VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
221826 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2022-21499 | redhat_vex | kernel: possible to use the debugger to write zero into a location of choice | fixed: 475 known affected: 28 known not affected: 14 | 2026-07-03T01:40:54+00:00 | Vulnerability · Source |
| CVE-2022-4645 | redhat_vex | libtiff: out-of-bounds read in tiffcp in tools/tiffcp.c | fixed: 84 known affected: 13 | 2026-07-03T01:40:52+00:00 | Vulnerability · Source |
| CVE-2022-2953 | redhat_vex | libtiff: tiffcrop: heap-buffer-overflow in extractImageSection in tiffcrop.c | fixed: 84 known affected: 13 | 2026-07-03T01:40:48+00:00 | Vulnerability · Source |
| CVE-2022-2929 | redhat_vex | dhcp: DHCP memory leak | fixed: 83 known affected: 11 | 2026-07-03T01:40:47+00:00 | Vulnerability · Source |
| CVE-2022-2928 | redhat_vex | dhcp: option refcount overflow when leasequery is enabled leading to dhcpd abort | fixed: 83 known affected: 11 | 2026-07-03T01:40:42+00:00 | Vulnerability · Source |
| CVE-2022-2217 | redhat_vex | npm: XSS in parse-url | known affected: 7 known not affected: 6 | 2026-07-03T01:40:39+00:00 | Vulnerability · Source |
| CVE-2022-1678 | redhat_vex | kernel: improper update of sock reference in TCP pacing can lead to memory leak | known affected: 14 known not affected: 184 | 2026-07-03T01:40:35+00:00 | Vulnerability · Source |
| CVE-2023-25577 | redhat_vex | python-werkzeug: high resource usage when parsing multipart form data with many fields | fixed: 520 known affected: 14 known not affected: 1864 | 2026-07-03T01:40:30+00:00 | Vulnerability · Source |
| CVE-2022-31129 | redhat_vex | moment: inefficient parsing algorithm resulting in DoS | fixed: 199 known affected: 114 known not affected: 509 | 2026-07-03T01:40:26+00:00 | Vulnerability · Source |
| CVE-2022-2588 | redhat_vex | kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation | fixed: 1091 known affected: 14 known not affected: 114 | 2026-07-03T01:40:20+00:00 | Vulnerability · Source |
| CVE-2022-2586 | redhat_vex | kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation | fixed: 475 known not affected: 42 | 2026-07-03T01:40:16+00:00 | Vulnerability · Source |
| CVE-2022-0722 | redhat_vex | parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url | fixed: 1 known affected: 12 known not affected: 4 | 2026-07-03T01:40:14+00:00 | Vulnerability · Source |
| CVE-2026-10078 | redhat_vex | quay/config-tool: quay/config-tool: GitLab OAuth client_secret exposed in URL querystring | known affected: 2 | 2026-07-03T01:12:27+00:00 | Vulnerability · Source |
| CVE-2026-10052 | redhat_vex | quay/config-tool: quay/config-tool: SSRF via unfiltered LDAP and SMTP config validation endpoints | known affected: 2 | 2026-07-03T01:12:26+00:00 | Vulnerability · Source |
| CVE-2026-57918 | microsoft_vex | libnfs through 6.0.2 before 935b8db has an xid integer underflow in READ_IOVEC in rpc_read_from_socket in lib/socket.c during a connection to a crafted NFS server, when the expected pdu size exceeds the absolute pdu size from the xid/record-marker. | known not affected: 1 | 2026-07-03T01:10:48+00:00 | Vulnerability · Source |
| CVE-2026-57231 | microsoft_vex | Podman: Malformed Image can trick podman run into leaking host environment variables into the container | known not affected: 1 | 2026-07-03T01:10:42+00:00 | Vulnerability · Source |
| CVE-2026-13322 | microsoft_vex | Kubevirt: virt-handler-rhel9: kubevirt: unbounded virtio-serial readline in virt-handler causes oom denial of service | known affected: 1 | 2026-07-03T01:10:37+00:00 | Vulnerability · Source |
| CVE-2026-48779 | microsoft_vex | ws: Memory exhaustion DoS from tiny fragments and data chunks | known not affected: 1 | 2026-07-03T01:10:13+00:00 | Vulnerability · Source |
| CVE-2026-41991 | microsoft_vex | Predictable Temporary File in GNU gzip | known affected: 1 known not affected: 1 | 2026-07-03T01:09:59+00:00 | Vulnerability · Source |
| CVE-2026-58050 | microsoft_vex | libssh2 - Integer Overflow in publickey Subsystem Attribute Allocation | known not affected: 3 | 2026-07-03T01:09:25+00:00 | Vulnerability · Source |
| CVE-2026-53279 | microsoft_vex | drm/gma500/oaktrail_lvds: fix hang on init failure | known not affected: 1 | 2026-07-03T01:09:13+00:00 | Vulnerability · Source |
| CVE-2026-53303 | microsoft_vex | f2fs: protect extension_list reading with sb_lock in f2fs_sbi_show() | known not affected: 1 | 2026-07-03T01:09:08+00:00 | Vulnerability · Source |
| CVE-2026-53294 | microsoft_vex | mailbox: mailbox-test: don't free the reused channel | known not affected: 1 | 2026-07-03T01:09:02+00:00 | Vulnerability · Source |
| CVE-2026-53306 | microsoft_vex | tty: hvc_iucv: fix off-by-one in number of supported devices | known not affected: 1 | 2026-07-03T01:08:56+00:00 | Vulnerability · Source |
| CVE-2026-53309 | microsoft_vex | ocfs2/dlm: fix off-by-one in dlm_match_regions() region comparison | known not affected: 1 | 2026-07-03T01:08:50+00:00 | Vulnerability · Source |
| CVE-2026-53296 | microsoft_vex | mailbox: mailbox-test: free channels on probe error | known not affected: 1 | 2026-07-03T01:08:45+00:00 | Vulnerability · Source |
| CVE-2026-53320 | microsoft_vex | nilfs2: reject zero bd_oblocknr in nilfs_ioctl_mark_blocks_dirty() | known not affected: 1 | 2026-07-03T01:08:39+00:00 | Vulnerability · Source |
| CVE-2026-0864 | microsoft_vex | Configuration Injection via Carriage Return (\r) in write() method | known affected: 2 known not affected: 1 | 2026-07-03T01:08:33+00:00 | Vulnerability · Source |
| CVE-2026-3195 | microsoft_vex | Qemu-kvm: virtio-snd: heap buffer overflow in virtio_snd_pcm_in_cb (incomplete fix for cve-2024-7730) | fixed: 2 known affected: 3 | 2026-07-03T01:08:03+00:00 | Vulnerability · Source |
| CVE-2026-11972 | microsoft_vex | tarfile opened in streaming mode mishandles EOF | known affected: 2 known not affected: 1 | 2026-07-03T01:07:57+00:00 | Vulnerability · Source |
| CVE-2026-56412 | microsoft_vex | libexpat before 2.8.2 does not consider XML_TOK_DATA_CHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219. | fixed: 1 known affected: 3 known not affected: 2 | 2026-07-03T01:07:18+00:00 | Vulnerability · Source |
| CVE-2026-56405 | microsoft_vex | libexpat before 2.8.2 has an integer overflow in getAttributeId. | fixed: 1 known affected: 3 known not affected: 2 | 2026-07-03T01:07:08+00:00 | Vulnerability · Source |
| CVE-2026-56407 | microsoft_vex | libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen. | fixed: 1 known affected: 3 known not affected: 2 | 2026-07-03T01:06:51+00:00 | Vulnerability · Source |
| CVE-2026-56403 | microsoft_vex | libexpat before 2.8.2 has an integer overflow in storeAtts. | fixed: 1 known affected: 3 known not affected: 2 | 2026-07-03T01:06:32+00:00 | Vulnerability · Source |
| CVE-2026-56406 | microsoft_vex | libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was present in XML_Parse. | fixed: 1 known affected: 3 known not affected: 2 | 2026-07-03T01:06:23+00:00 | Vulnerability · Source |
| CVE-2026-56132 | microsoft_vex | In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers. | fixed: 1 known affected: 3 known not affected: 2 | 2026-07-03T01:06:15+00:00 | Vulnerability · Source |
| CVE-2026-56404 | microsoft_vex | libexpat before 2.8.2 has an integer overflow in addBinding. | fixed: 1 known affected: 3 known not affected: 2 | 2026-07-03T01:06:06+00:00 | Vulnerability · Source |
| CVE-2026-2376 | redhat_vex | mirror-registry: quay: quay: Server-side Request Forgery via open redirect vulnerability in web interface | known affected: 4 | 2026-07-03T01:06:01+00:00 | Vulnerability · Source |
| CVE-2026-56131 | microsoft_vex | libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_ResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur (similar to the CVE-2026-50219 situation). | fixed: 1 known affected: 3 known not affected: 2 | 2026-07-03T01:05:57+00:00 | Vulnerability · Source |
| CVE-2025-68158 | redhat_vex | Authlib: Authlib: Cross-Site Request Forgery due to improper session management in state storage | fixed: 12 known affected: 1 known not affected: 54 | 2026-07-03T01:05:39+00:00 | Vulnerability · Source |
| CVE-2026-53016 | microsoft_vex | crypto: ccp - copy IV using skcipher ivsize | known not affected: 1 | 2026-07-03T01:05:17+00:00 | Vulnerability · Source |
| CVE-2025-4374 | redhat_vex | quay: Incorrect Privilege Assignment | known affected: 1 | 2026-07-03T01:04:36+00:00 | Vulnerability · Source |
| CVE-2026-53046 | microsoft_vex | ksmbd: fix use-after-free from async crypto on Qualcomm crypto engine | known not affected: 1 | 2026-07-03T01:04:36+00:00 | Vulnerability · Source |
| CVE-2026-53039 | microsoft_vex | ocfs2: validate group add input before caching | known not affected: 1 | 2026-07-03T01:04:26+00:00 | Vulnerability · Source |
| CVE-2026-53045 | microsoft_vex | memory: tegra124-emc: Fix dll_change check | known not affected: 1 | 2026-07-03T01:04:20+00:00 | Vulnerability · Source |
| CVE-2026-53049 | microsoft_vex | gfs2: add some missing log locking | known not affected: 1 | 2026-07-03T01:04:14+00:00 | Vulnerability · Source |
| CVE-2026-13757 | microsoft_vex | P11-kit: stack exhaustion via unbounded recursion in rpc attribute parsing | known affected: 1 | 2026-07-03T01:04:13+00:00 | Vulnerability · Source |
| CVE-2026-53098 | microsoft_vex | wifi: mt76: mt7915: fix use-after-free bugs in mt7915_mac_dump_work() | known not affected: 1 | 2026-07-03T01:04:08+00:00 | Vulnerability · Source |
| CVE-2026-52911 | microsoft_vex | ksmbd: scope conn->binding slowpath to bound sessions only | known not affected: 1 | 2026-07-03T01:04:01+00:00 | Vulnerability · Source |
| CVE-2025-21605 | redhat_vex | redis: Redis DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client | fixed: 233 known affected: 2 known not affected: 7 | 2026-07-03T01:03:57+00:00 | Vulnerability · Source |