VIR Vulnerability Intelligence Relay

Search

Found 10,537 results in 950ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-22795 medium 5.5 5.5 FIX rhel sles rocky openssl 4mo ago Important: openssl security update
CVE-2025-69421 high 7.5 7.5 FIX rhel sles rocky openssl 4mo ago Important: openssl security update
CVE-2025-69420 high 7.5 7.5 FIX rhel sles rocky openssl 4mo ago Important: openssl security update
CVE-2025-69419 high 7.4 7.4 FIX rhel sles rocky openssl 4mo ago RHSA-2026:3042: openssl security update (Moderate)
CVE-2025-69418 medium 4.0 4.0 FIX rhel sles rocky openssl 4mo ago Important: openssl security update
CVE-2025-68160 medium 4.7 4.7 FIX rhel sles rocky openssl 4mo ago Important: openssl security update
CVE-2025-66199 high 8.0 FIX rhel sles rocky 4mo ago Important: openssl security update
CVE-2025-15469 high 8.0 FIX rhel sles rocky 4mo ago Important: openssl security update
CVE-2025-15468 high 8.0 FIX rhel sles rocky 4mo ago Important: openssl security update
CVE-2025-15467 high 8.8 8.8 FIX rhel sles rocky openssl 4mo ago Important: openssl security update
CVE-2025-11187 high 8.0 FIX rhel sles rocky 4mo ago Important: openssl security update
CVE-2025-9086 high 7.5 7.5 FIX rocky rheldebian debian haxx 4mo ago 1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the …
CVE-2025-14180 high 8.0 FIX rocky rhelalmalinux almalinux 4mo ago RHSA-2026:1412: php:8.2 security update (Important)
CVE-2025-14178 medium 5.5 FIX rockyalmalinux almalinux rhel 4mo ago RHSA-2026:2470: php:7.4 security update (Moderate)
CVE-2025-14177 medium 5.5 FIX rocky rhelalmalinux almalinux 4mo ago RHSA-2026:2470: php:7.4 security update (Moderate)
CVE-2025-13836 high 7.5 7.5 FIX rocky rhel sles python 4mo ago When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amoun…
CVE-2025-12084 medium 5.5 FIX rocky rheldebian debian 4mo ago When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building ex…
CVE-2025-68305 high 8.0 FIX rhel sles rocky 4mo ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sock: Prevent race in socket write iter and sock bind There is a potential race condition between sock bind and so…
CVE-2025-68301 high 8.0 FIX rocky rhel sles 4mo ago In the Linux kernel, the following vulnerability has been resolved: net: atlantic: fix fragment overflow handling in RX path The atlantic driver can receive packets with more than MAX_SKB_FRAGS (17…
CVE-2025-66418 high 8.0 FIX rocky rhel sles 4mo ago RHSA-2026:1254: python-urllib3 security update (Important)
CVE-2025-40294 high 8.0 FIX rhel sles rocky 4mo ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern() In the parse_adv_monitor_pattern() function, the value of the 'len…
CVE-2025-40258 medium 5.5 FIX rocky rhel sles 4mo ago In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race condition in mptcp_schedule_work() syzbot reported use-after-free in mptcp_schedule_work() [1] Issue here is tha…
CVE-2025-40248 high 8.0 FIX rocky rhel sles 4mo ago In the Linux kernel, the following vulnerability has been resolved: vsock: Ignore signal/timeout on connect() if already established During connect(), acting on a signal/timeout by disconnecting an…
CVE-2025-38731 high 8.0 FIX rhel sles rocky 4mo ago In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix vm_bind_ioctl double free bug If the argument check during an array bind fails, the bind_ops are freed twice as seen …
CVE-2025-38349 high 8.0 FIX rhel sles rocky 4mo ago In the Linux kernel, the following vulnerability has been resolved: eventpoll: don't decrement ep refcount while still holding the ep mutex Jann Horn points out that epoll is decrementing the ep re…
CVE-2025-38141 high 8.0 FIX rhel sles rocky 4mo ago In the Linux kernel, the following vulnerability has been resolved: dm: fix dm_blk_report_zones If dm_get_live_table() returned NULL, dm_put_live_table() was never called. Also, it is possible that…
CVE-2026-0994 high 8.0 rhel sles rocky google 4mo ago Important: protobuf security update
CVE-2026-21945 high 7.5 7.5 FIX rocky rhel sles oracle 4mo ago RHSA-2026:4832: java-1.8.0-ibm security update (Important)
CVE-2026-21933 medium 6.1 6.1 FIX rocky rhel sles oracle 4mo ago RHSA-2026:4832: java-1.8.0-ibm security update (Important)
CVE-2026-21925 medium 4.8 4.8 FIX rocky rhel sles oracle 4mo ago RHSA-2026:4832: java-1.8.0-ibm security update (Important)
CVE-2025-67726 medium 5.5 FIX rocky slesdebian debian 5mo ago RHSA-2026:0930: pcs security update (Moderate)
CVE-2025-67725 medium 5.5 FIX rocky slesdebian debian 5mo ago RHSA-2026:0930: pcs security update (Moderate)
CVE-2025-61729 high 8.0 FIX rocky rheldebian debian google 5mo ago RHSA-2026:4952: rhc security update (Important)
CVE-2025-14425 high 8.0 FIX rheldebian debian sles 5mo ago Important: gimp security update
CVE-2025-14424 high 8.0 FIX rheldebian debian sles 5mo ago Important: gimp security update
CVE-2025-14423 high 8.0 FIX rheldebian debian sles 5mo ago Important: gimp security update
CVE-2025-14422 high 8.0 FIX rocky rheldebian debian 5mo ago RHSA-2026:1574: gimp:2.8 security update (Important)
CVE-2025-13601 high 7.7 7.7 FIX rocky rheldebian debian redhatgnome 5mo ago A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of u…
CVE-2025-68287 high 8.0 FIX rhel sles rocky 5mo ago In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths This patch addresses a race condition caused b…
CVE-2025-68285 medium 5.5 FIX rocky rhel sles 5mo ago In the Linux kernel, the following vulnerability has been resolved: libceph: fix potential use-after-free in have_mon_and_osd_map() The wait loop in __ceph_open_session() can race with the client r…
CVE-2025-67269 high 8.0 FIX rheldebian debian rocky 5mo ago Important: gpsd-minimal security update
CVE-2025-67268 high 8.0 FIX rheldebian debian rocky 5mo ago Important: gpsd-minimal security update
CVE-2025-66566 high 8.0 rhel rockydebian debian 5mo ago yawkat LZ4 Java has a possible information leak in Java safe decompressor
CVE-2025-40277 high 8.0 FIX rocky rhel sles 5mo ago In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE This data originates from userspace and is used in buffer …
CVE-2025-39933 high 8.0 FIX rocky rhel sles 5mo ago In the Linux kernel, the following vulnerability has been resolved: smb: client: let recv_done verify data_offset, data_length and remaining_data_length This is inspired by the related server fixes.
CVE-2025-38703 high 8.0 FIX rhel sles rocky 5mo ago In the Linux kernel, the following vulnerability has been resolved: drm/xe: Make dma-fences compliant with the safe access rules Xe can free some of the data pointed to by the dma-fences it exports…
CVE-2025-38051 high 8.0 FIX rocky slesdebian debian 5mo ago In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix use-after-free in cifs_fill_dirent There is a race condition in the readdir concurrency process, which may acces…
CVE-2026-23490 high 8.0 FIX rocky rhel sles 5mo ago RHSA-2026:4146: python-pyasn1 security update (Important)
CVE-2026-0891 high 8.0 FIX rocky rheldebian debian 5mo ago Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort…
CVE-2026-0890 high 8.0 FIX rocky rheldebian debian 5mo ago Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
CVE-2026-0887 high 8.0 FIX rocky rheldebian debian 5mo ago Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
CVE-2026-0886 high 8.0 FIX rocky rheldebian debian 5mo ago Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
CVE-2026-0885 high 8.0 FIX rocky rheldebian debian 5mo ago Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
CVE-2026-0884 high 8.0 FIX rocky rheldebian debian 5mo ago Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
CVE-2026-0883 high 8.0 FIX rocky rheldebian debian 5mo ago Information disclosure in the Networking component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
CVE-2026-0882 high 8.0 FIX rocky rheldebian debian 5mo ago Use-after-free in the IPC component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
CVE-2026-0880 high 8.0 FIX rocky rheldebian debian 5mo ago Sandbox escape due to integer overflow in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
CVE-2026-0879 high 8.0 FIX rocky rheldebian debian 5mo ago Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140…
CVE-2026-0878 high 8.0 FIX rocky rheldebian debian 5mo ago Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
CVE-2026-0877 high 8.0 FIX rocky rheldebian debian 5mo ago Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
CVE-2025-68973 high 8.0 FIX rocky rheldebian debian 5mo ago RHSA-2026:0728: gnupg2 security update (Important)
CVE-2025-68615 high 8.0 FIX rocky rhel sles 5mo ago RHSA-2026:0750: net-snmp security update (Important)
CVE-2025-46397 medium 5.5 FIX rocky rheldebian debian 5mo ago RHSA-2026:0756: transfig security update (Moderate)
CVE-2025-14327 high 8.0 FIX rocky rheldebian debian 5mo ago Spoofing issue in the Downloads Panel component. This vulnerability was fixed in Firefox 146, Thunderbird 146, Firefox ESR 140.7, and Thunderbird 140.7.
CVE-2025-14242 medium 5.5 FIX rocky rhel sles 5mo ago RHSA-2026:0608: vsftpd security update (Moderate)
CVE-2025-12817 medium 5.5 FIX rocky rhel sles 5mo ago RHSA-2026:0524: postgresql:15 security update (Moderate)
CVE-2025-47913 high 8.0 FIX rocky rheldebian debian 5mo ago RHSA-2026:0753: container-tools:rhel8 security update (Important)
CVE-2025-40240 high 8.0 FIX rocky rhel sles 5mo ago In the Linux kernel, the following vulnerability has been resolved: sctp: avoid NULL dereference when chunk data buffer is missing chunk->skb pointer is dereferenced in the if-block where it's supp…
CVE-2025-39993 high 8.0 FIX rocky slesdebian debian 5mo ago In the Linux kernel, the following vulnerability has been resolved: media: rc: fix races with imon_disconnect() Syzbot reports a KASAN issue as below: BUG: KASAN: use-after-free in __create_pipe in…
CVE-2025-39883 medium 5.5 FIX rocky rhel sles 5mo ago In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory When I did memory failure tests, below panic occur…
CVE-2025-39840 medium 5.5 FIX rhel sles rocky 5mo ago In the Linux kernel, the following vulnerability has been resolved: audit: fix out-of-bounds read in audit_compare_dname_path() When a watch on dir=/ is combined with an fsnotify event for a single…
CVE-2025-39806 high 7.1 7.1 FIX rhel sles rocky 5mo ago In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() A malicious HID device can trigger a slab out-of-bounds durin…
CVE-2025-14523 high 8.0 FIX rocky rhel sles 5mo ago RHSA-2026:1509: spice-client-win security update (Important)
CVE-2025-12818 medium 5.5 FIX rocky rhel sles 5mo ago RHSA-2026:0695: libpq security update (Moderate)
CVE-2025-61915 medium 5.5 FIX rocky rheldebian debian 5mo ago RHSA-2026:0596: cups security update (Moderate)
CVE-2025-58436 medium 5.5 FIX rocky rheldebian debian 5mo ago RHSA-2026:0596: cups security update (Moderate)
CVE-2026-21441 high 8.0 FIX rocky rhel sles 5mo ago RHSA-2026:1254: python-urllib3 security update (Important)
CVE-2026-21968 medium 5.5 FIX rocky rhel sles 5mo ago RHSA-2026:6435: mariadb:10.11 security update (Moderate)
CVE-2025-66293 high 8.0 FIX rocky rheldebian debian 5mo ago RHSA-2026:9686: java-17-openjdk security update (Important)
CVE-2025-65018 high 8.0 FIX rocky rheldebian debian 5mo ago RHSA-2026:0932: java-1.8.0-openjdk security update (Important)
CVE-2025-64720 high 8.0 FIX rocky rheldebian debian 5mo ago RHSA-2026:0932: java-1.8.0-openjdk security update (Important)
CVE-2023-52971 medium 5.5 FIX rocky rhel sles 5mo ago RHSA-2026:6435: mariadb:10.11 security update (Moderate)
CVE-2025-32365 medium 5.5 FIX rocky rhel sles 5mo ago Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check.
CVE-2025-13699 high 8.0 FIX rocky rhel sles 5mo ago RHSA-2026:0698: mariadb-devel:10.3 security update (Important)
CVE-2025-45582 medium 5.5 rhel sles rocky 5mo ago Moderate: tar security update
CVE-2023-54035 high 8.0 FIX rhel slesdebian debian 5mo ago In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix underflow in chain reference counter Set element addition error path decrements reference counter on ch…
CVE-2025-68156 high 8.0 FIX rheldebian debian sles 6mo ago Important: opentelemetry-collector security update
CVE-2025-66200 high 8.0 FIX rockydebian debian rhel 6mo ago mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an u…
CVE-2025-65082 high 8.0 FIX rockydebian debian rhel 6mo ago Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables cal…
CVE-2025-58098 high 8.0 FIX rockydebian debian rhel 6mo ago Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query string to #exec cmd="..." directives. This issue affects A…
CVE-2025-55753 high 8.0 FIX debian debian rocky rhel 6mo ago An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures (~30 days in default configurations), to the backoff timer becoming 0. Attempts to renew the certi…
CVE-2025-26625 high 8.0 FIX rocky rheldebian debian 6mo ago Git LFS may write to arbitrary files via crafted symlinks
CVE-2025-8291 medium 5.5 FIX rocky rhelalmalinux almalinux 6mo ago The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD re…
CVE-2025-6491 medium 5.5 FIX rockyalmalinux almalinux rhel 6mo ago RHSA-2026:2470: php:7.4 security update (Moderate)
CVE-2025-6075 high 8.0 FIX rockyalmalinux almalinux rhel 6mo ago If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables.
CVE-2025-6069 high 8.0 FIX rocky rheldebian debian 6mo ago The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service.
CVE-2025-5987 medium 5.5 FIX rheldebian debian sles 6mo ago Moderate: libssh security update
CVE-2025-43541 high 8.0 FIX rocky rhel sles 6mo ago A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Process…
CVE-2025-43536 high 8.0 FIX rocky rhel sles 6mo ago A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Processing maliciou…
CVE-2025-43535 high 8.0 FIX rocky rhel sles 6mo ago The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciou…