VIR Vulnerability Intelligence Relay

Search

Found 23,802 results in 4748ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-23868 medium 5.1 5.1 FIX rheldebian debian sles giflib_project 18d ago Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult b…
CVE-2026-23745 high 8.0 FIX rhel slesdebian debian 18d ago Important: linux-sgx security update
CVE-2026-23243 high 7.8 7.8 FIX rhel slesdebian debian 18d ago In the Linux kernel, the following vulnerability has been resolved: RDMA/umad: Reject negative data_len in ib_umad_write ib_umad_write computes data_len from user-controlled count and the MAD heade…
CVE-2026-23060 high 8.0 FIX rhel slesdebian debian 18d ago Important: kernel security update
CVE-2026-23040 medium 5.5 FIX rhel slesdebian debian 18d ago In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211_hwsim: fix typo in frequency notification The NAN notification is for 5745 MHz which corresponds to channel 149 an…
CVE-2026-2297 high 8.0 FIX rhel slesdebian debian 18d ago Important: python3.12 security update
CVE-2026-2291 high 7.3 7.3 FIX rheldebian debian sles 18d ago RHSA-2026:20589: dnsmasq security update (Important)
CVE-2026-20691 high 8.0 FIX rhel slesdebian debian 18d ago An authorization issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. A maliciously crafted…
CVE-2026-20676 high 8.0 FIX rhel slesdebian debian 18d ago This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A website may be able to track users through…
CVE-2026-20665 high 8.0 FIX rhel slesdebian debian 18d ago This issue was addressed through improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, wat…
CVE-2026-20664 high 8.0 FIX rhel slesdebian debian 18d ago The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may le…
CVE-2026-20652 high 8.0 FIX rhel slesdebian debian 18d ago The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A remote attacker m…
CVE-2026-20644 high 8.0 FIX rhel slesdebian debian 18d ago The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciou…
CVE-2026-20643 high 8.0 FIX rhel slesdebian debian 18d ago A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for iOS, iPadOS, and macOS, Safari 26.4, iOS 18.7.7 an…
CVE-2026-20636 high 8.0 FIX rhel slesdebian debian 18d ago The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may le…
CVE-2026-20635 high 8.0 FIX rhel slesdebian debian 18d ago The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS …
CVE-2026-20608 high 8.0 FIX rhel slesdebian debian 18d ago This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing mal…
CVE-2026-1502 high 8.0 FIX rhel slesdebian debian 18d ago Important: python3.12 security update
CVE-2026-0968 low 3.1 3.1 FIX rheldebian debian sles libssh 18d ago Moderate: libssh security update
CVE-2026-0967 medium 5.5 5.5 FIX rheldebian debian sles libssh 18d ago Moderate: libssh security update
CVE-2026-0966 high 8.2 8.2 FIX rheldebian debian sles libsshredhat 18d ago Moderate: libssh security update
CVE-2026-0965 low 3.3 3.3 FIX rheldebian debian sles libssh 18d ago Moderate: libssh security update
CVE-2026-0964 medium 6.3 6.3 FIX rheldebian debian sles libsshredhat 18d ago Moderate: libssh security update
CVE-2026-0865 medium 5.5 FIX rocky rheldebian debian 18d ago User-controlled header names and values containing newlines can allow injecting HTTP headers.
CVE-2026-0672 high 8.0 FIX rhel slesdebian debian 18d ago Important: python3.12 security update
CVE-2025-9615 low 3.3 3.3 FIX rhel slesdebian debian 18d ago Low: NetworkManager security update
CVE-2025-8277 low 3.1 3.1 FIX rheldebian debian sles 18d ago Moderate: libssh security update
CVE-2025-8114 medium 4.7 4.7 FIX rheldebian debian sles libssh 18d ago Moderate: libssh security update
CVE-2025-61726 high 8.0 FIX rocky rheldebian debian google 18d ago Memory exhaustion in query parameter parsing in net/url
CVE-2025-55668 high 8.0 FIX rhel slesdebian debian 18d ago Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Old…
CVE-2025-5351 medium 6.5 6.5 FIX rheldebian debian sles libsshredhat 18d ago Moderate: libssh security update
CVE-2025-4878 low 3.6 3.6 FIX rheldebian debian sles 18d ago Moderate: libssh security update
CVE-2025-4877 medium 4.5 4.5 FIX rheldebian debian sles 18d ago Moderate: libssh security update
CVE-2025-46701 high 8.0 FIX arch arch rhel sles 18d ago Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to th…
CVE-2025-46299 high 8.0 FIX rhel slesdebian debian 18d ago A memory initialization issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Proc…
CVE-2025-43511 high 8.0 FIX rhel slesdebian debian 18d ago A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, watc…
CVE-2025-43457 high 8.0 FIX rhel slesdebian debian 18d ago A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Processing malicious…
CVE-2025-43214 high 8.0 FIX rhel slesdebian debian 18d ago The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously …
CVE-2025-43213 high 8.0 FIX rhel slesdebian debian 18d ago The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously …
CVE-2025-40134 medium 5.5 FIX rhel slesdebian debian 18d ago In the Linux kernel, the following vulnerability has been resolved: dm: fix NULL pointer dereference in __dm_suspend() There is a race condition between dm device suspend and table load that can le…
CVE-2025-39866 high 7.8 7.8 FIX rhel slesdebian debian 18d ago In the Linux kernel, the following vulnerability has been resolved: fs: writeback: fix use-after-free in __mark_inode_dirty() An use-after-free issue occurred when __mark_inode_dirty() get the bdi_…
CVE-2025-38470 medium 5.5 5.5 FIX rhel slesdebian debian 18d ago In the Linux kernel, the following vulnerability has been resolved: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime Assuming the "rx-vlan-filter" feature is enabled on…
CVE-2025-38441 medium 5.5 FIX rhel slesdebian debian 18d ago In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() syzbot found a potential access to uninit-value in nf_…
CVE-2025-38405 medium 5.5 FIX rhel slesdebian debian 18d ago In the Linux kernel, the following vulnerability has been resolved: nvmet: fix memory leak of bio integrity If nvmet receives commands with metadata there is a continuous memory leak of kmalloc-128…
CVE-2025-38400 medium 5.5 5.5 FIX rhel slesdebian debian 18d ago In the Linux kernel, the following vulnerability has been resolved: nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. syzbot reported a warning below [1] following a fault injectio…
CVE-2025-38279 medium 5.5 FIX rhel slesdebian debian 18d ago In the Linux kernel, the following vulnerability has been resolved: bpf: Do not include stack ptr register in precision backtracking bookkeeping Yi Lai reported an issue ([1]) where the following w…
CVE-2025-38166 medium 5.5 FIX rhel slesdebian debian 18d ago In the Linux kernel, the following vulnerability has been resolved: bpf: fix ktls panic with sockmap [ 2172.936997] ------------[ cut here ]------------ [ 2172.936999] kernel BUG at lib/iov_iter.c:…
CVE-2025-38097 medium 5.5 FIX rhel slesdebian debian 18d ago In the Linux kernel, the following vulnerability has been resolved: espintcp: remove encap socket caching to avoid reference leak The current scheme for caching the encap socket can lead to referen…
CVE-2025-38015 medium 5.5 FIX rhel slesdebian debian 18d ago In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix memory leak in error handling path of idxd_alloc Memory allocated for idxd is not freed if an error occurs d…
CVE-2025-37980 medium 5.5 FIX rhel slesdebian debian google 18d ago In the Linux kernel, the following vulnerability has been resolved: block: fix resource leak in blk_register_queue() error path When registering a queue fails after blk_mq_sysfs_register() is succe…
CVE-2025-22105 medium 5.5 5.5 FIX rhel slesdebian debian 18d ago In the Linux kernel, the following vulnerability has been resolved: bonding: check xdp prog when set bond mode Following operations can trigger a warning[1]: ip netns add ns1 ip netns exec…
CVE-2025-15284 high 8.0 FIX rheldebian debian 18d ago Important: linux-sgx security update
CVE-2025-15282 high 8.0 FIX rhel slesdebian debian 18d ago Important: python3.12 security update
CVE-2025-13837 high 8.0 FIX rhel slesdebian debian 18d ago Important: python3.12 security update
CVE-2025-13465 medium 5.3 5.3 FIX rhel sles rocky lodash 18d ago Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global pr…
CVE-2025-12748 medium 5.5 5.5 FIX rhel slesdebian debian 18d ago Moderate: libvirt security update
CVE-2025-11568 medium 4.4 4.4 FIX rocky rheldebian debian 18d ago RHSA-2025:23086: luksmeta security update (Moderate)
CVE-2025-11411 medium 5.5 FIX rhel slesdebian debian 18d ago Moderate: unbound security update
CVE-2025-11234 high 7.5 7.5 FIX rocky rhel sles 18d ago A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use…
CVE-2024-33655 medium 5.5 FIX rhel slesdebian debian 18d ago Moderate: unbound security update
CVE-2024-12086 medium 6.8 6.8 FIX arch arch rhel sles sambaredhat 18d ago Important: rsync security update
CVE-2026-8851 high 8.1 8.1 FIX debian debian 18d ago SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to extract arbitrary data from the database b…
CVE-2026-46559 medium 5.5 FIX debian debian 18d ago ImageMagick: Heap Buffer Over-Write of a single byte in the JP2 encoder.
CVE-2026-46557 medium 5.5 FIX debian debian 18d ago ImageMagick: Stack overflow in fx operation
CVE-2026-46523 medium 5.5 FIX debian debian 18d ago ImageMagick: Use-After-Free in MSL decoder.
CVE-2026-46522 high 9.0 EXPFIX debian debian 18d ago ImageMagick: Infinite Loop in the MIFF decoder can lead to CPU exhaustion
CVE-2026-46521 medium 5.5 FIX debian debian 18d ago ImageMagick: Heap Buffer Over-Write in MIFF encoder when using LZMA compression
CVE-2026-46520 high 8.0 FIX debian debian 18d ago ImageMagick: Heap Buffer Over-Write in IPL decoder when reading multiple images of different dimensions
CVE-2026-45664 medium 5.5 FIX debian debian 18d ago ImageMagick: Policy Bypass in MNG coder could
CVE-2026-45624 medium 5.5 FIX debian debian 18d ago ImageMagick: Heap Buffer Over-Read of a 4 bytes in distort operation.
CVE-2026-45031 medium 5.5 FIX debian debian 18d ago ImageMagick: Policy Bypass in PSD decoder
CVE-2026-45358 medium 5.5 FIX debian debian 18d ago ImageMagick: Out-of-Bounds Read of a single byte in meta encoder
CVE-2026-45359 medium 5.5 FIX debian debian 18d ago ImageMagick: Out-of-Bounds Read in connected components when the user supplies an invalid keep-top define
CVE-2026-45149 high 7.5 7.5 debian debian juliangruber 19d ago The brace-expansion library generates arbitrary strings containing a common prefix and suffix. From 5.0.0 to before 5.0.6, the max option was being applied too late. When expanding a single large num…
CVE-2026-42326 medium 5.5 FIX debian debian 19d ago ImageMagick: Heap Buffer Over-Read in IPTC encoder
CVE-2026-42009 high 7.5 7.5 FIX debian debian sleswindows windows 19d ago RHSA-2026:20612: gnutls security update (Important)
CVE-2026-42945 high 8.1 8.1 FIX rhel slesdebian debian 19d ago RHSA-2026:18041: nginx:1.24 security update (Critical)
CVE-2026-41316 high 8.1 8.1 FIX rhel slesdebian debian google 19d ago Important: ruby:4.0 security update
CVE-2026-33637 medium 6.5 6.5 FIX debian debian faraday_project 19d ago Faraday has a possible incomplete fix for GHSA-33mh-2634-fwr2: protocol-relative URI objects still bypass host scoping
CVE-2026-33416 high 8.0 FIX rheldebian debian sles 19d ago Important: thunderbird security update
CVE-2026-8723 medium 5.3 5.3 debian debianwindows windows 20d ago ### Summary `qs.stringify` throws `TypeError` when called with `arrayFormat: 'comma'` and `encodeValuesOnly: true` on an array containing `null` or `undefined`. The throw is synchronous and not ha…
CVE-2026-46728 high 8.2 8.2 slesdebian debian 20d ago Das U-Boot before 2026.04 allows FIT (Flat Image Tree) signature verification bypass because hashed-nodes is omitted from a hash.
CVE-2026-8704 medium 6.5 6.5 FIX debian debian 21d ago Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified.
CVE-2026-8700 high 7.3 7.3 FIX debian debian 21d ago Crypt::DSA versions before 1.20 for Perl generate seeds using rand. Seeds were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.
CVE-2026-44310 medium 5.4 5.4 debian debian 21d ago Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. From 0.4.0 to before 0.15.0, CertVerifier.Verify() in pkg/git/verifier.go unconditionally dereference…
CVE-2026-44309 medium 5.3 5.3 debian debian 21d ago Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. Prior to 0.16.0, gitsign verify and gitsign verify-tag re-encode commit/tag objects through go-git's …
CVE-2026-45803 low 3.5 3.5 debian debian sleswindows windows github 22d ago `gh` is GitHub’s official command line tool. From 1.6.0 to before 2.92.0, a security vulnerability has been identified in GitHub CLI that could allow terminal escape sequence injection when users vie…
CVE-2026-8669 medium 6.5 6.5 FIX debian debian 22d ago Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files. Imager::File::GIF's i_readgif_multi_low allocates a single per-row buffer GifRow sized…
CVE-2026-46483 high 7.0 7.0 FIX slesdebian debianwindows windows vim 22d ago Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tar#Vimuntar() in runtime/autoload/tar.vim when decompressing .tgz archives on Unix-lik…
CVE-2026-45736 high 7.5 7.5 FIX debian debianwindows windows ws_project 22d ago ws: Uninitialized memory disclosure
CVE-2026-34253 high 8.2 8.2 slesdebian debian 22d ago A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools 1.4.3 package in function remotethread in remote.c. This vulnerability occurs in the remote control fu…
CVE-2026-8503 medium 6.5 6.5 FIX debian debian guimard 22d ago Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator re…
CVE-2026-43490 high 8.8 8.8 FIX slesdebian debianwindows windows 22d ago In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate inherited ACE SID length smb_inherit_dacl() walks the parent directory DACL loaded from the security descriptor x…
CVE-2026-6811 medium 5.9 5.9 debian debian 22d ago Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON documents in unusual circumstances when the source of these BSON documents is…
CVE-2026-44673 high 7.5 7.5 debian debian sleswindows windows 22d ago libyang is a YANG data modeling language library. Prior to SO 5.2.15, lyb_read_string() in src/parser_lyb.c contains an integer overflow that results in a heap buffer overflow when parsing a maliciou…
CVE-2026-44662 medium 5.5 FIX debian debianwindows windows 22d ago rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.0 to before 0.10.79, CipherCtxRef::cipher_update, CipherCtxRef::cipher_update_vec, and symm::Crypter::update incorr…
CVE-2026-42327 high 8.0 FIX debian debian 22d ago rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocsp_responders returns OCSP responder URLs from a certificate's AIA extension as Open…
CVE-2026-8587 high 8.8 8.8 FIX debian debianmacos macoswindows windows google 22d ago Use after free in Extensions in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome E…
CVE-2026-8586 medium 5.5 5.5 FIX debian debianwindows windows google 22d ago Inappropriate implementation in Chromoting in Google Chrome prior to 148.0.7778.168 allowed a local attacker to bypass discretionary access control via a malicious file. (Chromium security severity: …
CVE-2026-8585 high 7.5 7.5 FIX debian debianmacos macoswindows windows google 22d ago Inappropriate implementation in Media in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a …