VIR Vulnerability Intelligence Relay

Search

Found 5,021 results in 1053ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-5419 low 3.7 3.7 FIX debian debian sles rhel 2d ago RHSA-2026:20612: gnutls security update (Important)
CVE-2025-53020 high 8.0 FIX debian debian sles rhel 3d ago Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63. Users are recommended to upgrade to version 2.4…
CVE-2026-34079 high 8.0 FIX debian debian sles rhel 7d ago RHSA-2026:21756: flatpak security update (Important)
CVE-2026-34078 high 8.0 FIX debian debian sles rhel 7d ago RHSA-2026:21756: flatpak security update (Important)
CVE-2026-23392 high 8.0 FIX sles rheldebian debian 7d ago In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: release flowtable after rcu grace period on error Call synchronize_rcu() after unregistering the hooks from…
CVE-2025-71089 high 8.0 FIX sles rheldebian debian 7d ago In the Linux kernel, the following vulnerability has been resolved: iommu: disable SVA when CONFIG_X86 is set Patch series "Fix stale IOTLB entries for kernel address space", v7. This proposes a f…
CVE-2025-68366 high 8.0 FIX sles rheldebian debian 7d ago In the Linux kernel, the following vulnerability has been resolved: nbd: defer config unlock in nbd_genl_connect There is one use-after-free warning when running NBD_CMD_CONNECT and NBD_CLEAR_SOCK:…
CVE-2025-68347 high 8.0 FIX slesdebian debianalmalinux almalinux 7d ago In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events The DSP event handling code in hwdep_read() could write mor…
CVE-2025-68183 high 8.0 FIX sles rheldebian debian 7d ago In the Linux kernel, the following vulnerability has been resolved: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr Currently when both IMA and EVM are in fix mode, the IMA …
CVE-2025-38653 high 8.0 FIX rhel slesdebian debian 7d ago In the Linux kernel, the following vulnerability has been resolved: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al Check pde->proc_ops->proc_lseek directly may ca…
CVE-2026-3012 high 8.0 8.0 FIX slesdebian debian rhel 8d ago A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and…
CVE-2026-8975 high 8.8 8.8 FIX rheldebian debian sles mozilla 8d ago Important: thunderbird security update
CVE-2026-8974 high 8.8 8.8 FIX rheldebian debian sles mozilla 8d ago Important: thunderbird security update
CVE-2026-8970 high 8.8 8.8 FIX rheldebian debian sles mozilla 8d ago Important: thunderbird security update
CVE-2026-8968 high 7.5 7.5 FIX rheldebian debian sles mozilla 8d ago Important: thunderbird security update
CVE-2026-8962 high 8.1 8.1 FIX rheldebian debian sles mozilla 8d ago Important: thunderbird security update
CVE-2026-8958 high 8.6 8.6 FIX rheldebian debian sles mozilla 8d ago Important: thunderbird security update
CVE-2026-8957 high 8.8 8.8 FIX rheldebian debian sles mozilla 8d ago Important: thunderbird security update
CVE-2026-8955 high 8.8 8.8 FIX rheldebian debian sles mozilla 8d ago Important: thunderbird security update
CVE-2026-8954 high 7.5 7.5 FIX rheldebian debian sles mozilla 8d ago Important: thunderbird security update
CVE-2026-8947 high 7.3 7.3 FIX rheldebian debian sles mozilla 8d ago Important: thunderbird security update
CVE-2026-8946 high 7.5 7.5 FIX rheldebian debian sles mozilla 8d ago Important: thunderbird security update
CVE-2026-42899 high 7.5 7.5 FIX rhelmacos macos linux-kernel microsoft 8d ago Important: .NET 9.0 security update
CVE-2026-34043 high 8.0 FIX rheldebian debianalmalinux almalinux 8d ago RHSA-2026:21291: .NET 8.0 security update (Important)
CVE-2026-42013 high 8.2 8.2 FIX debian debian sles rhel 8d ago RHSA-2026:20612: gnutls security update (Important)
CVE-2026-42012 high 7.1 7.1 FIX debian debian rhelwindows windows 8d ago RHSA-2026:20612: gnutls security update (Important)
CVE-2026-5260 high 8.2 8.2 FIX debian debian sles rhel 8d ago RHSA-2026:20612: gnutls security update (Important)
CVE-2026-48864 high 7.8 7.8 debian debian sles rhel opensuseredhat 8d ago A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input validation. An attacker ca…
CVE-2026-8092 high 8.1 8.1 FIX rheldebian debian sles mozilla 9d ago Memory safety bugs present in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of th…
CVE-2026-8090 high 7.3 7.3 FIX rheldebian debian sles mozilla 9d ago Use-after-free in the DOM: Networking component. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR 140.10.2, Firefox ESR 115.35.2, Thunderbird 150.0.2, and Thunderbird 140.10.2.
CVE-2026-42014 high 8.0 FIX debian debian sles rhel 9d ago RHSA-2026:20612: gnutls security update (Important)
CVE-2026-9064 high 7.5 7.5 debian debian sles rhel redhat 15d ago A flaw was found in 389-ds-base. The get_ldapmessage_controls_ext() function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated a…
CVE-2026-46333 high 7.1 7.1 FIX rhel slesdebian debian google 15d ago In the Linux kernel, the following vulnerability has been resolved: ptrace: slightly saner 'get_dumpable()' logic The 'dumpability' of a task is fundamentally about the memory image of the task - t…
CVE-2026-46300 high 7.8 8.8 EXPFIX rhel slesdebian debian aws 15d ago In the Linux kernel, the following vulnerability has been resolved: net: skbuff: preserve shared-frag marker during coalescing skb_try_coalesce() can attach paged frags from @from to @to. If @from…
CVE-2026-43128 high 7.8 7.8 FIX rhel slesdebian debian 15d ago In the Linux kernel, the following vulnerability has been resolved: RDMA/umem: Fix double dma_buf_unpin in failure path In ib_umem_dmabuf_get_pinned_with_dma_device(), the call to ib_umem_dmabuf_ma…
CVE-2026-37555 high 7.5 7.5 FIX rheldebian debian sles libsndfile_project 15d ago RHSA-2026:19559: libsndfile security update (Important)
CVE-2026-31532 high 7.8 7.8 FIX rhel slesdebian debian google 15d ago In the Linux kernel, the following vulnerability has been resolved: can: raw: fix ro->uniq use-after-free in raw_rcv() raw_release() unregisters raw CAN receive filters via can_rx_unregister(), but…
CVE-2026-23401 high 8.0 FIX rhel slesdebian debian google 15d ago In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE When installing an emulated MMIO SPTE, do so *after*…
CVE-2026-23204 high 7.1 7.1 FIX rocky rhel sles 15d ago In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_u32: use skb_header_pointer_careful() skb_header_pointer() does not fully validate negative @offset values. Use s…
CVE-2026-22990 high 8.0 FIX rhel slesdebian debian 15d ago In the Linux kernel, the following vulnerability has been resolved: libceph: replace overzealous BUG_ON in osdmap_apply_incremental() If the osdmap is (maliciously) corrupted such that the incremen…
CVE-2026-22984 high 8.0 FIX rhel slesdebian debian 15d ago In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds reads in handle_auth_done() Perform an explicit bounds check on payload_len to avoid a p…
CVE-2025-71116 high 8.0 FIX rhel slesdebian debian 15d ago In the Linux kernel, the following vulnerability has been resolved: libceph: make decode_pool() more resilient against corrupted osdmaps If the osdmap is (maliciously) corrupted such that the encod…
CVE-2025-68741 high 8.0 FIX rhel slesdebian debian 15d ago In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix improper freeing of purex item In qla2xxx_process_purls_iocb(), an item is allocated via qla27xx_copy_multiple…
CVE-2025-39766 high 7.8 7.8 FIX rhel slesdebian debian 15d ago In the Linux kernel, the following vulnerability has been resolved: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit The following setup can trigger a WARNING in htb_activate …
CVE-2026-7323 high 7.3 7.3 FIX rheldebian debianalmalinux almalinux mozilla 16d ago Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have…
CVE-2026-7322 high 7.3 7.3 FIX rheldebian debianalmalinux almalinux mozilla 16d ago Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have…
CVE-2026-7320 high 7.5 7.5 FIX rheldebian debianalmalinux almalinux mozilla 16d ago Information disclosure due to incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Firefox ESR 115.35.1, Thunderbird 150.…
CVE-2026-5713 high 8.0 FIX rhel slesdebian debian 16d ago Important: python3.14 security update
CVE-2026-4892 high 8.4 8.4 FIX rheldebian debian sles 16d ago RHSA-2026:20589: dnsmasq security update (Important)
CVE-2026-4890 high 7.5 7.5 FIX rheldebian debian sles 16d ago RHSA-2026:20589: dnsmasq security update (Important)
CVE-2026-4519 high 8.0 FIX rocky rheldebian debian 16d ago The webbrowser.open() API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended …
CVE-2026-4224 high 8.0 FIX rhel slesdebian debian 16d ago When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs.
CVE-2026-41035 high 7.8 7.8 FIX rhel slesdebian debian samba 16d ago RHSA-2026:17481: rsync security update (Important)
CVE-2026-39373 low 2.5 FIX rhel slesdebian debian 16d ago Low: python-jwcrypto security update
CVE-2026-3644 high 8.0 FIX rhel slesdebian debian 16d ago RHSA-2026:10950: python3.12 security update (Important)
CVE-2026-33984 high 8.0 FIX rheldebian debian sles 16d ago RHSA-2026:8945: freerdp security update (Important)
CVE-2026-33983 high 8.0 FIX rheldebian debian sles 16d ago RHSA-2026:8945: freerdp security update (Important)
CVE-2026-33810 high 8.0 FIX rheldebian debian sles 16d ago Important: opentelemetry-collector security update
CVE-2026-32281 high 8.0 FIX rheldebian debian sles google 16d ago Inefficient policy validation in crypto/x509
CVE-2026-31790 high 7.5 7.5 FIX rhel slesdebian debian opensslgoogle 16d ago Moderate: openssl security update
CVE-2026-3085 high 8.0 FIX rheldebian debian rocky 16d ago GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Int…
CVE-2026-3083 high 8.0 FIX rheldebian debian rocky 16d ago GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interactio…
CVE-2026-3082 high 8.0 FIX rheldebian debian rocky 16d ago RHSA-2026:6750: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, and gstreamer1-plugins-good security update (Important)
CVE-2026-2923 high 8.0 FIX rheldebian debian rocky 16d ago RHSA-2026:6750: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, and gstreamer1-plugins-good security update (Important)
CVE-2026-2922 high 8.0 FIX rheldebian debian rocky 16d ago Important: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free security update
CVE-2026-2921 high 8.0 FIX rheldebian debian rocky 16d ago RHSA-2026:6750: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, and gstreamer1-plugins-good security update (Important)
CVE-2026-2920 high 8.0 FIX rheldebian debian rocky 16d ago RHSA-2026:6750: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, and gstreamer1-plugins-good security update (Important)
CVE-2026-28871 high 8.0 FIX rhel slesdebian debian 16d ago A logic issue was addressed with improved checks. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4. Visiting a maliciously crafted website …
CVE-2026-28859 high 8.0 FIX rhel slesdebian debian 16d ago The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A malicious website may …
CVE-2026-28857 high 8.0 FIX rhel slesdebian debian 16d ago The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may le…
CVE-2026-27137 high 8.0 FIX rheldebian debian sles 16d ago RHSA-2026:22714: osbuild-composer security update (Important)
CVE-2026-24842 high 8.0 FIX rhel slesdebian debian 16d ago Important: linux-sgx security update
CVE-2026-23950 high 8.0 FIX rheldebian debian 16d ago Important: linux-sgx security update
CVE-2026-23745 high 8.0 FIX rhel slesdebian debian 16d ago Important: linux-sgx security update
CVE-2026-23243 high 7.8 7.8 FIX rhel slesdebian debian 16d ago In the Linux kernel, the following vulnerability has been resolved: RDMA/umad: Reject negative data_len in ib_umad_write ib_umad_write computes data_len from user-controlled count and the MAD heade…
CVE-2026-23060 high 8.0 FIX rhel slesdebian debian 16d ago In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec authencesn assumes an ESP/ESN-formatted AAD. When as…
CVE-2026-2297 high 8.0 FIX rhel slesdebian debian 16d ago The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not use io.open_code() to read the .pyc files. sys.au…
CVE-2026-2291 high 7.3 7.3 FIX rheldebian debian sles 16d ago RHSA-2026:20589: dnsmasq security update (Important)
CVE-2026-20691 high 8.0 FIX rhel slesdebian debian 16d ago An authorization issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. A maliciously crafted…
CVE-2026-20676 high 8.0 FIX rhel slesdebian debian 16d ago This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A website may be able to track users through…
CVE-2026-20665 high 8.0 FIX rhel slesdebian debian 16d ago This issue was addressed through improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, wat…
CVE-2026-20664 high 8.0 FIX rhel slesdebian debian 16d ago The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may le…
CVE-2026-20652 high 8.0 FIX rhel slesdebian debian 16d ago The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A remote attacker m…
CVE-2026-20644 high 8.0 FIX rhel slesdebian debian 16d ago The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciou…
CVE-2026-20643 high 8.0 FIX rhel slesdebian debian 16d ago A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for iOS, iPadOS, and macOS, Safari 26.4, iOS 18.7.7 an…
CVE-2026-20636 high 8.0 FIX rhel slesdebian debian 16d ago The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may le…
CVE-2026-20635 high 8.0 FIX rhel slesdebian debian 16d ago The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS …
CVE-2026-20608 high 8.0 FIX rhel slesdebian debian 16d ago This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing mal…
CVE-2026-1502 high 8.0 FIX rhel slesdebian debian 16d ago CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.
CVE-2026-0968 low 3.1 3.1 FIX rheldebian debian sles libssh 16d ago Moderate: libssh security update
CVE-2026-0966 high 8.2 8.2 FIX rheldebian debian sles libsshredhat 16d ago Moderate: libssh security update
CVE-2026-0965 low 3.3 3.3 FIX rheldebian debian sles libssh 16d ago Moderate: libssh security update
CVE-2026-0672 high 8.0 FIX rhel slesdebian debian 16d ago When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and para…
CVE-2025-9615 low 3.3 3.3 FIX rhel slesdebian debian 16d ago Low: NetworkManager security update
CVE-2025-8277 low 3.1 3.1 FIX rheldebian debian sles 16d ago Moderate: libssh security update
CVE-2025-61726 high 8.0 FIX rocky rheldebian debian google 16d ago RHSA-2026:22714: osbuild-composer security update (Important)
CVE-2025-55668 high 8.0 FIX rhel slesdebian debian 16d ago Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Old…
CVE-2025-4878 low 3.6 3.6 FIX rheldebian debian sles 16d ago Moderate: libssh security update
CVE-2025-46701 high 8.0 FIX arch arch rhel sles 16d ago Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to th…
CVE-2025-46299 high 8.0 FIX rhel slesdebian debian 16d ago A memory initialization issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Proc…