VIR Vulnerability Intelligence Relay

Search

Found 1,170 results in 148ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-31671 medium 5.5 5.5 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: xfrm_user: fix info leak in build_report() struct xfrm_user_report is a __u8 proto field followed by a struct xfrm_selector which…
CVE-2026-31664 medium 5.5 5.5 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: xfrm: clear trailing padding in build_polexpire() build_expire() clears the trailing padding bytes of struct xfrm_user_expire aft…
CVE-2026-31647 medium 5.5 5.5 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: idpf: fix PREEMPT_RT raw/bh spinlock nesting for async VC handling Switch from using the completion's raw spinlock to a local loc…
CVE-2026-31628 medium 5.5 5.5 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: x86/CPU: Fix FPDSS on Zen1 Zen1's hardware divider can leave, under certain circumstances, partial results from previous operatio…
CVE-2026-31593 medium 5.5 5.5 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Reject attempts to sync VMSA of an already-launched/encrypted vCPU Reject synchronizing vCPU state to its associated VM…
CVE-2026-31590 medium 5.5 5.5 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Drop WARN on large size for KVM_MEMORY_ENCRYPT_REG_REGION Drop the WARN in sev_pin_memory() on npages overflowing an in…
CVE-2026-31561 medium 5.5 5.5 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: x86/cpu: Remove X86_CR4_FRED from the CR4 pinned bits mask Commit in Fixes added the FRED CR4 bit to the CR4 pinned bits mask so …
CVE-2026-31555 medium 5.5 5.5 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: futex: Clear stale exiting pointer in futex_lock_pi() retry path Fuzzying/stressing futexes triggered: WARNING: kernel/futex…
CVE-2026-31546 medium 5.5 5.5 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix NULL deref in bond_debug_rlb_hash_show rlb_clear_slave intentionally keeps RLB hash-table entries on the rx_has…
CVE-2026-6920 critical 9.6 9.6 FIX debian debian linux-kernel google 1mo ago Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted …
CVE-2026-6919 critical 9.6 9.6 FIX debian debian linux-kernel google 1mo ago Use after free in DevTools in Google Chrome prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.…
CVE-2026-31523 medium 4.7 4.7 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: nvme-pci: ensure we're polling a polled queue A user can change the polled queue count at run time. There's a brief window during…
CVE-2026-31521 medium 5.5 5.5 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: module: Fix kernel panic when a symbol st_shndx is out of bounds The module loader doesn't check for bounds of the ELF section in…
CVE-2026-31515 medium 5.5 5.5 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: af_key: validate families in pfkey_send_migrate() syzbot was able to trigger a crash in skb_put() [1] Issue is that pfkey_send_m…
CVE-2026-31496 medium 5.5 5.5 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_expect: skip expectations in other netns via proc Skip expectations that do not reside in this netns. Si…
CVE-2026-31466 medium 4.7 4.7 FIX debian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: fix folio isn't locked in softleaf_to_folio() On arm64 server, we found folio that get from migration entry isn't…
CVE-2026-31429 medium 5.5 5.5 FIX slesdebian debian linux-kernel google 2mo ago In the Linux kernel, the following vulnerability has been resolved: net: skb: fix cross-cache free of KFENCE-allocated skb head SKB_SMALL_HEAD_CACHE_SIZE is intentionally set to a non-power-of-2 va…
CVE-2026-6364 medium 6.5 6.5 FIX debian debian google 2mo ago Out of bounds read in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted file. (Chromium security se…
CVE-2026-6362 medium 4.3 4.3 FIX debian debian google 2mo ago Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted video file. (Chromium security severity: H…
CVE-2026-6296 critical 9.6 9.6 FIX debian debian linux-kernelmacos macos google 2mo ago Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-6298 medium 4.3 4.3 FIX debian debian linux-kernelmacos macos google 2mo ago Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium secu…
CVE-2026-5588 unknown debian debian sles google 2mo ago Bouncy Castle Crypto Package For Java: Use of a Broken or Risky Cryptographic Algorithm vulnerability in bcpkix modules
CVE-2026-34481 unknown FIX debian debian sles google 2mo ago Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayout
CVE-2026-34480 unknown debian debian sles google 2mo ago Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.html#XmlLayout , in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 spec…
CVE-2026-34478 unknown FIX debian debian sles google 2mo ago Apache Log4j Core: log injection in `Rfc5424Layout` due to silent configuration incompatibility
CVE-2026-34487 unknown FIX slesdebian debian google 2mo ago Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token. This issue affects Apache Tomcat…
CVE-2026-29146 unknown FIX slesdebian debian google 2mo ago Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from …
CVE-2026-5919 medium 6.5 6.5 FIX debian debian linux-kernelmacos macos google 2mo ago Insufficient validation of untrusted input in WebSockets in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a …
CVE-2026-5911 medium 4.3 4.3 FIX debian debian linux-kernelmacos macos google 2mo ago Policy bypass in ServiceWorkers in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-5890 medium 5.3 5.3 FIX debian debianmacos macos linux-kernel google 2mo ago Race in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severit…
CVE-2026-5867 medium 4.3 4.3 FIX debian debian linux-kernelmacos macos google 2mo ago Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium secu…
CVE-2026-39883 unknown FIX debian debian google 2mo ago OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command us…
CVE-2026-31789 critical 9.8 9.8 FIX slesdebian debian opensslgoogle 2mo ago Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a cr…
CVE-2026-29181 unknown FIX debian debian google 2mo ago OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value independently and aggregates members across va…
CVE-2026-23442 medium 5.5 5.5 FIX slesdebian debian linux-kernel google 2mo ago In the Linux kernel, the following vulnerability has been resolved: ipv6: add NULL checks for idev in SRv6 paths __in6_dev_get() can return NULL when the device has no IPv6 configuration (e.g. MTU …
CVE-2026-5273 medium 6.3 6.3 FIX debian debianmacos macos linux-kernel google 2mo ago Use after free in CSS in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-23399 medium 5.5 5.5 FIX slesdebian debian linux-kernel google 2mo ago In the Linux kernel, the following vulnerability has been resolved: nf_tables: nft_dynset: fix possible stateful expression memleak in error path If cloning the second stateful expression in the el…
CVE-2026-33997 unknown FIX debian debian sles google 2mo ago Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. D…
CVE-2026-33871 unknown slesdebian debian google 2mo ago Netty HTTP/2 CONTINUATION Frame Flood DoS via Zero-Byte Frame Bypass
CVE-2026-33870 unknown slesdebian debian google 2mo ago Netty: HTTP Request Smuggling via Chunked Extension Quoted-String Parsing
CVE-2026-23302 medium 4.7 4.7 FIX slesdebian debian linux-kernel google 2mo ago In the Linux kernel, the following vulnerability has been resolved: net: annotate data-races around sk->sk_{data_ready,write_space} skmsg (and probably other layers) are changing these pointers whi…
CVE-2026-33176 medium 5.5 FIX slesdebian debian google 2mo ago Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Support number helpers accept str…
CVE-2026-33170 medium 5.5 FIX slesdebian debian google 2mo ago Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, `SafeBuffer#%` does not propagate the `@…
CVE-2026-33169 medium 5.5 FIX slesdebian debian google 2mo ago Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. `NumberToDelimitedConverter` uses a lookahead-based regular expression with `gsub!` to in…
CVE-2026-23277 medium 5.5 5.5 FIX slesdebian debian linux-kernel google 3mo ago In the Linux kernel, the following vulnerability has been resolved: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit teql_master_xmit() calls netdev_start_xmit(skb,…
CVE-2026-23255 medium 5.5 5.5 FIX slesdebian debian linux-kernel google 3mo ago In the Linux kernel, the following vulnerability has been resolved: net: add proper RCU protection to /proc/net/ptype Yin Fengwei reported an RCU stall in ptype_seq_show() and provided a patch. Re…
CVE-2026-24734 unknown FIX slesdebian debian google 4mo ago Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native (and Tomcat's FFM port of the Tomcat Native code) did not complete verific…
CVE-2026-0915 medium 5.5 FIX rocky rheldebian debian google 4mo ago RHSA-2026:4772: glibc security update (Moderate)
CVE-2026-0861 medium 5.5 FIX rheldebian debian sles google 4mo ago Moderate: glibc security update
CVE-2025-15281 medium 5.5 FIX rocky rheldebian debian google 4mo ago RHSA-2026:4772: glibc security update (Moderate)
CVE-2026-23157 medium 5.5 5.5 FIX slesdebian debian linux-kernel google 4mo ago In the Linux kernel, the following vulnerability has been resolved: btrfs: do not strictly require dirty metadata threshold for metadata writepages [BUG] There is an internal report that over 1000 …
CVE-2025-40135 medium 5.5 FIX rocky rhel sles google 4mo ago In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU in ip6_xmit() Use RCU in ip6_xmit() in order to use dst_dev_rcu() to prevent possible UAF.
CVE-2026-24051 unknown FIX debian debian google 4mo ago OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking (Untrusted Search Paths) on macOS/Darwin systems. The re…
CVE-2025-71161 medium 5.5 5.5 FIX slesdebian debian linux-kernel google 4mo ago In the Linux kernel, the following vulnerability has been resolved: dm-verity: disable recursive forward error correction There are two problems with the recursive correction: 1. It may cause deni…
CVE-2025-68239 unknown FIX slesdebian debian google 6mo ago In the Linux kernel, the following vulnerability has been resolved: binfmt_misc: restore write access before closing files opened by open_exec() bm_register_write() opens an executable file using o…
CVE-2025-22116 medium 5.5 FIX rhel slesdebian debian google 7mo ago In the Linux kernel, the following vulnerability has been resolved: idpf: check error for register_netdev() on init Current init logic ignores the error code from register_netdev(), which will caus…
CVE-2025-48913 unknown google 10mo ago Apache CXF: Untrusted JMS configuration can lead to RCE
CVE-2024-12798 unknown slesdebian debian google 2y ago QOS.CH logback-core Expression Language Injection vulnerability
CVE-2023-6460 medium 5.5 5.5 google 3y ago Logging of the firestore key within nodejs-firestore
CVE-2023-2976 unknown FIX slesdebian debian google 3y ago Guava vulnerable to insecure use of temporary directory
CVE-2022-40897 medium 5.5 FIX rhel rocky sles google 3y ago RHSA-2024:2987: python27:2.7 security update (Moderate)
CVE-2022-2160 medium 6.5 6.5 FIX debian debianfedora fedora google 4y ago Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitiv…
CVE-2020-8908 unknown FIX slesdebian debian google 5y ago Information Disclosure in Guava
CVE-2017-5120 medium 6.5 6.5 FIX arch archmacos macos linux-kernel google 9y ago multiple issues in chromium
CVE-2017-5119 medium 4.3 4.3 FIX arch archdebian debian google 9y ago multiple issues in chromium
CVE-2017-5118 medium 4.3 4.3 FIX arch arch rhelmacos macos google 9y ago multiple issues in chromium
CVE-2017-5117 medium 6.5 6.5 FIX arch arch linux-kerneldebian debian google 9y ago multiple issues in chromium
CVE-2017-5110 medium 6.5 6.5 FIX arch arch rhelmacos macos google 9y ago multiple issues in chromium
CVE-2017-5109 medium 4.3 4.3 FIX arch arch rhelmacos macos google 9y ago multiple issues in chromium
CVE-2017-5107 medium 5.3 5.3 FIX arch arch rhelmacos macos google 9y ago multiple issues in chromium
CVE-2017-5106 medium 6.5 6.5 FIX arch arch rhelmacos macos google 9y ago multiple issues in chromium
CVE-2017-5105 medium 6.5 6.5 FIX arch arch rhelmacos macos google 9y ago multiple issues in chromium
CVE-2017-5104 medium 6.5 6.5 FIX arch arch rhelmacos macos google 9y ago multiple issues in chromium
CVE-2017-5103 medium 4.3 4.3 FIX arch archmacos macos linux-kernel google 9y ago multiple issues in chromium
CVE-2017-5102 medium 4.3 4.3 FIX arch arch rhelmacos macos google 9y ago multiple issues in chromium
CVE-2017-5101 medium 6.5 6.5 FIX arch arch rhelmacos macos google 9y ago multiple issues in chromium
CVE-2017-5096 medium 4.3 4.3 google 9y ago Insufficient policy enforcement during navigation between different schemes in Google Chrome prior to 60.0.3112.78 for Android allowed a remote attacker to perform cross origin content download via a…
CVE-2017-5094 medium 6.5 6.5 FIX arch arch rhelmacos macos google 9y ago multiple issues in chromium
CVE-2017-5093 medium 6.5 6.5 FIX arch arch rhelmacos macos google 9y ago multiple issues in chromium
CVE-2017-5090 medium 6.5 6.5 macos macos google 9y ago Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.115 for Mac allowed a remote attacker to perform domain spoofing via a crafted domain name containing a U+0620 character…
CVE-2017-5089 medium 6.5 6.5 FIX arch arch rhelmacos macos google 9y ago multiple issues in chromium
CVE-2017-5086 medium 6.5 6.5 FIX arch archmacos macos rhel google 9y ago multiple issues in chromium
CVE-2017-5083 medium 4.3 4.3 FIX arch arch rhelmacos macos google 9y ago multiple issues in chromium
CVE-2017-5082 medium 5.5 5.5 FIX arch arch google 9y ago multiple issues in chromium
CVE-2017-5079 medium 4.3 4.3 FIX arch arch rhelmacos macos google 9y ago multiple issues in chromium
CVE-2017-5076 medium 6.5 6.5 FIX arch arch rhelmacos macos google 9y ago multiple issues in chromium
CVE-2017-5075 medium 4.3 4.3 FIX arch arch rhelmacos macos google 9y ago multiple issues in chromium
CVE-2017-5072 medium 6.5 6.5 FIX arch arch google 9y ago multiple issues in chromium
CVE-2017-5071 medium 6.3 6.3 FIX arch arch rhelmacos macos google 9y ago multiple issues in chromium
CVE-2017-5069 medium 6.1 6.1 FIX arch arch rhelmacos macos google 9y ago multiple issues in chromium
CVE-2017-5067 medium 6.5 6.5 FIX arch arch rhel linux-kernel google 9y ago multiple issues in chromium
CVE-2017-5066 medium 6.5 6.5 FIX arch arch rhel linux-kernel google 9y ago multiple issues in chromium
CVE-2017-5065 medium 4.7 4.7 FIX arch arch rhelmacos macos google 9y ago multiple issues in chromium
CVE-2017-5061 medium 5.3 5.3 FIX arch arch rhel linux-kernel google 9y ago multiple issues in chromium
CVE-2017-5060 medium 6.5 6.5 FIX arch arch rhel linux-kernel google 9y ago multiple issues in chromium
CVE-2017-5053 critical 9.6 9.6 FIX arch arch rhel linux-kernel google 9y ago arbitrary code execution in chromium
CVE-2015-1239 medium 6.5 6.5 FIX slesdebian debian uclouvaingoogle 9y ago Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r2997, as used in PDFium in Google Chrome, allows remote attackers to cause a denial of service (process crash) via a craf…
CVE-2015-1206 medium 5.5 5.5 google 9y ago Heap-based buffer overflow in Google Chrome before M40 allows remote attackers to cause a denial of service (unpaged memory write and process crash) via a crafted MP4 file.
CVE-2015-1207 medium 6.5 6.5 FIX debian debian google 9y ago Double-free vulnerability in libavformat/mov.c in FFMPEG in Google Chrome 41.0.2251.0 allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted .m4a file.
CVE-2016-5178 critical 9.8 9.8 FIX arch archdebian debiansuse suse google 9y ago arbitrary code execution in chromium