VEX records

Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.

Reset

221830 VEX records

API response
Vulnerability Source Title Product status Imported Links
CVE-2026-43171 redhat_vex kernel: EFI/CPER: don't dump the entire memory region known affected: 260 known not affected: 14 2026-07-02T19:37:18+00:00 Vulnerability · Source
CVE-2026-43170 redhat_vex kernel: usb: dwc3: gadget: Move vbus draw to workqueue context known affected: 184 known not affected: 90 2026-07-02T19:37:16+00:00 Vulnerability · Source
CVE-2026-43169 redhat_vex kernel: drm/buddy: Prevent BUG_ON by validating rounded allocation known affected: 184 known not affected: 90 2026-07-02T19:37:14+00:00 Vulnerability · Source
CVE-2026-43059 redhat_vex kernel: Bluetooth: MGMT: Fix list corruption and UAF in command complete handlers known affected: 184 known not affected: 90 2026-07-02T19:37:14+00:00 Vulnerability · Source
CVE-2026-43089 redhat_vex kernel: xfrm_user: fix info leak in build_mapping() known affected: 274 2026-07-02T19:37:11+00:00 Vulnerability · Source
CVE-2026-40701 redhat_vex nginx: ngx_http_ssl_module: data corruption and denial of service known affected: 55 known not affected: 1 2026-07-02T19:34:36+00:00 Vulnerability · Source
CVE-2026-40460 redhat_vex nginx: NGINX: Authorization bypass via IP spoofing in HTTP/3 QUIC module fixed: 4 known affected: 54 2026-07-02T19:34:33+00:00 Vulnerability · Source
CVE-2026-7168 redhat_vex curl: libcurl: Information disclosure via incorrect Proxy-Authorization header reuse fixed: 3 known affected: 25 2026-07-02T19:34:33+00:00 Vulnerability · Source
CVE-2026-5766 redhat_vex django: Django: Service degradation via understated Content-Length header in ASGI requests known affected: 39 2026-07-02T19:34:30+00:00 Vulnerability · Source
CVE-2026-54411 redhat_vex linux-pam: Plaintext password recovery via timing discrepancy in pam_userdb module fixed: 4 known affected: 18 2026-07-02T19:33:10+00:00 Vulnerability · Source
CVE-2026-2340 redhat_vex samba: vfs_worm does not block directory modification fixed: 3903 known affected: 59 2026-07-02T19:30:32+00:00 Vulnerability · Source
CVE-2025-47910 redhat_vex net/http: CrossOriginProtection bypass in net/http fixed: 8 known affected: 341 2026-07-02T19:22:37+00:00 Vulnerability · Source
CVE-2025-22873 redhat_vex os: os: Information disclosure via path traversal using specially crafted filenames fixed: 8 known affected: 245 2026-07-02T19:22:36+00:00 Vulnerability · Source
CVE-2025-14505 redhat_vex elliptic: Key handling flaws in Elliptic known affected: 62 2026-07-02T19:22:34+00:00 Vulnerability · Source
CVE-2026-43084 redhat_vex kernel: netfilter: nfnetlink_queue: make hash table per queue known affected: 246 known not affected: 28 2026-07-02T19:17:42+00:00 Vulnerability · Source
CVE-2026-40974 redhat_vex Spring Boot: Cassandra: Spring Boot: Security bypass in Cassandra SSL connections known affected: 21 2026-07-02T19:17:36+00:00 Vulnerability · Source
CVE-2026-40971 redhat_vex Spring Boot: Spring Boot: Information disclosure and data tampering via missing hostname verification known affected: 21 2026-07-02T19:17:34+00:00 Vulnerability · Source
CVE-2026-40970 redhat_vex Spring Boot: Spring Boot: Missing hostname verification in Elasticsearch auto-configuration allows information disclosure known affected: 21 2026-07-02T19:17:34+00:00 Vulnerability · Source
CVE-2026-40186 redhat_vex sanitize-html: ApostropheCMS: sanitize-html allowedTags Bypass via Entity-Decoded Text in nonTextTags Elements known affected: 14 2026-07-02T19:17:29+00:00 Vulnerability · Source
CVE-2026-34230 redhat_vex rack: Rack: Denial of Service via crafted Accept-Encoding header known affected: 50 2026-07-02T19:17:24+00:00 Vulnerability · Source
CVE-2026-32288 redhat_vex archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive fixed: 8 known affected: 259 2026-07-02T19:17:19+00:00 Vulnerability · Source
CVE-2026-31682 redhat_vex kernel: bridge: br_nd_send: linearize skb before parsing ND options known affected: 260 known not affected: 14 2026-07-02T19:17:18+00:00 Vulnerability · Source
CVE-2026-31676 redhat_vex kernel: rxrpc: only handle RESPONSE during service challenge known affected: 260 known not affected: 14 2026-07-02T19:17:14+00:00 Vulnerability · Source
CVE-2026-48090 redhat_vex envoy: Envoy HTTP: OAuth2 filter late async token completion after stream teardown (UAF / crash risk) known not affected: 2 2026-07-02T19:16:58+00:00 Vulnerability · Source
CVE-2026-47692 redhat_vex envoy: Envoy: PROXY Protocol v2 header generator emits "skipped" TLVs, causing 65 KB attacker-controlled spillover into the upstream application stream known affected: 2 2026-07-02T19:16:53+00:00 Vulnerability · Source
CVE-2026-47205 redhat_vex envoy: Envoy: ext_authz Use-After-Free during Stream Teardown with Per-Route Overrides known not affected: 2 2026-07-02T19:16:49+00:00 Vulnerability · Source
CVE-2026-46102 redhat_vex kernel: net: strparser: fix skb_head leak in strp_abort_strp() known affected: 232 known not affected: 42 2026-07-02T19:16:43+00:00 Vulnerability · Source
CVE-2026-46079 redhat_vex kernel: rbd: fix null-ptr-deref when device_add_disk() fails known affected: 184 known not affected: 90 2026-07-02T19:16:41+00:00 Vulnerability · Source
CVE-2026-46078 redhat_vex kernel: erofs: fix the out-of-bounds nameoff handling for trailing dirents known affected: 184 known not affected: 90 2026-07-02T19:16:38+00:00 Vulnerability · Source
CVE-2026-46070 redhat_vex kernel: md/raid5: validate payload size before accessing journal metadata known affected: 260 known not affected: 14 2026-07-02T19:16:36+00:00 Vulnerability · Source
CVE-2026-46065 redhat_vex kernel: fbdev: defio: Disconnect deferred I/O from the lifetime of struct fb_info known affected: 232 known not affected: 42 2026-07-02T19:16:31+00:00 Vulnerability · Source
CVE-2026-45130 redhat_vex vim: Vim: Heap buffer overflow allows arbitrary code execution or denial of service known affected: 33 2026-07-02T19:16:30+00:00 Vulnerability · Source
CVE-2026-43427 redhat_vex kernel: usb: class: cdc-wdm: fix reordering issue in read code path known affected: 274 2026-07-02T19:16:28+00:00 Vulnerability · Source
CVE-2026-31666 redhat_vex kernel: btrfs: fix incorrect return value after changing leaf in lookup_extent_data_ref() known affected: 260 known not affected: 14 2026-07-02T19:11:11+00:00 Vulnerability · Source
CVE-2026-24137 redhat_vex github.com/sigstore/sigstore: sigstore legacy TUF client allows for arbitrary file writes with target cache path traversal known affected: 170 2026-07-02T19:11:09+00:00 Vulnerability · Source
CVE-2026-23276 redhat_vex kernel: net: add xmit recursion limit to tunnel xmit functions known affected: 274 2026-07-02T19:11:02+00:00 Vulnerability · Source
CVE-2026-23262 redhat_vex kernel: gve: Fix stats report corruption on queue count change known affected: 232 known not affected: 42 2026-07-02T19:10:58+00:00 Vulnerability · Source
CVE-2026-22737 redhat_vex Spring Framework: Spring Framework: Information disclosure via Java scripting engine enabled template views known affected: 36 2026-07-02T19:10:49+00:00 Vulnerability · Source
CVE-2026-11769 redhat_vex grafana-operator: Grafana Operator: Privilege escalation and information disclosure via path traversal in jsonnet templating. known not affected: 4 2026-07-02T19:10:45+00:00 Vulnerability · Source
CVE-2025-71273 redhat_vex kernel: wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band() known affected: 260 known not affected: 14 2026-07-02T19:10:39+00:00 Vulnerability · Source
CVE-2025-68471 redhat_vex avahi: Avahi: Denial of Service via unsolicited CNAME announcements fixed: 3 known affected: 89 2026-07-02T19:10:20+00:00 Vulnerability · Source
CVE-2025-61730 redhat_vex crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls fixed: 8 known affected: 208 2026-07-02T19:10:19+00:00 Vulnerability · Source
CVE-2025-61723 redhat_vex encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem fixed: 8 known affected: 355 2026-07-02T19:10:15+00:00 Vulnerability · Source
CVE-2025-61725 redhat_vex net/mail: Excessive CPU consumption in ParseAddress in net/mail fixed: 8 known affected: 240 2026-07-02T19:10:11+00:00 Vulnerability · Source
CVE-2025-61594 redhat_vex uri: URI module: Credential exposure via URI + operator fixed: 384 known affected: 11 2026-07-02T19:10:06+00:00 Vulnerability · Source
CVE-2025-58189 redhat_vex crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information fixed: 8 known affected: 355 2026-07-02T19:10:05+00:00 Vulnerability · Source
CVE-2025-58185 redhat_vex encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1 fixed: 8 known affected: 366 2026-07-02T19:10:04+00:00 Vulnerability · Source
CVE-2026-4408 redhat_vex samba: Remote Code Execution in SAMR fixed: 4194 known affected: 29 2026-07-02T19:05:52+00:00 Vulnerability · Source
CVE-2026-3012 redhat_vex samba: group policy certificate enrollment uses http:// without validation fixed: 3903 known affected: 59 2026-07-02T19:05:44+00:00 Vulnerability · Source
CVE-2026-1933 redhat_vex samba: Missing access check on reparse point operations fixed: 3903 known affected: 59 2026-07-02T19:05:40+00:00 Vulnerability · Source