VIR Vulnerability Intelligence Relay

Search

Found 2,320 results in 265ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-42154 high 7.5 7.5 slesdebian debianwindows windows prometheus 1mo ago Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpoint (/api/v1/read) does not validate the declared decoded length in a…
CVE-2026-42151 high 7.5 7.5 FIX slesdebian debianwindows windows prometheus 1mo ago Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the client_secret field in the Azure AD remote write OAuth configuration (storage/remote/a…
CVE-2026-37459 high 7.5 7.5 FIX debian debian sleswindows windows 1mo ago An integer underflow in FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.
CVE-2026-29169 high 7.5 7.5 FIX debian debian sleswindows windows apache 1mo ago A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.mod_dav_lock is not used internally by mod_dav o…
CVE-2026-23918 high 8.8 9.8 EXPFIX debian debian sleswindows windows apache 1mo ago Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which f…
CVE-2026-34059 high 7.5 7.5 FIX debian debian rhel sles apache 1mo ago Important: httpd security update
CVE-2026-24072 high 8.8 8.8 FIX debian debian sleswindows windows apache 1mo ago An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgra…
CVE-2026-33846 high 7.5 7.5 FIX debian debian sleswindows windows 1mo ago RHSA-2026:20612: gnutls security update (Important)
CVE-2026-42258 critical 9.8 9.8 debian debianwindows windows ruby-lang 1mo ago net-imap vulnerable to command Injection via unvalidated Symbol inputs
CVE-2026-42257 critical 9.8 9.8 debian debianwindows windows ruby-lang 1mo ago net-imap vulnerable to command Injection via "raw" arguments to multiple commands
CVE-2026-42246 high 7.4 7.4 debian debianwindows windows ruby-lang 1mo ago net-imap vulnerable to STARTTLS stripping via invalid response timing
CVE-2026-7598 high 7.3 7.3 FIX debian debian sleswindows windows libssh2 1mo ago A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c. Such manipulation of the argument username_len/p…
CVE-2026-37457 high 7.5 7.5 FIX debian debian sleswindows windows frrouting 1mo ago An off-by-one out-of-bounds write vulnerability in the bgp_flowspec_op_decode() function (bgpd/bgp_flowspec_util.c) of FRRouting (FRR) stable/10.0 allows attackers to cause a Denial of Service (DoS) …
CVE-2026-43052 high 7.1 7.1 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check tdls flag in ieee80211_tdls_oper When NL80211_TDLS_ENABLE_LINK is called, the code only checks if the stati…
CVE-2026-43049 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: HID: logitech-hidpp: Prevent use-after-free on force feedback initialisation failure Presently, if the force feedback initialisat…
CVE-2026-43048 high 8.8 8.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: HID: core: Mitigate potential OOB by removing bogus memset() The memset() in hid_report_raw_event() has the good intention of cle…
CVE-2026-43042 high 7.1 7.1 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: mpls: add seqcount to protect the platform_label{,s} pair The RCU-protected codepaths (mpls_forward, mpls_dump_routes) can have a…
CVE-2026-43037 critical 9.8 9.8 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: clear skb2->cb[] in ip4ip6_err() Oskar Kjos reported the following problem. ip4ip6_err() calls icmp_send() on a clon…
CVE-2026-43033 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption When decrypting data that is not in-place (src …
CVE-2026-43029 high 7.5 7.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: mptcp: fix soft lockup in mptcp_recvmsg() syzbot reported a soft lockup in mptcp_recvmsg() [0]. When receiving data with MSG_PEE…
CVE-2026-43019 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: fix potential UAF in set_cig_params_sync hci_conn lookup and field access must be covered by hdev lock in se…
CVE-2026-43009 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: bpf: Fix incorrect pruning due to atomic fetch precision tracking When backtrack_insn encounters a BPF_STX instruction with BPF_A…
CVE-2026-31771 high 8.1 8.1 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: move wake reason storage into validated event handlers hci_store_wake_reason() is called from hci_event_pac…
CVE-2026-31769 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: gpib: fix use-after-free in IO ioctl handlers The IBRD, IBWRT, IBCMD, and IBWAIT ioctl handlers use a gpib_descriptor pointer aft…
CVE-2026-31729 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: validate connector number in ucsi_notify_common() The connector number extracted from CCI via UCSI_CCI_CONNECTO…
CVE-2026-31718 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in __ksmbd_close_fd() via durable scavenger When a durable file handle survives session disconnect (TCP…
CVE-2026-31717 high 8.8 8.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate owner of durable handle on reconnect Currently, ksmbd does not verify if the user attempting to reconnect to a du…
CVE-2026-31715 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: f2fs: fix UAF caused by decrementing sbi->nr_pages[] in f2fs_write_end_io() The xfstests case "generic/107" and syzbot have both …
CVE-2026-31712 high 8.3 8.3 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: ksmbd: require minimum ACE size in smb_check_perm_dacl() Both ACE-walk loops in smb_check_perm_dacl() only guard against an under…
CVE-2026-31711 high 7.5 7.5 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: smb: server: fix active_num_conn leak on transport allocation failure Commit 77ffbcac4e56 ("smb: server: fix leak of active_num_c…
CVE-2026-31709 high 8.8 8.8 FIX sles rheldebian debian google 1mo ago In the Linux kernel, the following vulnerability has been resolved: smb: client: validate the whole DACL before rewriting it in cifsacl build_sec_desc() and id_mode_to_cifs_acl() derive a DACL poin…
CVE-2026-31708 high 8.1 8.1 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: smb: client: fix OOB read in smb2_ioctl_query_info QUERY_INFO path smb2_ioctl_query_info() has two response-copy branches: PASSTH…
CVE-2026-31707 high 7.1 7.1 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate response sizes in ipc_validate_msg() ipc_validate_msg() computes the expected message size for each response type…
CVE-2026-31706 high 8.8 8.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate num_aces and harden ACE walk in smb_inherit_dacl() smb_inherit_dacl() trusts the on-disk num_aces value from the …
CVE-2026-31705 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out-of-bounds write in smb2_get_ea() EA alignment smb2_get_ea() applies 4-byte alignment padding via memset() after wr…
CVE-2026-31702 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: f2fs: fix use-after-free of sbi in f2fs_compress_write_end_io() In f2fs_compress_write_end_io(), dec_page_count(sbi, type) can br…
CVE-2026-31700 high 7.8 7.8 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: net/packet: fix TOCTOU race on mmap'd vnet_hdr in tpacket_snd() In tpacket_snd(), when PACKET_VNET_HDR is enabled, vnet_hdr point…
CVE-2026-31699 high 7.1 7.1 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed When retrieving the PEK CSR, don't attempt to copy the …
CVE-2026-31698 high 7.1 7.1 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: crypto: ccp: Don't attempt to copy PDH cert to userspace if PSP command failed When retrieving the PDH cert, don't attempt to cop…
CVE-2026-31697 high 7.1 7.1 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: crypto: ccp: Don't attempt to copy ID to userspace if PSP command failed When retrieving the ID for the CPU, don't attempt to cop…
CVE-2026-31696 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix missing validation of ticket length in non-XDR key preparsing In rxrpc_preparse(), there are two paths for parsing key…
CVE-2026-31694 high 7.8 7.8 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: fuse: reject oversized dirents in page cache fuse_add_dirent_to_cache() computes a serialized dirent size from the server-control…
CVE-2026-33116 high 7.5 7.5 rhel linux-kernelmacos macos microsoft 2mo ago Important: .NET 8.0 security update
CVE-2026-32157 high 8.8 8.8 FIX windows windows microsoft 2mo ago Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-32154 high 7.8 7.8 FIX windows windows 2mo ago Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-32152 high 7.8 7.8 FIX windows windows 2mo ago Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-32077 high 7.8 7.8 FIX windows windows 2mo ago Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
CVE-2026-26151 high 7.1 7.1 FIX windows windows 2mo ago Insufficient ui warning of dangerous operations in Windows Remote Desktop allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-23666 high 7.5 7.5 windows windows microsoft 2mo ago Improper input validation in .NET Framework allows an unauthorized attacker to deny service over a network.
CVE-2026-26128 high 7.8 7.8 FIX windows windows 3mo ago Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally.
CVE-2026-25187 high 7.8 7.8 FIX windows windows 3mo ago Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.
CVE-2026-24285 high 7.0 7.0 FIX windows windows microsoft 3mo ago Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally.
CVE-2026-20931 high 8.0 8.0 FIX windows windows 5mo ago External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network.
CVE-2026-20921 high 7.5 7.5 FIX windows windows 5mo ago Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.
CVE-2026-20864 high 7.8 7.8 FIX windows windows 5mo ago Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.
CVE-2026-20817 high 7.8 7.8 FIX windows windows 5mo ago Improper handling of insufficient permissions or privileges in Windows Error Reporting allows an authorized attacker to elevate privileges locally.
CVE-2025-60724 critical 9.8 9.8 FIX windows windows microsoft 7mo ago Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.
CVE-2025-53766 critical 9.8 9.8 FIX windows windows microsoft 10mo ago Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.
CVE-2025-30388 high 7.8 7.8 FIX windows windows microsoft 1y ago Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.
CVE-2025-26687 high 7.5 7.5 FIX windows windows microsoft 1y ago Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-21338 high 7.8 7.8 FIX windows windows microsoft 1y ago GDI+ Remote Code Execution Vulnerability
CVE-2024-43455 critical 9.8 9.8 FIX windows windows 2y ago Windows Remote Desktop Licensing Service Spoofing Vulnerability
CVE-2024-38250 high 7.8 7.8 FIX windows windows microsoft 2y ago Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2023-44487 high 7.5 10.0 KEVEXPFIX rocky rheldebian debian siemensietfnghttp2 3y ago The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2023-38545 critical 9.8 9.8 FIX rhelarch archdebian debian haxxnetapp 3y ago This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it…
CVE-2023-29335 high 7.5 7.5 windows windows microsoft 3y ago Microsoft Word Security Feature Bypass Vulnerability
CVE-2022-44702 high 7.8 7.8 windows windows microsoft 4y ago Windows Terminal Remote Code Execution Vulnerability
CVE-2022-26926 high 7.8 7.8 windows windows 4y ago Windows Address Book Remote Code Execution Vulnerability
CVE-2022-26826 high 7.2 7.2 windows windows 4y ago Windows DNS Server Remote Code Execution Vulnerability
CVE-2022-26795 high 7.8 7.8 windows windows 4y ago Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2020-17103 high 7.0 7.0 windows windows 6y ago Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2017-11930 high 7.5 7.5 windows windows microsoft 9y ago ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows …
CVE-2017-11918 high 7.5 8.5 EXP windows windows microsoft 9y ago ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine …
CVE-2017-11914 high 7.5 8.5 EXP windows windows microsoft 9y ago ChakraCore vulnerable to privilege escalation due to exposure from scriptFunction
CVE-2017-11913 high 7.5 7.5 windows windows microsoft 9y ago Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2…
CVE-2017-11912 high 7.5 7.5 windows windows microsoft 9y ago ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in W…
CVE-2017-11911 high 7.5 8.5 EXP windows windows microsoft 9y ago ChakraCore RCE Vulnerability
CVE-2017-11910 high 7.5 7.5 windows windows microsoft 9y ago ChakraCore vulnerable to remote code execution due to insufficient InlineCache check
CVE-2017-11909 high 7.5 8.5 EXP windows windows microsoft 9y ago ChakraCore vulnerable to remote code execution
CVE-2017-11908 high 7.5 7.5 windows windows microsoft 9y ago ChakraCore RCE Vulnerability
CVE-2017-11907 high 7.5 8.5 EXP windows windows microsoft 9y ago Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2…
CVE-2017-11905 high 7.5 7.5 windows windows microsoft 9y ago ChakraCore RCE Vulnerability
CVE-2017-11903 high 7.5 8.5 EXP windows windows microsoft 9y ago Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2…
CVE-2017-11901 high 7.5 7.5 windows windows microsoft 9y ago Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 …
CVE-2017-11899 critical 9.8 9.8 windows windows 9y ago Device Guard in Windows 10 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way untrusted files are handled, a…
CVE-2017-11895 high 7.5 7.5 windows windows microsoft 9y ago ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Internet Explorer and Microsoft Edge in Windows 1…
CVE-2017-11894 high 7.5 7.5 windows windows microsoft 9y ago ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and and Internet Explorer adn Microsoft Edge …
CVE-2017-11893 high 7.5 8.5 EXP windows windows microsoft 9y ago ChakraCore vulnerable to remote code execution
CVE-2017-11890 high 7.5 8.5 EXP windows windows microsoft 9y ago Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker…
CVE-2017-11889 high 7.5 7.5 windows windows microsoft 9y ago ChakraCore RCE Vulnerability
CVE-2017-11888 high 7.5 7.5 windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft Edge…
CVE-2017-11886 high 7.5 7.5 windows windows microsoft 9y ago Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker…
CVE-2017-3114 critical 9.8 9.8 linux-kernel rhelwindows windows adobe 9y ago An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the co…
CVE-2017-3112 critical 9.8 9.8 linux-kernel rhelwindows windows adobe 9y ago An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the co…
CVE-2017-11225 critical 9.8 9.8 linux-kernel rhelwindows windows adobe 9y ago An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mis…
CVE-2017-11215 critical 9.8 9.8 linux-kernel rhelwindows windows adobe 9y ago An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK. The mismatch between an old an…
CVE-2017-11213 critical 9.8 9.8 linux-kernel rhelwindows windows adobe 9y ago An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer due to …
CVE-2017-11940 high 7.8 7.8 windows windows microsoft 9y ago The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Se…
CVE-2017-11937 high 7.8 7.8 windows windows microsoft 9y ago The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Se…
CVE-2017-11282 critical 9.8 10.0 EXP macos macos linux-kernel rhel adobe 9y ago Adobe Flash Player has an exploitable memory corruption vulnerability in the MP4 atom parser. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier.