VIR Vulnerability Intelligence Relay

Search

Found 10,537 results in 947ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-23171 high 7.8 7.8 FIX rhel sles rocky google 2mo ago In the Linux kernel, the following vulnerability has been resolved: bonding: fix use-after-free due to enslave fail after slave array update Fix a use-after-free which happens due to enslave failur…
CVE-2026-23144 medium 5.5 FIX rhel sles rocky 2mo ago In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure When a context DAMON sysfs directory setup is failed after set…
CVE-2025-40096 high 8.0 FIX rocky rhel sles 2mo ago In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies When adding dependencies with drm_sched_job_add_depen…
CVE-2025-38180 medium 5.5 FIX rocky rhel sles 2mo ago In the Linux kernel, the following vulnerability has been resolved: net: atm: fix /proc/net/atm/lec handling /proc/net/atm/lec must ensure safety against dev_lec[] changes. It appears it had dev_p…
CVE-2026-4948 medium 5.5 5.5 FIX debian debian sles rhel firewalld 2mo ago A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-authorizing two runtime D-Bus (Desktop Bus) setters, setZoneSettings2 and setPolicySettings. This mis-au…
CVE-2026-2100 medium 5.3 5.3 FIX rhel slesdebian debian p11-kit_projectredhat 2mo ago A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters se…
CVE-2026-4721 high 8.0 FIX rocky rheldebian debian 2mo ago Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume tha…
CVE-2026-4720 high 8.0 FIX rocky rheldebian debian 2mo ago Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort…
CVE-2026-4719 high 8.0 FIX rocky rheldebian debian 2mo ago Incorrect boundary conditions in the Graphics: Text component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4718 high 8.0 FIX rocky rheldebian debian 2mo ago Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4717 high 8.0 FIX rocky rheldebian debian 2mo ago Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4716 high 8.0 FIX rocky rheldebian debian 2mo ago Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4715 high 8.0 FIX rocky rheldebian debian 2mo ago Uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4714 high 8.0 FIX rocky rheldebian debian 2mo ago Incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4713 high 8.0 FIX rocky rheldebian debian 2mo ago Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4712 high 8.0 FIX rocky rheldebian debian 2mo ago Information disclosure in the Widget: Cocoa component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4711 high 8.0 FIX rocky rheldebian debian 2mo ago Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4710 high 8.0 FIX rocky rheldebian debian 2mo ago Incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4709 high 8.0 FIX rocky rheldebian debian 2mo ago Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4708 high 8.0 FIX rocky rheldebian debian 2mo ago Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4707 high 8.0 FIX rocky rheldebian debian 2mo ago Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4706 high 8.0 FIX rocky rheldebian debian 2mo ago Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4705 high 8.0 FIX rocky rheldebian debian 2mo ago Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4704 high 8.0 FIX rocky rheldebian debian 2mo ago Denial-of-service in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4702 high 8.0 FIX rocky rheldebian debian 2mo ago JIT miscompilation in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4701 high 8.0 FIX rocky rheldebian debian 2mo ago Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4700 high 8.0 FIX rocky rheldebian debian 2mo ago Mitigation bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4699 high 8.0 FIX rocky rheldebian debian 2mo ago Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4698 critical 9.8 9.8 FIX rocky rheldebian debian mozilla 2mo ago JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4697 high 8.0 FIX rocky rheldebian debian 2mo ago Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4696 high 8.0 FIX rocky rheldebian debian 2mo ago Use-after-free in the Layout: Text and Fonts component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4695 high 8.0 FIX rocky rheldebian debian 2mo ago Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4694 high 8.0 FIX rocky rheldebian debian 2mo ago Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4693 high 8.0 FIX rocky rheldebian debian 2mo ago Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4692 high 8.0 FIX rocky rheldebian debian 2mo ago Sandbox escape in the Responsive Design Mode component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4691 high 8.0 FIX rocky rheldebian debian 2mo ago Use-after-free in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4690 high 8.0 FIX rocky rheldebian debian 2mo ago Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and …
CVE-2026-4689 high 8.0 FIX rocky rheldebian debian 2mo ago Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and …
CVE-2026-4688 high 8.0 FIX rocky rheldebian debian 2mo ago Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4687 high 8.0 FIX rocky rheldebian debian 2mo ago Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 14…
CVE-2026-4686 high 8.0 FIX rocky rheldebian debian 2mo ago Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4685 high 8.0 FIX rocky rheldebian debian 2mo ago Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2026-4684 high 8.0 FIX rocky rheldebian debian 2mo ago Race condition, use-after-free in the Graphics: WebRender component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2025-61731 high 8.0 FIX rocky rheldebian debian google 2mo ago RHSA-2026:6949: go-toolset:rhel8 security update (Important)
CVE-2026-25749 medium 5.5 FIX rocky rhel sles 2mo ago Moderate: vim security update
CVE-2026-23893 medium 5.5 FIX rocky rhel sles 2mo ago RHSA-2026:5587: opencryptoki security update (Moderate)
CVE-2026-1940 high 7.5 7.5 FIX debian debian sles rhel freedesktopgstreamer 2mo ago An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gst_wavparse_adtl_chunk() function. The patch added a size validation check lsize + 8 > size, but it does not account for the GST_…
CVE-2026-4427 high 8.0 sles rhel 3mo ago RHSA-2026:22714: osbuild-composer security update (Important)
CVE-2026-4426 medium 6.5 6.5 FIX debian debian sles rhel libarchiveredhat 3mo ago A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (`pz_log2_bs`) read from ISO9660 Rock Ridge exte…
CVE-2026-4424 high 7.5 7.5 FIX rheldebian debian sles libarchiveredhat 3mo ago Important: libarchive security update
CVE-2026-4111 high 7.5 7.5 FIX rheldebian debian rocky 3mo ago Important: libarchive security update
CVE-2026-33210 high 8.0 FIX rheldebian debianalmalinux almalinux google 3mo ago Important: ruby:4.0 security update
CVE-2026-32286 high 7.5 7.5 FIX debian debian sles rhel jackc 3mo ago The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out …
CVE-2025-68114 high 8.0 FIX rheldebian debian sles 3mo ago Important: capstone security update
CVE-2025-67873 high 8.0 FIX rheldebian debian sles 3mo ago Important: capstone security update
CVE-2026-4271 high 7.5 7.5 debian debian sles rhel gnome 3mo ago A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sen…
CVE-2026-21964 medium 5.5 FIX rocky rhel sles 3mo ago RHSA-2026:6391: mysql:8.4 security update (Moderate)
CVE-2026-21948 medium 5.5 FIX rocky rhel sles 3mo ago RHSA-2026:6391: mysql:8.4 security update (Moderate)
CVE-2026-21941 medium 5.5 FIX rocky rhel sles 3mo ago RHSA-2026:6391: mysql:8.4 security update (Moderate)
CVE-2026-21937 medium 5.5 FIX rocky rhel sles 3mo ago RHSA-2026:6391: mysql:8.4 security update (Moderate)
CVE-2026-21936 medium 5.5 FIX rocky rhel sles 3mo ago RHSA-2026:6391: mysql:8.4 security update (Moderate)
CVE-2025-61662 high 7.8 7.8 FIX rheldebian debian sles gnu 3mo ago RHSA-2026:4648: grub2 security update (Moderate)
CVE-2025-39818 medium 5.5 FIX rhel sles rocky 3mo ago In the Linux kernel, the following vulnerability has been resolved: HID: intel-thc-hid: intel-thc: Fix incorrect pointer arithmetic in I2C regs save Improper use of secondary pointer (&dev->i2c_sub…
CVE-2026-32597 high 7.5 7.5 FIX rhel sles rocky pyjwt_project 3mo ago RHSA-2026:12176: fence-agents security update (Important)
CVE-2026-2376 medium 5.4 5.4 rhel redhat 3mo ago A flaw was found in mirror-registry where an authenticated user can trick the system into accessing unintended internal or restricted systems by providing malicious web addresses. When the applicat…
CVE-2026-26130 high 8.0 FIX rocky rhelalmalinux almalinux 3mo ago RHSA-2026:4458: .NET 10.0 security update (Important)
CVE-2026-26127 high 8.0 FIX rocky rhelalmalinux almalinux 3mo ago RHSA-2026:4458: .NET 10.0 security update (Important)
CVE-2026-2048 high 8.0 FIX rocky rheldebian debian 3mo ago RHSA-2026:5113: gimp:2.8 security update (Important)
CVE-2026-2047 high 8.0 FIX rheldebian debian sles 3mo ago Important: gimp security update
CVE-2026-2045 high 8.0 FIX rocky rheldebian debian 3mo ago RHSA-2026:5113: gimp:2.8 security update (Important)
CVE-2026-2044 high 8.0 FIX rocky rheldebian debian 3mo ago RHSA-2026:5113: gimp:2.8 security update (Important)
CVE-2026-1299 medium 5.5 FIX rocky rhel sles 3mo ago The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is seriali…
CVE-2026-0797 high 8.0 FIX rocky rheldebian debian 3mo ago RHSA-2026:5113: gimp:2.8 security update (Important)
CVE-2025-9820 medium 4.0 4.0 FIX rocky rheldebian debian 3mo ago RHSA-2026:5585: gnutls security update (Moderate)
CVE-2025-15367 medium 5.5 FIX rocky rheldebian debian 3mo ago The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.
CVE-2025-15366 medium 5.5 FIX rocky rheldebian debian 3mo ago The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.
CVE-2025-14831 medium 5.3 5.3 FIX rocky rheldebian debian 3mo ago RHSA-2026:5585: gnutls security update (Moderate)
CVE-2026-23001 medium 5.5 FIX rocky rhel sles 3mo ago In the Linux kernel, the following vulnerability has been resolved: macvlan: fix possible UAF in macvlan_forward_source() Add RCU protection on (struct macvlan_source_entry)->vlan. Whenever macvla…
CVE-2025-68800 high 8.0 FIX rhel sles rocky 3mo ago In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats Cited commit added a dedicated mutex (instead of RTNL)…
CVE-2025-38106 medium 5.5 FIX rhel slesdebian debian 3mo ago In the Linux kernel, the following vulnerability has been resolved: io_uring: fix use-after-free of sq->thread in __io_uring_show_fdinfo() syzbot reports: BUG: KASAN: slab-use-after-free in getrus…
CVE-2025-69534 high 8.0 FIX rhel slesdebian debian 3mo ago Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-M…
CVE-2025-12801 medium 5.5 FIX rocky rhel sles 3mo ago RHSA-2026:3938: nfs-utils security update (Moderate)
CVE-2021-30952 medium 7.0 KEVFIX sles rockydebian debian 3mo ago Apple tvOS, macOS, Safari, iPadOS and watchOS contain an integer overflow or wraparound vulnerability due to the processing of maliciously crafted web content that may lead to arbitrary code executio…
CVE-2026-2006 high 8.0 FIX rocky rhel sles 3mo ago RHSA-2026:4064: postgresql:12 security update (Important)
CVE-2026-2005 high 8.0 FIX rocky rhel sles 3mo ago RHSA-2026:4064: postgresql:12 security update (Important)
CVE-2026-2004 high 8.0 FIX rocky rhel sles 3mo ago RHSA-2026:4064: postgresql:12 security update (Important)
CVE-2026-2003 high 8.0 FIX rocky rhel sles 3mo ago RHSA-2026:4063: postgresql:16 security update (Important)
CVE-2026-1642 medium 5.5 FIX rocky rhel sles 3mo ago RHSA-2026:5581: nginx:1.24 security update (Moderate)
CVE-2026-23097 medium 5.5 FIX rocky rhel sles 3mo ago In the Linux kernel, the following vulnerability has been resolved: migrate: correct lock ordering for hugetlb file folios Syzbot has found a deadlock (analyzed by Lance Yang): 1) Task (5749): Hol…
CVE-2026-21863 high 8.0 FIX rhel sles rocky 3mo ago Important: valkey security update
CVE-2025-71085 medium 5.5 FIX rocky rhel sles 3mo ago In the Linux kernel, the following vulnerability has been resolved: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() There exists a kernel oops caused by a BUG_ON(nhead < 0) at…
CVE-2025-67733 high 8.0 FIX rhel sles rocky 3mo ago Important: valkey security update
CVE-2025-40168 medium 5.5 FIX rocky rhel sles 3mo ago In the Linux kernel, the following vulnerability has been resolved: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match(). smc_clc_prfx_match() is called from smc_listen_work() and not …
CVE-2026-22801 high 8.0 FIX rocky rheldebian debian 3mo ago RHSA-2026:4728: libpng security update (Important)
CVE-2026-22695 high 8.0 FIX rocky rheldebian debian 3mo ago RHSA-2026:4728: libpng security update (Important)
CVE-2026-2793 high 8.0 FIX rocky rheldebian debian 3mo ago Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume tha…
CVE-2026-2792 high 8.0 FIX rocky rheldebian debian 3mo ago Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort…
CVE-2026-2791 high 8.0 FIX rocky rheldebian debian 3mo ago Mitigation bypass in the Networking: Cache component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
CVE-2026-2790 high 8.0 FIX rocky rheldebian debian 3mo ago Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
CVE-2026-2789 high 8.0 FIX rocky rheldebian debian 3mo ago Use-after-free in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.