VEX records
Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.
222278 VEX records
API response| Vulnerability | Source | Title | Product status | Imported | Links |
|---|---|---|---|---|---|
| CVE-2026-48779 | microsoft_vex | ws: Memory exhaustion DoS from tiny fragments and data chunks | known not affected: 1 | 2026-07-03T01:10:13+00:00 | Vulnerability · Source |
| CVE-2026-41991 | microsoft_vex | Predictable Temporary File in GNU gzip | known affected: 1 known not affected: 1 | 2026-07-03T01:09:59+00:00 | Vulnerability · Source |
| CVE-2026-58050 | microsoft_vex | libssh2 - Integer Overflow in publickey Subsystem Attribute Allocation | known not affected: 3 | 2026-07-03T01:09:25+00:00 | Vulnerability · Source |
| CVE-2026-53279 | microsoft_vex | drm/gma500/oaktrail_lvds: fix hang on init failure | known not affected: 1 | 2026-07-03T01:09:13+00:00 | Vulnerability · Source |
| CVE-2026-53303 | microsoft_vex | f2fs: protect extension_list reading with sb_lock in f2fs_sbi_show() | known not affected: 1 | 2026-07-03T01:09:08+00:00 | Vulnerability · Source |
| CVE-2026-53294 | microsoft_vex | mailbox: mailbox-test: don't free the reused channel | known not affected: 1 | 2026-07-03T01:09:02+00:00 | Vulnerability · Source |
| CVE-2026-53306 | microsoft_vex | tty: hvc_iucv: fix off-by-one in number of supported devices | known not affected: 1 | 2026-07-03T01:08:56+00:00 | Vulnerability · Source |
| CVE-2026-53309 | microsoft_vex | ocfs2/dlm: fix off-by-one in dlm_match_regions() region comparison | known not affected: 1 | 2026-07-03T01:08:50+00:00 | Vulnerability · Source |
| CVE-2026-53296 | microsoft_vex | mailbox: mailbox-test: free channels on probe error | known not affected: 1 | 2026-07-03T01:08:45+00:00 | Vulnerability · Source |
| CVE-2026-53320 | microsoft_vex | nilfs2: reject zero bd_oblocknr in nilfs_ioctl_mark_blocks_dirty() | known not affected: 1 | 2026-07-03T01:08:39+00:00 | Vulnerability · Source |
| CVE-2026-0864 | microsoft_vex | Configuration Injection via Carriage Return (\r) in write() method | known affected: 2 known not affected: 1 | 2026-07-03T01:08:33+00:00 | Vulnerability · Source |
| CVE-2026-3195 | microsoft_vex | Qemu-kvm: virtio-snd: heap buffer overflow in virtio_snd_pcm_in_cb (incomplete fix for cve-2024-7730) | fixed: 2 known affected: 3 | 2026-07-03T01:08:03+00:00 | Vulnerability · Source |
| CVE-2026-11972 | microsoft_vex | tarfile opened in streaming mode mishandles EOF | known affected: 2 known not affected: 1 | 2026-07-03T01:07:57+00:00 | Vulnerability · Source |
| CVE-2026-56412 | microsoft_vex | libexpat before 2.8.2 does not consider XML_TOK_DATA_CHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219. | fixed: 1 known affected: 3 known not affected: 2 | 2026-07-03T01:07:18+00:00 | Vulnerability · Source |
| CVE-2026-56405 | microsoft_vex | libexpat before 2.8.2 has an integer overflow in getAttributeId. | fixed: 1 known affected: 3 known not affected: 2 | 2026-07-03T01:07:08+00:00 | Vulnerability · Source |
| CVE-2026-56407 | microsoft_vex | libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen. | fixed: 1 known affected: 3 known not affected: 2 | 2026-07-03T01:06:51+00:00 | Vulnerability · Source |
| CVE-2026-56403 | microsoft_vex | libexpat before 2.8.2 has an integer overflow in storeAtts. | fixed: 1 known affected: 3 known not affected: 2 | 2026-07-03T01:06:32+00:00 | Vulnerability · Source |
| CVE-2026-56406 | microsoft_vex | libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was present in XML_Parse. | fixed: 1 known affected: 3 known not affected: 2 | 2026-07-03T01:06:23+00:00 | Vulnerability · Source |
| CVE-2026-56132 | microsoft_vex | In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers. | fixed: 1 known affected: 3 known not affected: 2 | 2026-07-03T01:06:15+00:00 | Vulnerability · Source |
| CVE-2026-56404 | microsoft_vex | libexpat before 2.8.2 has an integer overflow in addBinding. | fixed: 1 known affected: 3 known not affected: 2 | 2026-07-03T01:06:06+00:00 | Vulnerability · Source |
| CVE-2026-2376 | redhat_vex | mirror-registry: quay: quay: Server-side Request Forgery via open redirect vulnerability in web interface | known affected: 4 | 2026-07-03T01:06:01+00:00 | Vulnerability · Source |
| CVE-2026-56131 | microsoft_vex | libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_ResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur (similar to the CVE-2026-50219 situation). | fixed: 1 known affected: 3 known not affected: 2 | 2026-07-03T01:05:57+00:00 | Vulnerability · Source |
| CVE-2025-68158 | redhat_vex | Authlib: Authlib: Cross-Site Request Forgery due to improper session management in state storage | fixed: 12 known affected: 1 known not affected: 54 | 2026-07-03T01:05:39+00:00 | Vulnerability · Source |
| CVE-2026-53016 | microsoft_vex | crypto: ccp - copy IV using skcipher ivsize | known not affected: 1 | 2026-07-03T01:05:17+00:00 | Vulnerability · Source |
| CVE-2025-4374 | redhat_vex | quay: Incorrect Privilege Assignment | known affected: 1 | 2026-07-03T01:04:36+00:00 | Vulnerability · Source |
| CVE-2026-53046 | microsoft_vex | ksmbd: fix use-after-free from async crypto on Qualcomm crypto engine | known not affected: 1 | 2026-07-03T01:04:36+00:00 | Vulnerability · Source |
| CVE-2026-53039 | microsoft_vex | ocfs2: validate group add input before caching | known not affected: 1 | 2026-07-03T01:04:26+00:00 | Vulnerability · Source |
| CVE-2026-53045 | microsoft_vex | memory: tegra124-emc: Fix dll_change check | known not affected: 1 | 2026-07-03T01:04:20+00:00 | Vulnerability · Source |
| CVE-2026-53049 | microsoft_vex | gfs2: add some missing log locking | known not affected: 1 | 2026-07-03T01:04:14+00:00 | Vulnerability · Source |
| CVE-2026-13757 | microsoft_vex | P11-kit: stack exhaustion via unbounded recursion in rpc attribute parsing | known affected: 1 | 2026-07-03T01:04:13+00:00 | Vulnerability · Source |
| CVE-2026-53098 | microsoft_vex | wifi: mt76: mt7915: fix use-after-free bugs in mt7915_mac_dump_work() | known not affected: 1 | 2026-07-03T01:04:08+00:00 | Vulnerability · Source |
| CVE-2026-52911 | microsoft_vex | ksmbd: scope conn->binding slowpath to bound sessions only | known not affected: 1 | 2026-07-03T01:04:01+00:00 | Vulnerability · Source |
| CVE-2025-21605 | redhat_vex | redis: Redis DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client | fixed: 233 known affected: 2 known not affected: 7 | 2026-07-03T01:03:57+00:00 | Vulnerability · Source |
| CVE-2026-53052 | microsoft_vex | ASoC: qcom: qdsp6: topology: check widget type before accessing data | known not affected: 1 | 2026-07-03T01:03:55+00:00 | Vulnerability · Source |
| CVE-2025-3528 | redhat_vex | mirror-registry: Local privilege escalation due to incorrect permissions in mirror-registry | fixed: 3 known affected: 1 | 2026-07-03T01:03:54+00:00 | Vulnerability · Source |
| CVE-2026-55200 | microsoft_vex | libssh2 - Out-of-Bounds Write via Unchecked packet_length in transport.c | fixed: 2 known affected: 3 known not affected: 1 | 2026-07-03T01:03:42+00:00 | Vulnerability · Source |
| CVE-2026-53043 | microsoft_vex | ocfs2/dlm: validate qr_numregions in dlm_match_regions() | known not affected: 1 | 2026-07-03T01:03:26+00:00 | Vulnerability · Source |
| CVE-2026-52913 | microsoft_vex | batman-adv: v: stop OGMv2 on disabled interface | known not affected: 1 | 2026-07-03T01:03:20+00:00 | Vulnerability · Source |
| CVE-2026-53195 | microsoft_vex | USB: serial: io_ti: fix heap overflow in build_i2c_fw_hdr() | known not affected: 1 | 2026-07-03T01:03:06+00:00 | Vulnerability · Source |
| CVE-2026-52944 | microsoft_vex | ksmbd: fix FSCTL permission bypass by adding a permission check for FSCTL_SET_SPARSE | known not affected: 1 | 2026-07-03T01:02:51+00:00 | Vulnerability · Source |
| CVE-2026-53196 | microsoft_vex | USB: serial: io_ti: fix heap overflow in get_manuf_info() | known not affected: 1 | 2026-07-03T01:02:44+00:00 | Vulnerability · Source |
| CVE-2026-52962 | microsoft_vex | ceph: fix a buffer leak in __ceph_setxattr() | fixed: 1 known affected: 1 under investigation: 1 | 2026-07-03T01:02:37+00:00 | Vulnerability · Source |
| CVE-2026-52935 | microsoft_vex | xfrm: espintcp: do not reuse an in-progress partial send | known not affected: 1 | 2026-07-03T01:02:31+00:00 | Vulnerability · Source |
| CVE-2026-53130 | microsoft_vex | fs/omfs: reject s_sys_blocksize smaller than OMFS_DIR_START | known not affected: 1 | 2026-07-03T01:02:24+00:00 | Vulnerability · Source |
| CVE-2026-53048 | microsoft_vex | gfs2: prevent NULL pointer dereference during unmount | known not affected: 1 | 2026-07-03T01:02:17+00:00 | Vulnerability · Source |
| CVE-2026-53160 | microsoft_vex | misc: fastrpc: fix use-after-free race in fastrpc_map_create | known not affected: 1 | 2026-07-03T01:02:11+00:00 | Vulnerability · Source |
| CVE-2026-56149 | microsoft_vex | Allocation of Resources Without Limits or Throttling in Elasticsearch Leading to Denial of Service | known affected: 1 | 2026-07-03T01:02:04+00:00 | Vulnerability · Source |
| CVE-2026-53010 | microsoft_vex | ksmbd: fix use-after-free in smb2_open during durable reconnect | known affected: 1 known not affected: 1 | 2026-07-03T01:02:03+00:00 | Vulnerability · Source |
| CVE-2026-53097 | microsoft_vex | wifi: mt76: mt7996: fix use-after-free bugs in mt7996_mac_dump_work() | known affected: 1 known not affected: 1 | 2026-07-03T01:01:57+00:00 | Vulnerability · Source |
| CVE-2026-49090 | microsoft_vex | Uncontrolled Resource Consumption in Elasticsearch Leading to Denial of Service | known affected: 1 | 2026-07-03T01:01:57+00:00 | Vulnerability · Source |