VIR Vulnerability Intelligence Relay

Search

Found 13,750 results in 2611ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-43110 high 8.8 8.8 FIX sles rheldebian debian 1mo ago In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: validate bsscfg indices in IF events brcmf_fweh_handle_if_event() validates the firmware-provided interface index…
CVE-2026-43106 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix incorrect dentry refcount in cachefiles_cull() The patch mentioned below changed cachefiles_bury_object() to expe…
CVE-2026-43101 high 7.5 7.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data() We need to check __in6_dev_get() for possible NULL value…
CVE-2026-43099 high 7.5 7.5 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: ipv4: icmp: fix null-ptr-deref in icmp_build_probe() ipv6_stub->ipv6_dev_find() may return ERR_PTR(-EAFNOSUPPORT) when the IPv6 s…
CVE-2026-43097 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: PCI: hv: Fix double ida_free in hv_pci_probe error path If hv_pci_probe() fails after storing the domain number in hbus->bridge->…
CVE-2026-43093 high 7.8 7.8 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: xsk: tighten UMEM headroom validation to account for tailroom and min frame The current headroom validation in xdp_umem_reg() cou…
CVE-2026-43091 high 7.8 7.8 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: xfrm: Wait for RCU readers during policy netns exit xfrm_policy_fini() frees the policy_bydst hash tables after flushing the poli…
CVE-2026-43084 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_queue: make hash table per queue Sharing a global hash table among all queues is tempting, but it can cause …
CVE-2026-43083 critical 9.1 9.1 FIX slesdebian debianwindows windows 1mo ago In the Linux kernel, the following vulnerability has been resolved: net: ioam6: fix OOB and missing lock When trace->type.bit6 is set: if (trace->type.bit6) { ... queue = skb_g…
CVE-2026-43078 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago Linux kernel vulnerabilities
CVE-2026-43076 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate inline data i_size during inode read When reading an inode from disk, ocfs2_validate_inode_block() performs vario…
CVE-2026-43075 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix out-of-bounds write in ocfs2_write_end_inline KASAN reports a use-after-free write of 4086 bytes in ocfs2_write_end_in…
CVE-2026-43074 high 7.8 7.8 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: eventpoll: defer struct eventpoll free to RCU grace period In certain situations, ep_free() in eventpoll.c will kfree the epi->ep…
CVE-2026-44405 low 3.4 3.4 slesdebian debian 1mo ago Paramiko rsakey.py allows the SHA-1 algorithm
CVE-2026-30922 high 7.5 7.5 FIX rhel sles rocky pyasn1 1mo ago Important: fence-agents security update
CVE-2026-28780 critical 9.8 9.8 FIX debian debian rhel sles apache 1mo ago Apache HTTP Server vulnerabilities
CVE-2026-42997 high 7.7 7.7 FIX debian debian 1mo ago An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-…
CVE-2026-44167 high 7.5 7.5 FIX debian debian 1mo ago phpseclib has a CVE-2024-27355 mitigation bypass — OID amplification DoS in ASN1::decodeOID()
CVE-2026-42266 high 8.8 8.8 debian debian jupyter 1mo ago JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed…
CVE-2026-44331 high 8.1 8.1 FIX slesdebian debian 1mo ago In ProFTPD through 1.3.9a before 7666224, a SQL injection vulnerability in sqltab_fetch_clients_cb() in contrib/mod_wrap2_sql.c allows a remote attacker to inject arbitrary SQL commands via a crafted…
CVE-2026-30923 high 7.5 7.5 FIX slesdebian debian owasp 1mo ago ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occu…
CVE-2026-25243 high 8.8 8.8 slesdebian debianwindows windows redis 1mo ago RHSA-2026:23229: redis security update (Important)
CVE-2026-23631 high 8.1 8.1 slesdebian debianwindows windows redis 1mo ago Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-aft…
CVE-2026-23479 high 8.8 8.8 slesdebian debianwindows windows redis 1mo ago Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from `processCommandAndResetClient` when re-executing a blo…
CVE-2026-40110 high 7.3 7.3 debian debian jupyter 1mo ago Jupyter Server has a CORS Origin Validation Bypass via `re.match()` in `allow_origin_pat` (from huntr)
CVE-2026-35397 high 8.8 8.8 debian debian jupyter 1mo ago Jupyter Server: Path Traversal via incorrect startswith() root directory check allows access to sibling directories
CVE-2026-43071 critical 9.1 9.1 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: dcache: Limit the minimal number of bucket to two There is an OOB read problem on dentry_hashtable when user sets 'dhash_entries=…
CVE-2026-43070 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: bpf: Reset register ID for BPF_END value tracking When a register undergoes a BPF_END (byte swap) operation, its scalar value is …
CVE-2026-43067 critical 9.8 9.8 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: ext4: handle wraparound when searching for blocks for indirect mapped blocks Commit 4865c768b563 ("ext4: always allocate blocks o…
CVE-2026-43063 high 7.8 7.8 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: xfs: don't irele after failing to iget in xfs_attri_recover_work xlog_recovery_iget* never set @ip to a valid pointer if they ret…
CVE-2026-43062 high 7.1 7.1 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix type confusion in l2cap_ecred_reconf_rsp() l2cap_ecred_reconf_rsp() casts the incoming data to struct l2cap…
CVE-2026-43060 high 7.8 7.8 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: drop pending enqueued packets on removal Packets sitting in nfqueue might hold a reference to: - templates th…
CVE-2026-43059 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix list corruption and UAF in command complete handlers Commit 302a1f674c00 ("Bluetooth: MGMT: Fix possible UAF…
CVE-2026-29168 high 7.3 7.3 FIX debian debian sleswindows windows apache 1mo ago Apache HTTP Server vulnerabilities
CVE-2026-6322 high 7.5 7.5 FIX debian debian openjsf 1mo ago fast-uri vulnerable to host confusion via percent-encoded authority delimiters
CVE-2026-43870 high 7.3 7.3 FIX debian debianwindows windows apache 1mo ago Apache Thrift vulnerable to Path Traversal, HTTP Request/Response Splitting, Uncontrolled Resource Consumption
CVE-2026-43869 high 7.3 7.3 FIX debian debianwindows windows apache 1mo ago Apache Thrift has an Improper Validation of Certificate with Host Mismatch Vulnerability
CVE-2026-44028 high 7.5 7.5 FIX slesdebian debian 1mo ago An issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. Unbounded recursion in the NAR (Nix Archive) parser could lead to a stack-to-heap overflow when the parser is run on a coroutine st…
CVE-2026-35092 high 7.5 7.5 FIX rheldebian debian sles corosyncredhat 1mo ago A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) pac…
CVE-2026-35091 high 8.2 8.2 FIX rheldebian debian sles corosyncredhat 1mo ago A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User…
CVE-2026-27858 high 7.5 7.5 FIX rheldebian debian sles dovecotopen-xchange 1mo ago Attacker can send a specifically crafted message before authentication that causes managesieve to allocate large amount of memory. Attacker can force managesieve-login to be unavailable by repeated…
CVE-2026-27857 high 7.5 7.5 FIX rheldebian debian sles dovecotopen-xchange 1mo ago Sending "NOOP (((...)))" command with 4000 parenthesis open+close results in ~1MB extra memory usage. Longer commands will result in client disconnection. This 1 MB can be left allocated for longer t…
CVE-2026-26007 high 8.0 FIX rhel sles rocky 1mo ago python-cryptography vulnerability
CVE-2026-25679 high 8.0 FIX rocky rheldebian debian google 1mo ago Important: image-builder security update
CVE-2025-68724 high 8.0 FIX sles rheldebian debian 1mo ago Linux kernel (Low Latency NVIDIA) vulnerabilities
CVE-2025-59032 high 7.5 7.5 FIX rheldebian debian sles dovecotopen-xchange 1mo ago ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access t…
CVE-2025-40252 high 8.0 FIX slesdebian debian rhel 1mo ago Linux kernel (Azure) vulnerabilities
CVE-2026-6321 high 7.5 7.5 FIX slesdebian debian openjsf 1mo ago fast-uri vulnerable to path traversal via percent-encoded dot segments
CVE-2026-43964 high 7.5 7.5 FIX slesdebian debianwindows windows postfix 1mo ago Postfix vulnerability
CVE-2026-42154 high 7.5 7.5 slesdebian debianwindows windows prometheus 1mo ago Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpoint (/api/v1/read) does not validate the declared decoded length in a…
CVE-2026-42151 high 7.5 7.5 FIX slesdebian debianwindows windows prometheus 1mo ago Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the client_secret field in the Azure AD remote write OAuth configuration (storage/remote/a…
CVE-2026-37459 high 7.5 7.5 FIX debian debian sleswindows windows 1mo ago FRR vulnerabilities
CVE-2026-29004 high 8.1 8.1 debian debian sles 1mo ago BusyBox before commit 42202bf contains a heap buffer overflow vulnerability in the DHCPv6 client (udhcpc6) DNS_SERVERS option handler in networking/udhcp/d6_dhcpc.c that allows network-adjacent attac…
CVE-2026-42440 high 7.5 7.5 FIX debian debian apache 1mo ago OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReader  Versions Affected:  before 2.5.9 before 3.0.0-M3  Description: The AbstractModelReader methods getOut…
CVE-2026-42027 critical 9.8 9.8 FIX debian debian apache 1mo ago Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader Versions Affected: before 2.5.9, before 3.0.0-M3 Description:  The ExtensionLoader.instantiateExtension(C…
CVE-2026-40682 critical 9.1 9.1 FIX debian debian apache 1mo ago XML External Entity (XXE) via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The DictionaryEntryPersistor …
CVE-2026-37461 high 7.5 7.5 FIX debian debianubuntu ubuntu osrg 1mo ago GoBGP vulnerabilities
CVE-2026-29169 high 7.5 7.5 FIX debian debian sleswindows windows apache 1mo ago Apache HTTP Server vulnerabilities
CVE-2026-23918 high 8.8 9.8 EXPFIX debian debian sleswindows windows apache 1mo ago Apache HTTP Server vulnerabilities
CVE-2025-70069 high 7.5 7.5 debian debian sles 1mo ago An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXConverter.cpp and ConvertMeshMultiMaterial() method
CVE-2025-70067 critical 9.8 9.8 debian debian sles 1mo ago Buffer Overflow vulnerability exists in Assimp versions up to 6.0.2 in the FBX Importer. The vulnerability occurs in aiMaterial::AddBinaryProperty, where a property key string from a crafted FBX file…
CVE-2026-34059 high 7.5 7.5 FIX debian debian rhel sles apache 1mo ago Apache HTTP Server vulnerabilities
CVE-2026-24072 high 8.8 8.8 FIX debian debian sleswindows windows apache 1mo ago Apache HTTP Server vulnerabilities
CVE-2026-33846 high 7.5 7.5 FIX debian debian sleswindows windows 1mo ago GnuTLS vulnerabilities
CVE-2026-7737 high 7.5 7.5 FIX debian debianubuntu ubuntu osrg 1mo ago GoBGP vulnerabilities
CVE-2026-7736 high 7.5 7.5 FIX debian debianubuntu ubuntu osrg 1mo ago GoBGP vulnerabilities
CVE-2026-43864 low 2.5 2.5 slesdebian debian 1mo ago mutt before 2.3.2 has a show_sig_summary NULL pointer dereference.
CVE-2026-43863 low 3.7 3.7 slesdebian debian 1mo ago mutt before 2.3.2 has an infinite loop in data_object_to_stream in crypt-gpgme.c.
CVE-2026-43862 low 3.7 3.7 slesdebian debian 1mo ago In mutt before 2.3.2, the imap_auth_gss security level is mishandled.
CVE-2026-43861 low 3.7 3.7 slesdebian debian 1mo ago mutt before 2.3.2 does not check for '\0' in url_pct_decode.
CVE-2026-43860 low 3.7 3.7 slesdebian debian 1mo ago mutt before 2.3.2 sometimes truncates the hash_passwd by one byte for IMAP auth_cram MD5 digest.
CVE-2026-43859 low 3.7 3.7 slesdebian debian 1mo ago mutt before 2.3.2 sometimes uses strfcpy instead of memcpy for the IMAP auth_cram MD5 digest.
CVE-2026-7735 high 7.3 7.3 FIX debian debianubuntu ubuntu osrg 1mo ago GoBGP vulnerabilities
CVE-2026-7734 high 7.5 7.5 FIX debian debianubuntu ubuntu osrg 1mo ago GoBGP vulnerabilities
CVE-2026-42258 critical 9.8 9.8 debian debianwindows windows ruby-lang 1mo ago net-imap vulnerable to command Injection via unvalidated Symbol inputs
CVE-2026-42257 critical 9.8 9.8 debian debianwindows windows ruby-lang 1mo ago net-imap vulnerable to command Injection via "raw" arguments to multiple commands
CVE-2026-42246 high 7.4 7.4 debian debianwindows windows ruby-lang 1mo ago net-imap vulnerable to STARTTLS stripping via invalid response timing
CVE-2026-42245 high 7.5 7.5 slesdebian debian ruby-lang 1mo ago net-imap has quadratic complexity when reading response literals
CVE-2026-35414 high 8.0 FIX rhel slesdebian debian google 1mo ago OpenSSH vulnerabilities
CVE-2026-35388 high 8.0 FIX rhel slesdebian debian 1mo ago OpenSSH vulnerabilities
CVE-2026-35387 high 8.0 FIX rhel slesdebian debian 1mo ago OpenSSH vulnerabilities
CVE-2026-35386 high 8.0 FIX rhel slesdebian debian google 1mo ago OpenSSH vulnerabilities
CVE-2026-35385 high 8.0 FIX rhel slesdebian debian google 1mo ago OpenSSH vulnerabilities
CVE-2026-31431 high 7.8 10.0 KEVEXPFIX rhelarch arch sles redhatsusearista 1mo ago kmod update
CVE-2026-31402 critical 9.8 9.8 FIX rhel sles rocky 1mo ago Important: kernel security update
CVE-2026-24660 high 8.0 FIX debian debian sles rhel 1mo ago RHSA-2026:13284: LibRaw security update (Important)
CVE-2026-23270 high 7.8 7.8 FIX rhel sles rocky 1mo ago Important: kernel security update
CVE-2026-23136 high 8.0 FIX rhel slesdebian debian 1mo ago Linux kernel vulnerabilities
CVE-2026-20889 high 8.0 FIX debian debian sles rhel 1mo ago RHSA-2026:13284: LibRaw security update (Important)
CVE-2026-7598 high 7.3 7.3 FIX debian debian sleswindows windows libssh2 1mo ago libssh2 vulnerability
CVE-2026-37457 high 7.5 7.5 FIX debian debian sleswindows windows frrouting 1mo ago FRR vulnerabilities
CVE-2026-43507 high 7.5 7.5 FIX debian debian prosody 1mo ago An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5. A Denial of Service can occur via memory exhaustion caused by XML parsing resource amplification from unauthen…
CVE-2026-43506 high 7.5 7.5 FIX debian debian prosody 1mo ago An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5. A Denial of Service can occur via memory exhaustion caused by memory leaks from unauthenticated connections.
CVE-2026-43057 high 7.5 7.5 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: net: correctly handle tunneled traffic on IPV6_CSUM GSO fallback NETIF_F_IPV6_CSUM only advertises support for checksum offload o…
CVE-2026-43056 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: net: mana: fix use-after-free in add_adev() error path If auxiliary_device_add() fails, add_adev() jumps to add_fail and calls au…
CVE-2026-43055 high 7.5 7.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: scsi: target: file: Use kzalloc_flex for aio_cmd The target_core_file doesn't initialize the aio_cmd->iocb for the ki_write_strea…
CVE-2026-43052 high 7.1 7.1 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check tdls flag in ieee80211_tdls_oper When NL80211_TDLS_ENABLE_LINK is called, the code only checks if the stati…
CVE-2026-43051 high 8.1 8.1 FIX sles rheldebian debian 1mo ago In the Linux kernel, the following vulnerability has been resolved: HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq The wacom_intuos_bt_irq() function processes Bluetooth HID reports with…
CVE-2026-43050 high 7.0 7.0 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: atm: lec: fix use-after-free in sock_def_readable() A race condition exists between lec_atm_close() setting priv->lecd to NULL an…
CVE-2026-43049 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: HID: logitech-hidpp: Prevent use-after-free on force feedback initialisation failure Presently, if the force feedback initialisat…