-jca: Apache CXF: Arbitrary code execution via JNDI Injection fixed: 1 known affected: 1 known not affected: 1 2026-07-09T15:31:11+00:00 Vulnerability · Source
CVE-2026-50632 redhat_vex cxf: org.apache.cxf/cxf-rt-transports-jms: Apache CXF: Arbitrary code execution via untrusted JMS configuration fixed: 1 known affected: 4 known not affected: 1 2026-07-09T15:31:06+00:00 Vulnerability · Source
CVE-2026-50628 redhat_vex cxf: org.apache.cxf/cxf-rt-rs-security-oauth2: cxf: Unauthorized access due to logic error in OAuthRequestFilter fixed: 1 known affected: 4 known not affected: 2 2026-07-09T15:31:02+00:00 Vulnerability · Source
CVE-2026-50627 redhat_vex apache-cxf: org.apache.cxf/cxf-rt-rs-security-oauth2: Apache CXF: Token Confusion/Routing attacks due to improper validation of JWT audience claims fixed: 1 known affected: 4 known not affected: 2 2026-07-09T15:31:01+00:00 Vulnerability · Source
CVE-2026-50011 redhat_vex netty-codec-redis: Netty: Denial of Service via malicious Redis array header fixed: 1 known affected: 4 known not affected: 1 2026-07-09T15:30:56+00:00 Vulnerability · Source
CVE-2026-50010 redhat_vex netty-handler: Netty: Improper trust manager handling leads to hostname verification bypass fixed: 7 known affected: 35 known not affected: 17 2026-07-09T15:30:52+00:00 Vulnerability · Source
CVE-2026-49875 redhat_vex cxf: org.apache.cxf/cxf-core: Apache CXF: Information disclosure via out-of-band external entity resolution due to missing JAXP hardening fixed: 2 known affected: 7 2026-07-09T15:30:51+00:00 Vulnerability · Source
CVE-2026-48059 redhat_vex netty-codec-haproxy: Netty HAProxy PROXY protocol v2 codec: Denial of Service via memory leak from crafted PROXY protocol headers fixed: 9 known affected: 27 known not affected: 66 2026-07-09T15:30:47+00:00 Vulnerability · Source
CVE-2026-48043 redhat_vex netty-codec-http2: netty-codec-http2: Denial of Service due to resource leak fixed: 21 known affected: 33 known not affected: 56 2026-07-09T15:30:43+00:00 Vulnerability · Source
CVE-2026-48006 redhat_vex netty-codec-redis: Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator fixed: 1 known affected: 4 known not affected: 1 2026-07-09T15:30:42+00:00 Vulnerability · Source
CVE-2026-47691 redhat_vex io.netty/netty-resolver-dns: Netty has Insufficient Bailiwick Validation for NS Records fixed: 5 known affected: 31 known not affected: 11 2026-07-09T15:30:37+00:00 Vulnerability · Source
CVE-2026-46340 redhat_vex netty-transport-sctp: Netty-transport-sctp: Denial of Service due to unbounded memory growth from SctpMessage fragments fixed: 1 known affected: 4 known not affected: 2 2026-07-09T15:30:35+00:00 Vulnerability · Source
CVE-2026-45674 redhat_vex netty-resolver-dns: Netty: Information disclosure and data manipulation due to improper CNAME record validation fixed: 5 known affected: 31 known not affected: 11 2026-07-09T15:30:32+00:00 Vulnerability · Source
CVE-2026-45416 redhat_vex netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake fixed: 7 known affected: 35 known not affected: 17 2026-07-09T15:30:31+00:00 Vulnerability · Source
CVE-2026-44930 redhat_vex apache-cxf: org.apache.cxf.services.xkms/cxf-services-xkms-x509-repo-ldap: Apache CXF: Information Disclosure via LDAP Injection fixed: 1 known affected: 2 2026-07-09T15:30:27+00:00 Vulnerability · Source
CVE-2026-44893 redhat_vex netty-codec-haproxy: Netty-codec-haproxy: Denial of Service via malformed HAProxy message fixed: 9 known affected: 25 known not affected: 67 2026-07-09T15:30:26+00:00 Vulnerability · Source
CVE-2026-44890 redhat_vex netty-codec-redis: netty-codec-redis: Denial of Service via crafted Redis payloads fixed: 1 known affected: 4 known not affected: 1 2026-07-09T15:30:23+00:00 Vulnerability · Source
CVE-2026-44249 redhat_vex netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation fixed: 19 known affected: 33 known not affected: 68 2026-07-09T15:30:21+00:00 Vulnerability · Source
CVE-2026-44417 redhat_vex org.apache.cxf/cxf-rt-transports-jms: Apache CXF: Remote Code Execution via untrusted JMS configuration fixed: 1 known affected: 4 known not affected: 1 2026-07-09T15:30:21+00:00 Vulnerability · Source
CVE-2026-44250 redhat_vex netty-codec-redis: netty-codec-redis: Denial of Service via crafted Redis payload with deeply nested arrays fixed: 1 known affected: 4 known not affected: 1 2026-07-09T15:30:18+00:00 Vulnerability · Source
CVE-2026-44248 redhat_vex netty: io.netty/netty-codec-mqtt: Netty: Denial of Service due to excessive resource consumption from crafted MQTT 5 header fixed: 1 known affected: 4 known not affected: 3 2026-07-09T15:30:13+00:00 Vulnerability · Source
CVE-2026-42584 redhat_vex netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion fixed: 25 known affected: 34 known not affected: 140 2026-07-09T15:30:07+00:00 Vulnerability · Source
CVE-2026-42581 redhat_vex netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers fixed: 25 known not affected: 125 under investigation: 49 2026-07-09T15:30:04+00:00 Vulnerability · Source
CVE-2026-42579 redhat_vex netty: Netty: High integrity impact due to improper DNS domain name constraint enforcement fixed: 25 known not affected: 125 under investigation: 38 2026-07-09T15:29:58+00:00 Vulnerability · Source
CVE-2026-42578 redhat_vex netty: io.netty/netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation fixed: 25 known affected: 33 known not affected: 141 2026-07-09T15:29:53+00:00 Vulnerability · Source
CVE-2024-5535 redhat_vex openssl: SSL_select_next_proto buffer overread fixed: 390 known affected: 50 known not affected: 182 2026-07-09T15:29:23+00:00 Vulnerability · Source