VEX records

Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.

Reset

222278 VEX records

API response
Vulnerability Source Title Product status Imported Links
CVE-2025-71117 redhat_vex kernel: Linux kernel: Denial of Service via deadlock in block layer sysfs store callbacks fixed: 309 known affected: 108 known not affected: 90 2026-07-02T19:43:11+00:00 Vulnerability · Source
CVE-2026-1703 redhat_vex pip: pip: Information disclosure via path traversal when installing crafted wheel archives fixed: 2 known affected: 113 2026-07-02T19:43:11+00:00 Vulnerability · Source
CVE-2026-42268 redhat_vex mod_security: ModSecurity: Denial of Service via unsigned integer underflow in rule verification functions known affected: 6 2026-07-02T19:42:58+00:00 Vulnerability · Source
CVE-2026-43459 redhat_vex kernel: ASoC: soc-core: flush delayed work before removing DAIs and widgets known affected: 232 known not affected: 42 2026-07-02T19:42:39+00:00 Vulnerability · Source
CVE-2026-43452 redhat_vex kernel: netfilter: x_tables: guard option walkers against 1-byte tail reads known affected: 274 2026-07-02T19:42:36+00:00 Vulnerability · Source
CVE-2026-43407 redhat_vex kernel: libceph: Fix potential out-of-bounds access in ceph_handle_auth_reply() known affected: 260 known not affected: 14 2026-07-02T19:42:34+00:00 Vulnerability · Source
CVE-2026-42946 redhat_vex nginx: ngx_http_scgi_module: ngx_http_uwsgi_module: information disclosure and denial of service known affected: 55 known not affected: 1 2026-07-02T19:42:32+00:00 Vulnerability · Source
CVE-2026-28386 redhat_vex openssl: openssl: Denial of Service due to out-of-bounds read in AES-CFB128 fixed: 3 known affected: 36 known not affected: 32 2026-07-02T19:42:30+00:00 Vulnerability · Source
CVE-2026-40016 redhat_vex dovecot: Dovecot: Denial of Service due to Sieve script CPU limit bypass known affected: 24 2026-07-02T19:38:04+00:00 Vulnerability · Source
CVE-2026-33227 redhat_vex org.apache.activemq/activemq-client: org.apache.activemq/activemq-broker: org.apache.activemq/activemq-all: org.apache.activemq/activemq-web: improper limitation of a pathname to a restricted classpath directory known affected: 22 2026-07-02T19:37:55+00:00 Vulnerability · Source
CVE-2026-31523 redhat_vex kernel: nvme-pci: ensure we're polling a polled queue known affected: 260 known not affected: 14 2026-07-02T19:37:54+00:00 Vulnerability · Source
CVE-2026-31435 redhat_vex kernel: netfs: Fix read abandonment during retry known affected: 260 known not affected: 14 2026-07-02T19:37:52+00:00 Vulnerability · Source
CVE-2025-64118 redhat_vex node-tar: tar: node-tar: Information disclosure via reading a truncated tar file known affected: 172 2026-07-02T19:37:49+00:00 Vulnerability · Source
CVE-2026-43894 redhat_vex jq: jq: Arbitrary Code Execution or Denial of Service via Signed Integer Overflow fixed: 3 known affected: 14 2026-07-02T19:37:45+00:00 Vulnerability · Source
CVE-2026-43472 redhat_vex kernel: unshare: fix unshare_fs() handling known affected: 274 2026-07-02T19:37:43+00:00 Vulnerability · Source
CVE-2026-43468 redhat_vex kernel: net/mlx5: Fix deadlock between devlink lock and esw->wq known affected: 246 known not affected: 28 2026-07-02T19:37:41+00:00 Vulnerability · Source
CVE-2026-43429 redhat_vex kernel: USB: usbtmc: Use usb_bulk_msg_killable() with user-specified timeouts known affected: 274 2026-07-02T19:37:38+00:00 Vulnerability · Source
CVE-2026-43351 redhat_vex kernel: KVM: arm64: Eagerly init vgic dist/redist on vgic creation known affected: 184 known not affected: 90 2026-07-02T19:37:33+00:00 Vulnerability · Source
CVE-2026-43346 redhat_vex kernel: ice: ptp: don't WARN when controlling PF is unavailable known affected: 184 known not affected: 90 2026-07-02T19:37:31+00:00 Vulnerability · Source
CVE-2026-43292 redhat_vex kernel: mm/vmalloc: prevent RCU stalls in kasan_release_vmalloc_node known affected: 274 2026-07-02T19:37:29+00:00 Vulnerability · Source
CVE-2026-43325 redhat_vex kernel: wifi: iwlwifi: mvm: don't send a 6E related command when not supported known affected: 184 known not affected: 90 2026-07-02T19:37:28+00:00 Vulnerability · Source
CVE-2026-43296 redhat_vex kernel: octeontx2-af: Workaround SQM/PSE stalls by disabling sticky known affected: 184 known not affected: 90 2026-07-02T19:37:26+00:00 Vulnerability · Source
CVE-2026-43278 redhat_vex kernel: dm: clear cloned request bio pointer when last clone bio completes known affected: 260 known not affected: 14 2026-07-02T19:37:21+00:00 Vulnerability · Source
CVE-2026-43261 redhat_vex kernel: arm64: Add support for TSV110 Spectre-BHB mitigation known affected: 184 known not affected: 90 2026-07-02T19:37:20+00:00 Vulnerability · Source
CVE-2026-43171 redhat_vex kernel: EFI/CPER: don't dump the entire memory region known affected: 260 known not affected: 14 2026-07-02T19:37:18+00:00 Vulnerability · Source
CVE-2026-43170 redhat_vex kernel: usb: dwc3: gadget: Move vbus draw to workqueue context known affected: 184 known not affected: 90 2026-07-02T19:37:16+00:00 Vulnerability · Source
CVE-2026-43169 redhat_vex kernel: drm/buddy: Prevent BUG_ON by validating rounded allocation known affected: 184 known not affected: 90 2026-07-02T19:37:14+00:00 Vulnerability · Source
CVE-2026-43059 redhat_vex kernel: Bluetooth: MGMT: Fix list corruption and UAF in command complete handlers known affected: 184 known not affected: 90 2026-07-02T19:37:14+00:00 Vulnerability · Source
CVE-2026-43089 redhat_vex kernel: xfrm_user: fix info leak in build_mapping() known affected: 274 2026-07-02T19:37:11+00:00 Vulnerability · Source
CVE-2026-40701 redhat_vex nginx: ngx_http_ssl_module: data corruption and denial of service known affected: 55 known not affected: 1 2026-07-02T19:34:36+00:00 Vulnerability · Source
CVE-2026-7168 redhat_vex curl: libcurl: Information disclosure via incorrect Proxy-Authorization header reuse fixed: 3 known affected: 25 2026-07-02T19:34:33+00:00 Vulnerability · Source
CVE-2026-40460 redhat_vex nginx: NGINX: Authorization bypass via IP spoofing in HTTP/3 QUIC module fixed: 4 known affected: 54 2026-07-02T19:34:33+00:00 Vulnerability · Source
CVE-2026-5766 redhat_vex django: Django: Service degradation via understated Content-Length header in ASGI requests known affected: 39 2026-07-02T19:34:30+00:00 Vulnerability · Source
CVE-2026-54411 redhat_vex linux-pam: Plaintext password recovery via timing discrepancy in pam_userdb module fixed: 4 known affected: 18 2026-07-02T19:33:10+00:00 Vulnerability · Source
CVE-2026-2340 redhat_vex samba: vfs_worm does not block directory modification fixed: 3903 known affected: 59 2026-07-02T19:30:32+00:00 Vulnerability · Source
CVE-2025-47910 redhat_vex net/http: CrossOriginProtection bypass in net/http fixed: 8 known affected: 341 2026-07-02T19:22:37+00:00 Vulnerability · Source
CVE-2025-22873 redhat_vex os: os: Information disclosure via path traversal using specially crafted filenames fixed: 8 known affected: 245 2026-07-02T19:22:36+00:00 Vulnerability · Source
CVE-2025-14505 redhat_vex elliptic: Key handling flaws in Elliptic known affected: 62 2026-07-02T19:22:34+00:00 Vulnerability · Source
CVE-2026-43084 redhat_vex kernel: netfilter: nfnetlink_queue: make hash table per queue known affected: 246 known not affected: 28 2026-07-02T19:17:42+00:00 Vulnerability · Source
CVE-2026-40974 redhat_vex Spring Boot: Cassandra: Spring Boot: Security bypass in Cassandra SSL connections known affected: 21 2026-07-02T19:17:36+00:00 Vulnerability · Source
CVE-2026-40970 redhat_vex Spring Boot: Spring Boot: Missing hostname verification in Elasticsearch auto-configuration allows information disclosure known affected: 21 2026-07-02T19:17:34+00:00 Vulnerability · Source
CVE-2026-40971 redhat_vex Spring Boot: Spring Boot: Information disclosure and data tampering via missing hostname verification known affected: 21 2026-07-02T19:17:34+00:00 Vulnerability · Source
CVE-2026-40186 redhat_vex sanitize-html: ApostropheCMS: sanitize-html allowedTags Bypass via Entity-Decoded Text in nonTextTags Elements known affected: 14 2026-07-02T19:17:29+00:00 Vulnerability · Source
CVE-2026-34230 redhat_vex rack: Rack: Denial of Service via crafted Accept-Encoding header known affected: 50 2026-07-02T19:17:24+00:00 Vulnerability · Source
CVE-2026-32288 redhat_vex archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive fixed: 8 known affected: 259 2026-07-02T19:17:19+00:00 Vulnerability · Source
CVE-2026-31682 redhat_vex kernel: bridge: br_nd_send: linearize skb before parsing ND options known affected: 260 known not affected: 14 2026-07-02T19:17:18+00:00 Vulnerability · Source
CVE-2026-31676 redhat_vex kernel: rxrpc: only handle RESPONSE during service challenge known affected: 260 known not affected: 14 2026-07-02T19:17:14+00:00 Vulnerability · Source
CVE-2026-48090 redhat_vex envoy: Envoy HTTP: OAuth2 filter late async token completion after stream teardown (UAF / crash risk) known not affected: 2 2026-07-02T19:16:58+00:00 Vulnerability · Source
CVE-2026-47692 redhat_vex envoy: Envoy: PROXY Protocol v2 header generator emits "skipped" TLVs, causing 65 KB attacker-controlled spillover into the upstream application stream known affected: 2 2026-07-02T19:16:53+00:00 Vulnerability · Source
CVE-2026-47205 redhat_vex envoy: Envoy: ext_authz Use-After-Free during Stream Teardown with Per-Route Overrides known not affected: 2 2026-07-02T19:16:49+00:00 Vulnerability · Source