VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
221822 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2026-43176 | redhat_vex | kernel: wifi: rtw89: pci: validate release report content before using for RTL8922DE | known affected: 232 known not affected: 42 | 2026-07-03T14:57:49+00:00 | Vulnerability · Source |
| CVE-2026-43156 | redhat_vex | kernel: net: usb: pegasus: enable basic endpoint checking | known affected: 274 | 2026-07-03T14:57:47+00:00 | Vulnerability · Source |
| CVE-2026-43129 | redhat_vex | kernel: ima: verify the previous kernel's IMA buffer lies in addressable RAM | known affected: 232 known not affected: 42 | 2026-07-03T14:57:43+00:00 | Vulnerability · Source |
| CVE-2026-43067 | redhat_vex | kernel: ext4: handle wraparound when searching for blocks for indirect mapped blocks | known affected: 274 | 2026-07-03T14:57:28+00:00 | Vulnerability · Source |
| CVE-2026-43119 | redhat_vex | kernel: Bluetooth: hci_sync: annotate data-races around hdev->req_status | known affected: 274 | 2026-07-03T14:57:28+00:00 | Vulnerability · Source |
| CVE-2026-31694 | redhat_vex | kernel: fuse: reject oversized dirents in page cache | known not affected: 274 | 2026-07-03T14:40:14+00:00 | Vulnerability · Source |
| CVE-2026-23253 | redhat_vex | kernel: Kernel: Denial of Service via DVB DVR ringbuffer reinitialization flaw | known affected: 76 known not affected: 198 | 2026-07-03T14:40:09+00:00 | Vulnerability · Source |
| CVE-2026-13573 | redhat_vex | llvm: llvm: Denial of Service via stack-based buffer overflow in StringMap::insert | fixed: 8 known affected: 146 | 2026-07-03T14:40:04+00:00 | Vulnerability · Source |
| CVE-2026-20243 | redhat_vex | clamav: ClamAV: Denial of Service via crafted ALZ file | known not affected: 1 | 2026-07-03T14:40:04+00:00 | Vulnerability · Source |
| CVE-2026-57914 | redhat_vex | apache-kerby: org.apache.kerby/kerby-asn1: Apache Kerby: Denial of Service via deeply nested ASN.1 structure | known affected: 16 | 2026-07-03T14:37:14+00:00 | Vulnerability · Source |
| CVE-2026-42779 | redhat_vex | Apache MINA: Apache MINA: Arbitrary Code Execution via Classname Allowlist Bypass | known affected: 5 known not affected: 22 | 2026-07-03T14:36:50+00:00 | Vulnerability · Source |
| CVE-2026-20244 | redhat_vex | clamav: ClamAV: Denial of Service via crafted DMG file | known not affected: 1 | 2026-07-03T13:38:44+00:00 | Vulnerability · Source |
| CVE-2026-54371 | redhat_vex | attr: Symlink Traversal Privilege Escalation via getfattr and setfattr | fixed: 3 known affected: 16 | 2026-07-03T13:20:36+00:00 | Vulnerability · Source |
| CVE-2026-20217 | redhat_vex | clamav: ClamAV: Denial of Service via crafted PESpin file | known not affected: 1 | 2026-07-03T13:01:10+00:00 | Vulnerability · Source |
| CVE-2026-20215 | redhat_vex | clamav: ClamAV: Denial of Service via crafted 7z file | known not affected: 1 | 2026-07-03T12:50:01+00:00 | Vulnerability · Source |
| CVE-2026-22773 | redhat_vex | vllm: vLLM: Denial of Service via specially crafted image in multimodal model serving | fixed: 8 known affected: 12 known not affected: 206 | 2026-07-03T12:28:29+00:00 | Vulnerability · Source |
| CVE-2024-11706 | redhat_vex | firefox: thunderbird: Null Pointer Dereference in PKCS#12 Utility | known affected: 12 under investigation: 14 | 2026-07-03T12:14:59+00:00 | Vulnerability · Source |
| CVE-2024-11705 | redhat_vex | firefox: thunderbird: Null Pointer Dereference in NSC_DeriveKey | known affected: 12 under investigation: 14 | 2026-07-03T12:14:58+00:00 | Vulnerability · Source |
| CVE-2024-11704 | redhat_vex | firefox: thunderbird: Potential Double-Free Vulnerability in PKCS#7 Decryption Handling | known affected: 12 under investigation: 14 | 2026-07-03T12:14:57+00:00 | Vulnerability · Source |
| CVE-2024-11701 | redhat_vex | firefox: thunderbird: Misleading Address Bar State During Navigation Interruption | known affected: 12 under investigation: 14 | 2026-07-03T12:14:52+00:00 | Vulnerability · Source |
| CVE-2026-13574 | redhat_vex | llvm: llvm-project: LLVM: Denial of service via heap-based buffer overflow in Bitcode File Handler | fixed: 8 known affected: 64 known not affected: 65 | 2026-07-03T12:14:49+00:00 | Vulnerability · Source |
| CVE-2024-11708 | redhat_vex | firefox: thunderbird: Data race with PlaybackParams | known affected: 12 under investigation: 14 | 2026-07-03T12:14:45+00:00 | Vulnerability · Source |
| CVE-2025-1414 | redhat_vex | firefox: Memory safety bugs fixed in Firefox 135.0.1 | known affected: 8 under investigation: 5 | 2026-07-03T12:06:56+00:00 | Vulnerability · Source |
| CVE-2025-0247 | redhat_vex | firefox: thunderbird: Memory safety bugs fixed in Firefox 134 and Thunderbird 134 | known affected: 12 under investigation: 14 | 2026-07-03T12:06:53+00:00 | Vulnerability · Source |
| CVE-2022-32296 | redhat_vex | kernel: insufficient TCP source port randomness leads to client identification | fixed: 2 under investigation: 198 | 2026-07-03T12:04:07+00:00 | Vulnerability · Source |
| CVE-2020-36310 | redhat_vex | kernel: infinite loop in set_memory_region_test in arch/x86/kvm/svm/svm.c for certain nested page faults | known not affected: 1 under investigation: 197 | 2026-07-03T12:04:02+00:00 | Vulnerability · Source |
| CVE-2020-19715 | redhat_vex | exiv2: integer buffer overflow in getUShort fucntion leads to DoS | known affected: 3 under investigation: 14 | 2026-07-03T12:03:58+00:00 | Vulnerability · Source |
| CVE-2021-41190 | redhat_vex | opencontainers: OCI manifest and index parsing confusion | fixed: 297 known affected: 69 known not affected: 1189 | 2026-07-03T12:03:56+00:00 | Vulnerability · Source |
| CVE-2023-25165 | redhat_vex | helm: getHostByName Function Information Disclosure | fixed: 22 known affected: 30 known not affected: 1880 | 2026-07-03T12:03:33+00:00 | Vulnerability · Source |
| CVE-2022-23526 | redhat_vex | helm: Denial of service through schema file | fixed: 13 known affected: 26 known not affected: 1402 | 2026-07-03T12:03:29+00:00 | Vulnerability · Source |
| CVE-2022-23525 | redhat_vex | helm: Denial of service through through repository index file | fixed: 152 known affected: 17 known not affected: 1262 | 2026-07-03T12:03:25+00:00 | Vulnerability · Source |
| CVE-2026-27980 | redhat_vex | next.js: Next.js: Unbounded next/image disk cache growth can exhaust storage | fixed: 2 known affected: 4 known not affected: 12 | 2026-07-03T12:02:07+00:00 | Vulnerability · Source |
| CVE-2026-1002 | redhat_vex | io.vertx/vertx-core: static handler component cache can be manipulated to deny the access to static files | fixed: 30 known affected: 19 known not affected: 322 | 2026-07-03T12:02:01+00:00 | Vulnerability · Source |
| CVE-2025-58056 | redhat_vex | netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions | fixed: 282 known affected: 45 known not affected: 9 | 2026-07-03T12:02:00+00:00 | Vulnerability · Source |
| CVE-2023-28642 | redhat_vex | runc: AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration | fixed: 805 known affected: 19 known not affected: 633 | 2026-07-03T11:50:31+00:00 | Vulnerability · Source |
| CVE-2023-27561 | redhat_vex | runc: volume mount race condition (regression of CVE-2019-19921) | fixed: 556 known affected: 36 known not affected: 1666 | 2026-07-03T11:50:20+00:00 | Vulnerability · Source |
| CVE-2023-25809 | redhat_vex | runc: Rootless runc makes `/sys/fs/cgroup` writable | fixed: 542 known affected: 30 known not affected: 622 | 2026-07-03T11:50:20+00:00 | Vulnerability · Source |
| CVE-2018-20676 | redhat_vex | bootstrap: XSS in the tooltip data-viewport attribute | fixed: 395 known affected: 95 known not affected: 63 under investigation: 26 | 2026-07-03T11:49:01+00:00 | Vulnerability · Source |
| CVE-2018-14041 | redhat_vex | bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy | fixed: 163 known affected: 90 known not affected: 301 under investigation: 26 | 2026-07-03T11:48:56+00:00 | Vulnerability · Source |
| CVE-2021-23566 | redhat_vex | nanoid: Information disclosure via valueOf() function | fixed: 7 known affected: 7 known not affected: 688 | 2026-07-03T11:48:52+00:00 | Vulnerability · Source |
| CVE-2022-27191 | redhat_vex | golang: crash in a golang.org/x/crypto/ssh server | fixed: 808 known affected: 82 known not affected: 4981 | 2026-07-03T11:48:06+00:00 | Vulnerability · Source |
| CVE-2022-24450 | redhat_vex | nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account | known affected: 18 known not affected: 8 | 2026-07-03T11:48:01+00:00 | Vulnerability · Source |
| CVE-2021-43565 | redhat_vex | golang.org/x/crypto: empty plaintext packet causes panic | fixed: 266 known affected: 137 known not affected: 1464 | 2026-07-03T11:47:57+00:00 | Vulnerability · Source |
| CVE-2022-29810 | redhat_vex | go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses | fixed: 15 known affected: 11 known not affected: 682 | 2026-07-03T11:46:56+00:00 | Vulnerability · Source |
| CVE-2022-24785 | redhat_vex | Moment.js: Path traversal in moment.locale | fixed: 743 known affected: 92 known not affected: 475 | 2026-07-03T11:46:49+00:00 | Vulnerability · Source |
| CVE-2022-23806 | redhat_vex | golang: crypto/elliptic: IsOnCurve returns true for invalid field elements | fixed: 908 known affected: 97 known not affected: 1002 under investigation: 2 | 2026-07-03T11:46:43+00:00 | Vulnerability · Source |
| CVE-2022-21803 | redhat_vex | nconf: Prototype pollution in memory store | known affected: 7 | 2026-07-03T11:46:42+00:00 | Vulnerability · Source |
| CVE-2022-0235 | redhat_vex | node-fetch: exposure of sensitive information to an unauthorized actor | fixed: 102 known affected: 140 known not affected: 796 under investigation: 2 | 2026-07-03T11:46:28+00:00 | Vulnerability · Source |
| CVE-2026-39852 | redhat_vex | io.quarkus:quarkus-vertx-http: io.quarkus:quarkus-vertx-http: Authorization bypass via semicolons in HTTP requests | fixed: 11 known affected: 16 known not affected: 18 | 2026-07-03T11:45:00+00:00 | Vulnerability · Source |
| CVE-2026-33871 | redhat_vex | netty: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood | fixed: 67 known affected: 51 known not affected: 465 | 2026-07-03T11:44:52+00:00 | Vulnerability · Source |