VEX records

Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.

Reset

221826 VEX records

API response
Vulnerability Source Title Product status Imported Links
CVE-2022-21499 redhat_vex kernel: possible to use the debugger to write zero into a location of choice fixed: 475 known affected: 28 known not affected: 14 2026-07-03T01:40:54+00:00 Vulnerability · Source
CVE-2022-4645 redhat_vex libtiff: out-of-bounds read in tiffcp in tools/tiffcp.c fixed: 84 known affected: 13 2026-07-03T01:40:52+00:00 Vulnerability · Source
CVE-2022-2953 redhat_vex libtiff: tiffcrop: heap-buffer-overflow in extractImageSection in tiffcrop.c fixed: 84 known affected: 13 2026-07-03T01:40:48+00:00 Vulnerability · Source
CVE-2022-2929 redhat_vex dhcp: DHCP memory leak fixed: 83 known affected: 11 2026-07-03T01:40:47+00:00 Vulnerability · Source
CVE-2022-2928 redhat_vex dhcp: option refcount overflow when leasequery is enabled leading to dhcpd abort fixed: 83 known affected: 11 2026-07-03T01:40:42+00:00 Vulnerability · Source
CVE-2022-2217 redhat_vex npm: XSS in parse-url known affected: 7 known not affected: 6 2026-07-03T01:40:39+00:00 Vulnerability · Source
CVE-2022-1678 redhat_vex kernel: improper update of sock reference in TCP pacing can lead to memory leak known affected: 14 known not affected: 184 2026-07-03T01:40:35+00:00 Vulnerability · Source
CVE-2023-25577 redhat_vex python-werkzeug: high resource usage when parsing multipart form data with many fields fixed: 520 known affected: 14 known not affected: 1864 2026-07-03T01:40:30+00:00 Vulnerability · Source
CVE-2022-31129 redhat_vex moment: inefficient parsing algorithm resulting in DoS fixed: 199 known affected: 114 known not affected: 509 2026-07-03T01:40:26+00:00 Vulnerability · Source
CVE-2022-2588 redhat_vex kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation fixed: 1091 known affected: 14 known not affected: 114 2026-07-03T01:40:20+00:00 Vulnerability · Source
CVE-2022-2586 redhat_vex kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation fixed: 475 known not affected: 42 2026-07-03T01:40:16+00:00 Vulnerability · Source
CVE-2022-0722 redhat_vex parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url fixed: 1 known affected: 12 known not affected: 4 2026-07-03T01:40:14+00:00 Vulnerability · Source
CVE-2026-10078 redhat_vex quay/config-tool: quay/config-tool: GitLab OAuth client_secret exposed in URL querystring known affected: 2 2026-07-03T01:12:27+00:00 Vulnerability · Source
CVE-2026-10052 redhat_vex quay/config-tool: quay/config-tool: SSRF via unfiltered LDAP and SMTP config validation endpoints known affected: 2 2026-07-03T01:12:26+00:00 Vulnerability · Source
CVE-2026-57918 microsoft_vex libnfs through 6.0.2 before 935b8db has an xid integer underflow in READ_IOVEC in rpc_read_from_socket in lib/socket.c during a connection to a crafted NFS server, when the expected pdu size exceeds the absolute pdu size from the xid/record-marker. known not affected: 1 2026-07-03T01:10:48+00:00 Vulnerability · Source
CVE-2026-57231 microsoft_vex Podman: Malformed Image can trick podman run into leaking host environment variables into the container known not affected: 1 2026-07-03T01:10:42+00:00 Vulnerability · Source
CVE-2026-13322 microsoft_vex Kubevirt: virt-handler-rhel9: kubevirt: unbounded virtio-serial readline in virt-handler causes oom denial of service known affected: 1 2026-07-03T01:10:37+00:00 Vulnerability · Source
CVE-2026-48779 microsoft_vex ws: Memory exhaustion DoS from tiny fragments and data chunks known not affected: 1 2026-07-03T01:10:13+00:00 Vulnerability · Source
CVE-2026-41991 microsoft_vex Predictable Temporary File in GNU gzip known affected: 1 known not affected: 1 2026-07-03T01:09:59+00:00 Vulnerability · Source
CVE-2026-58050 microsoft_vex libssh2 - Integer Overflow in publickey Subsystem Attribute Allocation known not affected: 3 2026-07-03T01:09:25+00:00 Vulnerability · Source
CVE-2026-53279 microsoft_vex drm/gma500/oaktrail_lvds: fix hang on init failure known not affected: 1 2026-07-03T01:09:13+00:00 Vulnerability · Source
CVE-2026-53303 microsoft_vex f2fs: protect extension_list reading with sb_lock in f2fs_sbi_show() known not affected: 1 2026-07-03T01:09:08+00:00 Vulnerability · Source
CVE-2026-53294 microsoft_vex mailbox: mailbox-test: don't free the reused channel known not affected: 1 2026-07-03T01:09:02+00:00 Vulnerability · Source
CVE-2026-53306 microsoft_vex tty: hvc_iucv: fix off-by-one in number of supported devices known not affected: 1 2026-07-03T01:08:56+00:00 Vulnerability · Source
CVE-2026-53309 microsoft_vex ocfs2/dlm: fix off-by-one in dlm_match_regions() region comparison known not affected: 1 2026-07-03T01:08:50+00:00 Vulnerability · Source
CVE-2026-53296 microsoft_vex mailbox: mailbox-test: free channels on probe error known not affected: 1 2026-07-03T01:08:45+00:00 Vulnerability · Source
CVE-2026-53320 microsoft_vex nilfs2: reject zero bd_oblocknr in nilfs_ioctl_mark_blocks_dirty() known not affected: 1 2026-07-03T01:08:39+00:00 Vulnerability · Source
CVE-2026-0864 microsoft_vex Configuration Injection via Carriage Return (\r) in write() method known affected: 2 known not affected: 1 2026-07-03T01:08:33+00:00 Vulnerability · Source
CVE-2026-3195 microsoft_vex Qemu-kvm: virtio-snd: heap buffer overflow in virtio_snd_pcm_in_cb (incomplete fix for cve-2024-7730) fixed: 2 known affected: 3 2026-07-03T01:08:03+00:00 Vulnerability · Source
CVE-2026-11972 microsoft_vex tarfile opened in streaming mode mishandles EOF known affected: 2 known not affected: 1 2026-07-03T01:07:57+00:00 Vulnerability · Source
CVE-2026-56412 microsoft_vex libexpat before 2.8.2 does not consider XML_TOK_DATA_CHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219. fixed: 1 known affected: 3 known not affected: 2 2026-07-03T01:07:18+00:00 Vulnerability · Source
CVE-2026-56405 microsoft_vex libexpat before 2.8.2 has an integer overflow in getAttributeId. fixed: 1 known affected: 3 known not affected: 2 2026-07-03T01:07:08+00:00 Vulnerability · Source
CVE-2026-56407 microsoft_vex libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen. fixed: 1 known affected: 3 known not affected: 2 2026-07-03T01:06:51+00:00 Vulnerability · Source
CVE-2026-56403 microsoft_vex libexpat before 2.8.2 has an integer overflow in storeAtts. fixed: 1 known affected: 3 known not affected: 2 2026-07-03T01:06:32+00:00 Vulnerability · Source
CVE-2026-56406 microsoft_vex libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was present in XML_Parse. fixed: 1 known affected: 3 known not affected: 2 2026-07-03T01:06:23+00:00 Vulnerability · Source
CVE-2026-56132 microsoft_vex In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers. fixed: 1 known affected: 3 known not affected: 2 2026-07-03T01:06:15+00:00 Vulnerability · Source
CVE-2026-56404 microsoft_vex libexpat before 2.8.2 has an integer overflow in addBinding. fixed: 1 known affected: 3 known not affected: 2 2026-07-03T01:06:06+00:00 Vulnerability · Source
CVE-2026-2376 redhat_vex mirror-registry: quay: quay: Server-side Request Forgery via open redirect vulnerability in web interface known affected: 4 2026-07-03T01:06:01+00:00 Vulnerability · Source
CVE-2026-56131 microsoft_vex libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_ResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur (similar to the CVE-2026-50219 situation). fixed: 1 known affected: 3 known not affected: 2 2026-07-03T01:05:57+00:00 Vulnerability · Source
CVE-2025-68158 redhat_vex Authlib: Authlib: Cross-Site Request Forgery due to improper session management in state storage fixed: 12 known affected: 1 known not affected: 54 2026-07-03T01:05:39+00:00 Vulnerability · Source
CVE-2026-53016 microsoft_vex crypto: ccp - copy IV using skcipher ivsize known not affected: 1 2026-07-03T01:05:17+00:00 Vulnerability · Source
CVE-2025-4374 redhat_vex quay: Incorrect Privilege Assignment known affected: 1 2026-07-03T01:04:36+00:00 Vulnerability · Source
CVE-2026-53046 microsoft_vex ksmbd: fix use-after-free from async crypto on Qualcomm crypto engine known not affected: 1 2026-07-03T01:04:36+00:00 Vulnerability · Source
CVE-2026-53039 microsoft_vex ocfs2: validate group add input before caching known not affected: 1 2026-07-03T01:04:26+00:00 Vulnerability · Source
CVE-2026-53045 microsoft_vex memory: tegra124-emc: Fix dll_change check known not affected: 1 2026-07-03T01:04:20+00:00 Vulnerability · Source
CVE-2026-53049 microsoft_vex gfs2: add some missing log locking known not affected: 1 2026-07-03T01:04:14+00:00 Vulnerability · Source
CVE-2026-13757 microsoft_vex P11-kit: stack exhaustion via unbounded recursion in rpc attribute parsing known affected: 1 2026-07-03T01:04:13+00:00 Vulnerability · Source
CVE-2026-53098 microsoft_vex wifi: mt76: mt7915: fix use-after-free bugs in mt7915_mac_dump_work() known not affected: 1 2026-07-03T01:04:08+00:00 Vulnerability · Source
CVE-2026-52911 microsoft_vex ksmbd: scope conn->binding slowpath to bound sessions only known not affected: 1 2026-07-03T01:04:01+00:00 Vulnerability · Source
CVE-2025-21605 redhat_vex redis: Redis DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client fixed: 233 known affected: 2 known not affected: 7 2026-07-03T01:03:57+00:00 Vulnerability · Source