VEX records

Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.

Reset

222279 VEX records

API response
Vulnerability Source Title Product status Imported Links
CVE-2026-43116 microsoft_vex netfilter: ctnetlink: ensure safe access to master conntrack fixed: 1 known affected: 5 2026-07-02T14:43:29+00:00 Vulnerability · Source
CVE-2026-43129 microsoft_vex ima: verify the previous kernel's IMA buffer lies in addressable RAM fixed: 1 known affected: 5 2026-07-02T14:43:23+00:00 Vulnerability · Source
CVE-2026-7531 microsoft_vex Use-after-free in PQC hybrid key-share handling known not affected: 1 2026-07-02T14:43:16+00:00 Vulnerability · Source
CVE-2026-43019 microsoft_vex Bluetooth: hci_conn: fix potential UAF in set_cig_params_sync fixed: 1 known affected: 6 2026-07-02T14:43:11+00:00 Vulnerability · Source
CVE-2026-6412 microsoft_vex Continued acceptance of SHA-1/MD5 digests in certificate processing known not affected: 1 2026-07-02T14:43:09+00:00 Vulnerability · Source
CVE-2026-43052 microsoft_vex wifi: mac80211: check tdls flag in ieee80211_tdls_oper fixed: 1 known affected: 6 2026-07-02T14:43:04+00:00 Vulnerability · Source
CVE-2026-6092 microsoft_vex Encrypt-then-MAC could fall back to MAC-then-Encrypt when HAVE_ENCRYPT_THEN_MAC is configured known not affected: 1 2026-07-02T14:43:03+00:00 Vulnerability · Source
CVE-2026-23394 microsoft_vex af_unix: Give up GC if MSG_PEEK intervened. fixed: 1 known affected: 7 2026-07-02T14:42:58+00:00 Vulnerability · Source
CVE-2026-11310 microsoft_vex X.509 trust-chain bypass in wolfSSL_X509_verify_cert() via untrusted intermediate anchoring known not affected: 1 2026-07-02T14:42:57+00:00 Vulnerability · Source
CVE-2026-10097 microsoft_vex ML-KEM-1024 x64 AVX2 incomplete cipher text comparison enables IND-CCA2 break and static private-key recovery known not affected: 1 2026-07-02T14:42:51+00:00 Vulnerability · Source
CVE-2026-31486 microsoft_vex hwmon: (pmbus/core) Protect regulator operations with mutex fixed: 1 known affected: 8 2026-07-02T14:42:51+00:00 Vulnerability · Source
CVE-2026-10098 microsoft_vex OCSP CertID serial-number length-confusion in wolfSSL_OCSP_resp_find_status known not affected: 1 2026-07-02T14:42:45+00:00 Vulnerability · Source
CVE-2026-31419 microsoft_vex net: bonding: fix use-after-free in bond_xmit_broadcast() fixed: 1 known affected: 7 2026-07-02T14:42:42+00:00 Vulnerability · Source
CVE-2026-8720 microsoft_vex HMAC-BLAKE2 final discards message when key length exceeds block size known not affected: 1 2026-07-02T14:42:38+00:00 Vulnerability · Source
CVE-2026-12340 microsoft_vex Out-of-bounds heap read in SM2/SM3 certificate Subject Key Identifier computation known not affected: 1 2026-07-02T14:42:32+00:00 Vulnerability · Source
CVE-2026-23346 microsoft_vex arm64: io: Extract user memory type in ioremap_prot() fixed: 1 known affected: 8 2026-07-02T14:42:29+00:00 Vulnerability · Source
CVE-2026-10512 microsoft_vex X25519 x86_64 assembly final reduction leaves non-canonical field element known not affected: 1 2026-07-02T14:42:26+00:00 Vulnerability · Source
CVE-2026-10592 microsoft_vex Wildcard DNS SAN bypasses CA name-constraint checks known not affected: 1 2026-07-02T14:42:20+00:00 Vulnerability · Source
CVE-2026-6091 microsoft_vex Partial-chain verification accepts untrusted intermediate as trust anchor known not affected: 1 2026-07-02T14:42:13+00:00 Vulnerability · Source
CVE-2026-6325 microsoft_vex Out-of-bounds write in SetSuitesHashSigAlgo on oversized signature algorithms list known not affected: 1 2026-07-02T14:42:06+00:00 Vulnerability · Source
CVE-2026-55958 microsoft_vex Renesas TSIP TLS 1.3 transcript buffer out-of-bounds write in tsip_StoreMessage known not affected: 1 2026-07-02T14:41:59+00:00 Vulnerability · Source
CVE-2026-6731 microsoft_vex X.509 name constraint bypass via Subject CN treated as a DNS name known not affected: 1 2026-07-02T14:41:53+00:00 Vulnerability · Source
CVE-2026-7511 microsoft_vex PKCS7_verify signer confusion allows forged signatures to be accepted known not affected: 1 2026-07-02T14:41:46+00:00 Vulnerability · Source
CVE-2026-6330 microsoft_vex ML-KEM ARM64 NEON ciphertext comparison only compares half of the input known not affected: 1 2026-07-02T14:41:40+00:00 Vulnerability · Source
CVE-2026-6331 microsoft_vex HMAC zero-length tag forgery in EVP_DigestVerifyFinal known not affected: 1 2026-07-02T14:41:34+00:00 Vulnerability · Source
CVE-2026-6094 microsoft_vex Heap buffer overread in wc_PKCS7_DecodeEnvelopedData parsing crafted PKCS7 EnvelopedData known not affected: 1 2026-07-02T14:41:27+00:00 Vulnerability · Source
CVE-2026-6678 microsoft_vex Integer underflow in wc_PKCS7_DecryptOri handling crafted Other Recipient Info known not affected: 1 2026-07-02T14:41:21+00:00 Vulnerability · Source
CVE-2026-55961 microsoft_vex wolfSSL_PKCS7_verify() reports success for degenerate (certs-only) PKCS#7 with no signer known not affected: 1 2026-07-02T14:41:15+00:00 Vulnerability · Source
CVE-2026-6329 microsoft_vex PKCS#12 MAC verification uses attacker-controlled comparison length known not affected: 1 2026-07-02T14:41:08+00:00 Vulnerability · Source
CVE-2026-11999 microsoft_vex X.509 trust-chain bypass via path-depth exhaustion in wolfSSL_X509_verify_cert() known not affected: 1 2026-07-02T14:41:01+00:00 Vulnerability · Source
CVE-2025-1152 microsoft_vex GNU Binutils ld xstrdup.c xstrdup memory leak known affected: 31 2026-07-02T14:40:58+00:00 Vulnerability · Source
CVE-2026-55962 microsoft_vex TLS 1.3 post-handshake authentication: server accepts Finished without client Certificate/CertificateVerify known not affected: 1 2026-07-02T14:40:55+00:00 Vulnerability · Source
CVE-2026-55967 microsoft_vex AES-GCM streaming APIs do not reject >64 GiB cumulative single messages, enabling counter wrap and keystream reuse known not affected: 1 2026-07-02T14:40:49+00:00 Vulnerability · Source
CVE-2026-11703 microsoft_vex Missing SNI/ALPN binding on stateful (session-ID) TLS session resumption known not affected: 1 2026-07-02T14:40:42+00:00 Vulnerability · Source
CVE-2026-55964 microsoft_vex Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA (temporary CA exemption) known not affected: 1 2026-07-02T14:40:36+00:00 Vulnerability · Source
CVE-2026-55960 microsoft_vex Un-negotiated Raw Public Key (RFC 7250) accepted in place of X.509, bypassing chain validation known not affected: 1 2026-07-02T14:40:30+00:00 Vulnerability · Source
CVE-2026-6450 microsoft_vex CRL critical extension bypass in ParseCRL_Extensions known not affected: 1 2026-07-02T14:40:24+00:00 Vulnerability · Source
CVE-2026-7532 microsoft_vex iPAddress name constraints not enforced when WOLFSSL_IP_ALT_NAME is undefined known not affected: 1 2026-07-02T14:40:17+00:00 Vulnerability · Source
CVE-2026-6291 microsoft_vex Bleichenbacher padding oracle in PKCS#7 KTRI RSA PKCS#1 v1.5 decryption known not affected: 1 2026-07-02T14:40:10+00:00 Vulnerability · Source
CVE-2026-11946 redhat_vex open62541: open62541: Denial of Service via unvalidated endpoint URL length known not affected: 1 2026-07-02T14:04:58+00:00 Vulnerability · Source
CVE-2026-48853 redhat_vex grpc: elixir-grpc grpc: Remote Code Execution and Denial of Service via Deserialization of Untrusted Data known not affected: 6 2026-07-02T13:50:36+00:00 Vulnerability · Source
CVE-2026-42440 redhat_vex org.apache.opennlp/opennlp-tools: Apache OpenNLP: Denial of Service via unbounded array allocation in crafted model files known affected: 3 known not affected: 1 under investigation: 3 2026-07-02T13:50:29+00:00 Vulnerability · Source
CVE-2025-15646 redhat_vex HTML-Gumbo: HTML::Gumbo: Information disclosure through HTML template processing known not affected: 1 2026-07-02T13:50:23+00:00 Vulnerability · Source
CVE-2026-40987 redhat_vex Spring Integration: Spring Integration: Arbitrary file write via malicious server known affected: 5 known not affected: 3 2026-07-02T13:50:23+00:00 Vulnerability · Source
CVE-2026-53176 redhat_vex kernel: IB/isert: Reject login PDUs shorter than ISER_HEADERS_LEN known affected: 260 known not affected: 14 2026-07-02T13:37:17+00:00 Vulnerability · Source
CVE-2026-53059 redhat_vex kernel: dm log: fix out-of-bounds write due to region_count overflow known affected: 260 under investigation: 14 2026-07-02T13:37:13+00:00 Vulnerability · Source
CVE-2026-33228 redhat_vex flatted: Flatted: Prototype pollution vulnerability allows arbitrary code execution via crafted JSON. fixed: 14 known affected: 11 known not affected: 179 2026-07-02T13:36:35+00:00 Vulnerability · Source
CVE-2026-28369 redhat_vex undertow: Undertow: Request Smuggling via Malformed HTTP Request Headers fixed: 53 known affected: 15 known not affected: 9 2026-07-02T13:36:17+00:00 Vulnerability · Source
CVE-2026-28368 redhat_vex undertow: Undertow: Request smuggling via inconsistent header parsing fixed: 53 known affected: 14 known not affected: 10 2026-07-02T13:36:15+00:00 Vulnerability · Source
CVE-2026-4891 redhat_vex dnsmasq: RRSIG rdlen underflow leading to heap OOB read fixed: 84 known affected: 7 2026-07-02T13:35:57+00:00 Vulnerability · Source