VIR Vulnerability Intelligence Relay

Search

Found 9,687 results in 774ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-43187 high 8.8 8.8 FIX slesdebian debian linux-kernel google 29d ago In the Linux kernel, the following vulnerability has been resolved: xfs: delete attr leaf freemap entries when empty Back in commit 2a2b5932db6758 ("xfs: fix attr leaf header freemap.size underflow…
CVE-2026-43184 high 7.5 7.5 FIX slesdebian debian linux-kernel 29d ago In the Linux kernel, the following vulnerability has been resolved: rnbd-srv: Zero the rsp buffer before using it Before using the data buffer to send back the response message, zero it completely.…
CVE-2026-43180 high 7.8 7.8 FIX slesdebian debian linux-kernel 29d ago In the Linux kernel, the following vulnerability has been resolved: net: usb: kaweth: remove TX queue manipulation in kaweth_set_rx_mode kaweth_set_rx_mode(), the ndo_set_rx_mode callback, calls ne…
CVE-2026-43178 high 7.8 7.8 FIX slesdebian debian linux-kernel 29d ago In the Linux kernel, the following vulnerability has been resolved: procfs: fix possible double mmput() in do_procmap_query() When user provides incorrectly sized buffer for build ID for PROCMAP_QU…
CVE-2026-43176 high 8.8 8.8 FIX slesdebian debian linux-kernel 29d ago In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: pci: validate release report content before using for RTL8922DE The commit 957eda596c76 ("wifi: rtw89: pci: validate…
CVE-2026-43172 high 8.8 8.8 FIX slesdebian debian linux-kernel 29d ago In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix 22000 series SMEM parsing If the firmware were to report three LMACs (which doesn't exist in hardware) then us…
CVE-2026-43166 high 7.1 7.1 FIX slesdebian debian linux-kernel 29d ago In the Linux kernel, the following vulnerability has been resolved: erofs: fix interlaced plain identification for encoded extents Only plain data whose start position and on-disk physical length a…
CVE-2026-43164 high 7.5 7.5 FIX slesdebian debian linux-kernel 29d ago In the Linux kernel, the following vulnerability has been resolved: udplite: Fix null-ptr-deref in __udp_enqueue_schedule_skb(). syzbot reported null-ptr-deref of udp_sk(sk)->udp_prod_queue. [0] S…
CVE-2026-43158 high 8.8 8.8 FIX sles rheldebian debian 29d ago In the Linux kernel, the following vulnerability has been resolved: xfs: fix freemap adjustments when adding xattrs to leaf blocks xfs/592 and xfs/794 both trip this assertion in the leaf block fre…
CVE-2026-43153 high 7.8 7.8 FIX slesdebian debian linux-kernel 29d ago In the Linux kernel, the following vulnerability has been resolved: xfs: remove xfs_attr_leaf_hasname The calling convention of xfs_attr_leaf_hasname() is problematic, because it returns a NULL buf…
CVE-2026-43150 high 7.8 7.8 FIX slesdebian debian linux-kernel 29d ago In the Linux kernel, the following vulnerability has been resolved: perf/arm-cmn: Reject unsupported hardware configurations So far we've been fairly lax about accepting both unknown CMN models (at…
CVE-2026-43141 high 7.1 7.1 FIX slesdebian debian linux-kernel 29d ago In the Linux kernel, the following vulnerability has been resolved: ntb: ntb_hw_switchtec: Fix shift-out-of-bounds for 0 mw lut Number of MW LUTs depends on NTB configuration and can be set to zero…
CVE-2026-43139 high 8.6 8.6 FIX slesdebian debian linux-kernel 29d ago In the Linux kernel, the following vulnerability has been resolved: xfrm6: fix uninitialized saddr in xfrm6_get_saddr() xfrm6_get_saddr() does not check the return value of ipv6_dev_get_saddr(). Wh…
CVE-2026-43138 high 7.8 7.8 FIX slesdebian debian linux-kernel 29d ago In the Linux kernel, the following vulnerability has been resolved: reset: gpio: suppress bind attributes in sysfs This is a special device that's created dynamically and is supposed to stay in mem…
CVE-2026-43134 high 8.1 8.1 FIX slesdebian debian linux-kernel 29d ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ This adds a check for encryption key size upon receiving L2CAP…
CVE-2026-43133 high 7.9 7.9 FIX slesdebian debian linux-kernel 29d ago In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Always use vmcb01 in VMLOAD/VMSAVE emulation Commit cc3ed80ae69f ("KVM: nSVM: always use vmcb01 to for vmsave/vmload o…
CVE-2026-43126 high 7.8 7.8 FIX slesdebian debian linux-kernel 29d ago In the Linux kernel, the following vulnerability has been resolved: ALSA: mixer: oss: Add card disconnect checkpoints ALSA OSS mixer layer calls the kcontrol ops rather individually, and pending ca…
CVE-2026-43120 high 7.8 7.8 FIX slesdebian debian linux-kernel 29d ago In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix double free related to rereg_user_mr If IB_MR_REREG_TRANS is set during rereg_user_mr, the umem will be released …
CVE-2026-43116 high 7.8 7.8 FIX slesdebian debian linux-kernel 29d ago In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: ensure safe access to master conntrack Holding reference on the expectation is not sufficient, the master c…
CVE-2026-43113 high 8.8 8.8 FIX slesdebian debian linux-kernel 29d ago In the Linux kernel, the following vulnerability has been resolved: wifi: wl1251: validate packet IDs before indexing tx_frames wl1251_tx_packet_cb() uses the firmware completion ID directly to ind…
CVE-2026-43112 high 8.8 8.8 FIX slesdebian debian linux-kernel google 29d ago In the Linux kernel, the following vulnerability has been resolved: fs/smb/client: fix out-of-bounds read in cifs_sanitize_prepath When cifs_sanitize_prepath is called with an empty string or a str…
CVE-2026-43111 high 7.8 7.8 FIX slesdebian debian linux-kernel 29d ago In the Linux kernel, the following vulnerability has been resolved: HID: roccat: fix use-after-free in roccat_report_event roccat_report_event() iterates over the device->readers list without holdi…
CVE-2026-43110 high 8.8 8.8 FIX sles rheldebian debian 29d ago In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: validate bsscfg indices in IF events brcmf_fweh_handle_if_event() validates the firmware-provided interface index…
CVE-2026-43106 high 7.8 7.8 FIX slesdebian debian linux-kernel 29d ago In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix incorrect dentry refcount in cachefiles_cull() The patch mentioned below changed cachefiles_bury_object() to expe…
CVE-2026-43101 high 7.5 7.5 FIX slesdebian debian linux-kernel 29d ago In the Linux kernel, the following vulnerability has been resolved: ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data() We need to check __in6_dev_get() for possible NULL value…
CVE-2026-43099 high 7.5 7.5 FIX slesdebian debian linux-kernel google 29d ago In the Linux kernel, the following vulnerability has been resolved: ipv4: icmp: fix null-ptr-deref in icmp_build_probe() ipv6_stub->ipv6_dev_find() may return ERR_PTR(-EAFNOSUPPORT) when the IPv6 s…
CVE-2026-43097 high 7.8 7.8 FIX slesdebian debian linux-kernel 29d ago In the Linux kernel, the following vulnerability has been resolved: PCI: hv: Fix double ida_free in hv_pci_probe error path If hv_pci_probe() fails after storing the domain number in hbus->bridge->…
CVE-2026-43093 high 7.8 7.8 FIX slesdebian debian linux-kernel google 29d ago In the Linux kernel, the following vulnerability has been resolved: xsk: tighten UMEM headroom validation to account for tailroom and min frame The current headroom validation in xdp_umem_reg() cou…
CVE-2026-43091 high 7.8 7.8 FIX slesdebian debian linux-kernel google 29d ago In the Linux kernel, the following vulnerability has been resolved: xfrm: Wait for RCU readers during policy netns exit xfrm_policy_fini() frees the policy_bydst hash tables after flushing the poli…
CVE-2026-43084 high 7.8 7.8 FIX slesdebian debian linux-kernel 29d ago In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_queue: make hash table per queue Sharing a global hash table among all queues is tempting, but it can cause …
CVE-2026-43078 high 7.8 7.8 FIX slesdebian debian linux-kernel 29d ago In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl When page reassignment was added to af_alg_pull_tsgl the orig…
CVE-2026-43076 high 7.8 7.8 FIX slesdebian debian linux-kernel 29d ago In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate inline data i_size during inode read When reading an inode from disk, ocfs2_validate_inode_block() performs vario…
CVE-2026-43075 high 7.8 7.8 FIX slesdebian debian linux-kernel 29d ago In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix out-of-bounds write in ocfs2_write_end_inline KASAN reports a use-after-free write of 4086 bytes in ocfs2_write_end_in…
CVE-2026-43074 high 7.8 7.8 FIX slesdebian debian linux-kernel google 29d ago In the Linux kernel, the following vulnerability has been resolved: eventpoll: defer struct eventpoll free to RCU grace period In certain situations, ep_free() in eventpoll.c will kfree the epi->ep…
CVE-2026-30922 high 7.5 7.5 FIX rhel sles rocky pyasn1 1mo ago Important: fence-agents security update
CVE-2026-42997 high 7.7 7.7 FIX debian debian 1mo ago OpenStack Ironic has an Incorrect Resource Transfer Between Spheres
CVE-2026-44167 high 7.5 7.5 FIX debian debian 1mo ago phpseclib has a CVE-2024-27355 mitigation bypass — OID amplification DoS in ASN1::decodeOID()
CVE-2026-42266 high 8.8 8.8 debian debian jupyter 1mo ago JupyterLab has an Extension Manager API/GUI Policy Discrepancy, allowing 3rd party (malicious) extensions install via POST request
CVE-2026-44331 high 8.1 8.1 FIX slesdebian debian 1mo ago In ProFTPD through 1.3.9a before 7666224, a SQL injection vulnerability in sqltab_fetch_clients_cb() in contrib/mod_wrap2_sql.c allows a remote attacker to inject arbitrary SQL commands via a crafted…
CVE-2026-30923 high 7.5 7.5 FIX slesdebian debian owasp 1mo ago ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occu…
CVE-2026-25243 high 8.8 8.8 slesdebian debianwindows windows redis 1mo ago RHSA-2026:23229: redis security update (Important)
CVE-2026-23631 high 8.1 8.1 slesdebian debianwindows windows redis 1mo ago Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-aft…
CVE-2026-23479 high 8.8 8.8 slesdebian debianwindows windows redis 1mo ago Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from `processCommandAndResetClient` when re-executing a blo…
CVE-2026-40110 high 7.3 7.3 debian debian jupyter 1mo ago Jupyter Server has a CORS Origin Validation Bypass via `re.match()` in `allow_origin_pat` (from huntr)
CVE-2026-35397 high 8.8 8.8 debian debian jupyter 1mo ago Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured root_d…
CVE-2026-43070 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: bpf: Reset register ID for BPF_END value tracking When a register undergoes a BPF_END (byte swap) operation, its scalar value is …
CVE-2026-43063 high 7.8 7.8 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: xfs: don't irele after failing to iget in xfs_attri_recover_work xlog_recovery_iget* never set @ip to a valid pointer if they ret…
CVE-2026-43062 high 7.1 7.1 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix type confusion in l2cap_ecred_reconf_rsp() l2cap_ecred_reconf_rsp() casts the incoming data to struct l2cap…
CVE-2026-43060 high 7.8 7.8 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: drop pending enqueued packets on removal Packets sitting in nfqueue might hold a reference to: - templates th…
CVE-2026-43059 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix list corruption and UAF in command complete handlers Commit 302a1f674c00 ("Bluetooth: MGMT: Fix possible UAF…
CVE-2026-29168 high 7.3 7.3 FIX debian debian sleswindows windows apache 1mo ago Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's  mod_md via OCSP response data. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.66. Users a…
CVE-2026-6322 high 7.5 7.5 FIX debian debian openjsf 1mo ago fast-uri vulnerable to host confusion via percent-encoded authority delimiters
CVE-2026-43870 high 7.3 7.3 FIX debian debianwindows windows apache 1mo ago Apache Thrift vulnerable to Path Traversal, HTTP Request/Response Splitting, Uncontrolled Resource Consumption
CVE-2026-43869 high 7.3 7.3 FIX debian debianwindows windows apache 1mo ago Apache Thrift has an Improper Validation of Certificate with Host Mismatch Vulnerability
CVE-2026-44028 high 7.5 7.5 FIX slesdebian debian 1mo ago An issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. Unbounded recursion in the NAR (Nix Archive) parser could lead to a stack-to-heap overflow when the parser is run on a coroutine st…
CVE-2026-35092 high 7.5 7.5 FIX rheldebian debian sles corosyncredhat 1mo ago A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) pac…
CVE-2026-35091 high 8.2 8.2 FIX rheldebian debian sles corosyncredhat 1mo ago A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User…
CVE-2026-27858 high 7.5 7.5 FIX rheldebian debian sles dovecotopen-xchange 1mo ago Important: dovecot security update
CVE-2026-27857 high 7.5 7.5 FIX rheldebian debian sles dovecotopen-xchange 1mo ago Important: dovecot security update
CVE-2026-26007 high 8.0 FIX rhel sles rocky 1mo ago RHSA-2026:12176: fence-agents security update (Important)
CVE-2026-25679 high 8.0 FIX rocky rheldebian debian google 1mo ago Important: golang security update
CVE-2025-68724 high 8.0 FIX sles rheldebian debian 1mo ago In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id Use check_add_overflow() to guard against potential inte…
CVE-2025-59032 high 7.5 7.5 FIX rheldebian debian sles dovecotopen-xchange 1mo ago Important: dovecot security update
CVE-2025-40252 high 8.0 FIX slesdebian debian rhel 1mo ago In the Linux kernel, the following vulnerability has been resolved: net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() The loops in 'qede_tpa_cont()' and 'qede…
CVE-2026-6321 high 7.5 7.5 FIX slesdebian debian openjsf 1mo ago fast-uri vulnerable to path traversal via percent-encoded dot segments
CVE-2026-43964 high 7.5 7.5 FIX slesdebian debianwindows windows postfix 1mo ago Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number.
CVE-2026-42154 high 7.5 7.5 slesdebian debianwindows windows prometheus 1mo ago Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpoint (/api/v1/read) does not validate the declared decoded length in a…
CVE-2026-42151 high 7.5 7.5 FIX slesdebian debianwindows windows prometheus 1mo ago Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the client_secret field in the Azure AD remote write OAuth configuration (storage/remote/a…
CVE-2026-37459 high 7.5 7.5 FIX debian debian sleswindows windows 1mo ago An integer underflow in FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.
CVE-2026-29004 high 8.1 8.1 debian debian sles 1mo ago BusyBox before commit 42202bf contains a heap buffer overflow vulnerability in the DHCPv6 client (udhcpc6) DNS_SERVERS option handler in networking/udhcp/d6_dhcpc.c that allows network-adjacent attac…
CVE-2026-42440 high 7.5 7.5 FIX debian debian apache 1mo ago OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReader  Versions Affected:  before 2.5.9 before 3.0.0-M3  Description: The AbstractModelReader methods getOut…
CVE-2026-37461 high 7.5 7.5 FIX debian debian osrg 1mo ago GoBGP has an out-of-bounds read in the ParseIP6Extended function
CVE-2026-29169 high 7.5 7.5 FIX debian debian sleswindows windows apache 1mo ago A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.mod_dav_lock is not used internally by mod_dav o…
CVE-2026-23918 high 8.8 9.8 EXPFIX debian debian sleswindows windows apache 1mo ago Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which f…
CVE-2025-70069 high 7.5 7.5 debian debian sles 1mo ago An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXConverter.cpp and ConvertMeshMultiMaterial() method
CVE-2026-34059 high 7.5 7.5 FIX debian debian rhel sles apache 1mo ago Important: httpd security update
CVE-2026-24072 high 8.8 8.8 FIX debian debian sleswindows windows apache 1mo ago An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgra…
CVE-2026-33846 high 7.5 7.5 FIX debian debian sleswindows windows 1mo ago RHSA-2026:20612: gnutls security update (Important)
CVE-2026-7737 high 7.5 7.5 FIX debian debian osrg 1mo ago GoBGP has Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2026-7736 high 7.5 7.5 FIX debian debian osrg 1mo ago GoBGP has an Integer Underflow Issue
CVE-2026-7735 high 7.3 7.3 FIX debian debian osrg 1mo ago A vulnerability was found in osrg GoBGP up to 4.3.0. Affected is the function PathAttributeAigp.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component AIGP Attribute Parser. Performing a …
CVE-2026-7734 high 7.5 7.5 FIX debian debian osrg 1mo ago GoBGP has an Improper Resource Shutdown or Release
CVE-2026-42246 high 7.4 7.4 debian debianwindows windows ruby-lang 1mo ago net-imap vulnerable to STARTTLS stripping via invalid response timing
CVE-2026-42245 high 7.5 7.5 slesdebian debian ruby-lang 1mo ago net-imap has quadratic complexity when reading response literals
CVE-2026-35414 high 8.0 FIX rhel slesdebian debian google 1mo ago Important: openssh security update
CVE-2026-35388 high 8.0 FIX rhel slesdebian debian 1mo ago Important: openssh security update
CVE-2026-35387 high 8.0 FIX rhel slesdebian debian 1mo ago Important: openssh security update
CVE-2026-35386 high 8.0 FIX rhel slesdebian debian google 1mo ago Important: openssh security update
CVE-2026-35385 high 8.0 FIX rhel slesdebian debian google 1mo ago Important: openssh security update
CVE-2026-31431 high 7.8 10.0 KEVEXPFIX rhelarch arch sles redhatsusearista 1mo ago Important: kernel security update
CVE-2026-24660 high 8.0 FIX debian debian sles rhel 1mo ago RHSA-2026:13284: LibRaw security update (Important)
CVE-2026-23270 high 7.8 7.8 FIX rhel sles rocky 1mo ago Important: kernel security update
CVE-2026-23136 high 8.0 FIX rhel slesdebian debian 1mo ago Important: kernel security update
CVE-2026-20889 high 8.0 FIX debian debian sles rhel 1mo ago RHSA-2026:13284: LibRaw security update (Important)
CVE-2026-7598 high 7.3 7.3 FIX debian debian sleswindows windows libssh2 1mo ago A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c. Such manipulation of the argument username_len/p…
CVE-2026-37457 high 7.5 7.5 FIX debian debian sleswindows windows frrouting 1mo ago An off-by-one out-of-bounds write vulnerability in the bgp_flowspec_op_decode() function (bgpd/bgp_flowspec_util.c) of FRRouting (FRR) stable/10.0 allows attackers to cause a Denial of Service (DoS) …
CVE-2026-43507 high 7.5 7.5 FIX debian debian prosody 1mo ago An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5. A Denial of Service can occur via memory exhaustion caused by XML parsing resource amplification from unauthen…
CVE-2026-43506 high 7.5 7.5 FIX debian debian prosody 1mo ago An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5. A Denial of Service can occur via memory exhaustion caused by memory leaks from unauthenticated connections.
CVE-2026-43057 high 7.5 7.5 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: net: correctly handle tunneled traffic on IPV6_CSUM GSO fallback NETIF_F_IPV6_CSUM only advertises support for checksum offload o…
CVE-2026-43056 high 7.8 7.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: net: mana: fix use-after-free in add_adev() error path If auxiliary_device_add() fails, add_adev() jumps to add_fail and calls au…