VEX records

Browse vendor VEX statements available in this Vulnerability-Lookup instance and pivot to the related vulnerability.

Reset

221821 VEX records

API response
Vulnerability Source Title Product status Imported Links
CVE-2026-46340 redhat_vex netty-transport-sctp: Netty-transport-sctp: Denial of Service due to unbounded memory growth from SctpMessage fragments fixed: 1 known affected: 4 known not affected: 2 2026-07-09T15:30:35+00:00 Vulnerability · Source
CVE-2026-45674 redhat_vex netty-resolver-dns: Netty: Information disclosure and data manipulation due to improper CNAME record validation fixed: 5 known affected: 31 known not affected: 11 2026-07-09T15:30:32+00:00 Vulnerability · Source
CVE-2026-45416 redhat_vex netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake fixed: 7 known affected: 35 known not affected: 17 2026-07-09T15:30:31+00:00 Vulnerability · Source
CVE-2026-44893 redhat_vex netty-codec-haproxy: Netty-codec-haproxy: Denial of Service via malformed HAProxy message fixed: 9 known affected: 25 known not affected: 67 2026-07-09T15:30:26+00:00 Vulnerability · Source
CVE-2026-44890 redhat_vex netty-codec-redis: netty-codec-redis: Denial of Service via crafted Redis payloads fixed: 1 known affected: 4 known not affected: 1 2026-07-09T15:30:23+00:00 Vulnerability · Source
CVE-2026-44249 redhat_vex netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation fixed: 19 known affected: 33 known not affected: 68 2026-07-09T15:30:21+00:00 Vulnerability · Source
CVE-2026-44417 redhat_vex org.apache.cxf/cxf-rt-transports-jms: Apache CXF: Remote Code Execution via untrusted JMS configuration fixed: 1 known affected: 4 known not affected: 1 2026-07-09T15:30:21+00:00 Vulnerability · Source
CVE-2026-44250 redhat_vex netty-codec-redis: netty-codec-redis: Denial of Service via crafted Redis payload with deeply nested arrays fixed: 1 known affected: 4 known not affected: 1 2026-07-09T15:30:18+00:00 Vulnerability · Source
CVE-2026-44248 redhat_vex netty: io.netty/netty-codec-mqtt: Netty: Denial of Service due to excessive resource consumption from crafted MQTT 5 header fixed: 1 known affected: 4 known not affected: 3 2026-07-09T15:30:13+00:00 Vulnerability · Source
CVE-2026-42584 redhat_vex netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion fixed: 25 known affected: 34 known not affected: 140 2026-07-09T15:30:07+00:00 Vulnerability · Source
CVE-2026-42581 redhat_vex netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers fixed: 25 known not affected: 125 under investigation: 49 2026-07-09T15:30:04+00:00 Vulnerability · Source
CVE-2026-42579 redhat_vex netty: Netty: High integrity impact due to improper DNS domain name constraint enforcement fixed: 25 known not affected: 125 under investigation: 38 2026-07-09T15:29:58+00:00 Vulnerability · Source
CVE-2026-42578 redhat_vex netty: io.netty/netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation fixed: 25 known affected: 33 known not affected: 141 2026-07-09T15:29:53+00:00 Vulnerability · Source
CVE-2024-5535 redhat_vex openssl: SSL_select_next_proto buffer overread fixed: 390 known affected: 50 known not affected: 182 2026-07-09T15:29:23+00:00 Vulnerability · Source
CVE-2026-6352 redhat_vex gitlab: GitLab EE: Auditor-level users can modify compliance records via improper authorization in GraphQL known not affected: 4 2026-07-09T15:29:22+00:00 Vulnerability · Source
CVE-2026-41568 redhat_vex github.com/docker/docker: github.com/moby/moby: Moby: Denial of Service via race condition in docker cp mount setup fixed: 108 known affected: 20 known not affected: 18 under investigation: 316 2026-07-09T15:29:20+00:00 Vulnerability · Source
CVE-2025-54410 redhat_vex github.com/moby/moby: Moby's Firewalld reload removes bridge network isolation fixed: 108 known affected: 15 known not affected: 16 2026-07-09T15:29:18+00:00 Vulnerability · Source
CVE-2024-45310 redhat_vex runc: runc can be tricked into creating empty files/directories on host fixed: 112 known affected: 8 known not affected: 36 2026-07-09T15:29:16+00:00 Vulnerability · Source
CVE-2026-58203 redhat_vex pydantic-settings: NestedSecretsSettingsSource follows symlinks outside secrets_dir, enabling local file read and bypassing secrets_dir_max_size known affected: 47 known not affected: 5 2026-07-09T15:24:05+00:00 Vulnerability · Source
CVE-2026-15172 redhat_vex wireshark: Wireshark: Denial of service via FMP/NOTIFY protocol dissector crash known affected: 20 2026-07-09T15:21:07+00:00 Vulnerability · Source
CVE-2026-45571 redhat_vex github.com/go-git/go-git: go-git: Path validation flaw allows unauthorized file access fixed: 108 known not affected: 16 2026-07-09T15:17:24+00:00 Vulnerability · Source
CVE-2026-41506 redhat_vex golang: github.com/go-git/go-git: go-git: Information disclosure of HTTP authentication credentials via redirects fixed: 111 known affected: 222 known not affected: 16 2026-07-09T15:17:13+00:00 Vulnerability · Source
CVE-2026-33540 redhat_vex github.com/distribution/distribution: Distribution: Information disclosure via improper validation of authentication realm URL fixed: 108 known affected: 6 known not affected: 16 2026-07-09T15:16:50+00:00 Vulnerability · Source
CVE-2026-27903 redhat_vex minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns fixed: 108 known affected: 288 known not affected: 16 2026-07-09T15:16:46+00:00 Vulnerability · Source
CVE-2026-25934 redhat_vex go-git/go-git: go-git: Data integrity issue due to improper verification of pack and index files fixed: 108 known affected: 195 known not affected: 16 2026-07-09T15:16:37+00:00 Vulnerability · Source
CVE-2026-24117 redhat_vex github.com/sigstore/rekor: Rekor Server-Side Request Forgery (SSRF) fixed: 108 known affected: 136 known not affected: 16 2026-07-09T15:14:23+00:00 Vulnerability · Source
CVE-2026-23831 redhat_vex github.com/sigstore/rekor: Rekor denial of service fixed: 108 known affected: 185 known not affected: 16 2026-07-09T15:14:20+00:00 Vulnerability · Source
CVE-2026-22772 redhat_vex fulcio: Fulcio: Server-Side Request Forgery (SSRF) via unanchored regex in MetaIssuer URL validation fixed: 114 known affected: 239 known not affected: 31 2026-07-09T15:14:16+00:00 Vulnerability · Source
CVE-2025-64329 redhat_vex github.com/containerd/containerd: containerd: Memory exhaustion via CRI Attach implementation goroutine leaks fixed: 112 known affected: 372 known not affected: 47 under investigation: 1 2026-07-09T15:14:09+00:00 Vulnerability · Source
CVE-2025-58058 redhat_vex github.com/ulikunitz/xz: github.com/ulikunitz/xz leaks memory fixed: 116 known affected: 262 known not affected: 32 2026-07-09T15:14:05+00:00 Vulnerability · Source
CVE-2024-40635 redhat_vex containerd: containerd has an integer overflow in User ID handling fixed: 108 known affected: 51 known not affected: 16 2026-07-09T15:13:50+00:00 Vulnerability · Source
CVE-2026-39883 redhat_vex github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Arbitrary code execution via PATH hijacking on BSD/Solaris fixed: 116 known not affected: 32 2026-07-09T15:04:56+00:00 Vulnerability · Source
CVE-2025-21613 redhat_vex go-git: argument injection via the URL field fixed: 362 known affected: 15 known not affected: 1076 2026-07-09T15:03:32+00:00 Vulnerability · Source
CVE-2025-21614 redhat_vex go-git: go-git clients vulnerable to DoS via maliciously crafted Git server replies fixed: 336 known affected: 17 known not affected: 969 under investigation: 221 2026-07-09T15:03:31+00:00 Vulnerability · Source
CVE-2025-8766 redhat_vex noobaa-core: Excessive permissions of /etc could lead to escalation of privilege in the noobaa-core container fixed: 108 known not affected: 16 2026-07-09T15:03:26+00:00 Vulnerability · Source
CVE-2024-25621 redhat_vex github.com/containerd/containerd: containerd local privilege escalation fixed: 194 known affected: 91 known not affected: 737 2026-07-09T15:03:25+00:00 Vulnerability · Source
CVE-2026-43051 redhat_vex kernel: HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq fixed: 762 known affected: 50 known not affected: 14 2026-07-09T14:57:03+00:00 Vulnerability · Source
CVE-2026-53343 microsoft_vex ARM: 9475/1: entry: use byte load for KASAN VMAP stack shadow fixed: 1 known affected: 1 2026-07-09T14:51:00+00:00 Vulnerability · Source
CVE-2026-53356 microsoft_vex drm/i915/gem: Fix phys BO pread/pwrite with offset fixed: 1 known affected: 1 2026-07-09T14:50:52+00:00 Vulnerability · Source
CVE-2026-53349 microsoft_vex netfilter: nf_conntrack: destroy stale expectfn expectations on unregister fixed: 1 known affected: 1 2026-07-09T14:50:45+00:00 Vulnerability · Source
CVE-2026-53329 microsoft_vex drm/amd/display: Use krealloc_array() in dal_vector_reserve() fixed: 1 known affected: 1 2026-07-09T14:50:35+00:00 Vulnerability · Source
CVE-2026-53352 microsoft_vex signal: clear JOBCTL_PENDING_MASK for caller in zap_other_threads() fixed: 1 known affected: 1 2026-07-09T14:50:28+00:00 Vulnerability · Source
CVE-2026-53353 microsoft_vex hsr: Remove WARN_ONCE() in hsr_addr_is_self(). fixed: 1 known affected: 1 2026-07-09T14:50:20+00:00 Vulnerability · Source
CVE-2026-53347 microsoft_vex drm/virtio: Fix driver removal with disabled KMS fixed: 1 known affected: 1 2026-07-09T14:50:12+00:00 Vulnerability · Source
CVE-2026-53337 microsoft_vex net: bonding: fix NULL pointer dereference in bond_do_ioctl() fixed: 1 known affected: 1 2026-07-09T14:50:04+00:00 Vulnerability · Source
CVE-2026-53355 microsoft_vex net: rds: clear i_sends on setup unwind fixed: 1 known affected: 1 2026-07-09T14:49:56+00:00 Vulnerability · Source
CVE-2026-42055 microsoft_vex NGINX ngx_http_proxy_v2_module and ngx_http_grpc_module vulnerability fixed: 1 known affected: 2 2026-07-09T14:49:41+00:00 Vulnerability · Source
CVE-2026-52908 microsoft_vex RDMA: During rereg_mr ensure that REREG_ACCESS is compatible fixed: 1 known affected: 1 2026-07-09T14:49:31+00:00 Vulnerability · Source
CVE-2026-52910 microsoft_vex bpf: Free reuseport cBPF prog after RCU grace period. fixed: 1 known affected: 1 2026-07-09T14:49:23+00:00 Vulnerability · Source
CVE-2026-53295 microsoft_vex mailbox: add sanity check for channel array fixed: 1 known affected: 1 2026-07-09T14:49:16+00:00 Vulnerability · Source