Filtered by vendor Redhat Subscriptions
Total 23530 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2005-2263 2 Mozilla, Redhat 3 Firefox, Mozilla, Enterprise Linux 2026-04-16 N/A
The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of the new page and results in a same origin violation.
CVE-1999-0748 1 Redhat 1 Linux 2026-04-16 N/A
Buffer overflows in Red Hat net-tools package.
CVE-2004-0226 5 Gentoo, Midnight Commander, Redhat and 2 more 6 Linux, Midnight Commander, Enterprise Linux and 3 more 2026-04-16 N/A
Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code.
CVE-2004-0217 2 Redhat, Symantec 2 Linux, Antivirus Scan Engine 2026-04-16 7.0 High
The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan Engine 4.0 and 4.3 for Red Hat Linux allows local users to create or append to arbitrary files via a symlink attack on /tmp/LiveUpdate.log.
CVE-2004-0138 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
The ELF loader in Linux kernel 2.4 before 2.4.25 allows local users to cause a denial of service (crash) via a crafted ELF file with an interpreter with an invalid arch (architecture), which triggers a BUG() when an invalid VMA is unmapped.
CVE-2005-0705 2 Ethereal Group, Redhat 2 Ethereal, Enterprise Linux 2026-04-16 N/A
The GPRS-LLC dissector in Ethereal 0.10.7 through 0.10.9, with the "ignore cipher bit" option enabled. allows remote attackers to cause a denial of service (application crash).
CVE-2004-0148 3 Redhat, Sgi, Washington University 3 Enterprise Linux, Propack, Wu-ftpd 2026-04-16 N/A
wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead.
CVE-2004-0154 2 Nfs, Redhat 2 Nfs-utils, Enterprise Linux 2026-04-16 N/A
rpc.mountd in nfs-utils after 1.0.3 and before 1.0.6 allows attackers to cause a denial of service (crash) via an NFS mount of a directory from a client whose reverse DNS lookup name is different from the forward lookup name.
CVE-2004-0164 2 Kame, Redhat 2 Racoon, Enterprise Linux 2026-04-16 N/A
KAME IKE daemon (racoon) does not properly handle hash values, which allows remote attackers to delete certificates via (1) a certain delete message that is not properly handled in isakmp.c or isakmp_inf.c, or (2) a certain INITIAL-CONTACT message that is not properly handled in isakmp_inf.c.
CVE-2004-0174 2 Apache, Redhat 2 Http Server, Stronghold 2026-04-16 7.5 High
Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
CVE-2004-0176 2 Ethereal Group, Redhat 3 Ethereal, Enterprise Linux, Linux 2026-04-16 N/A
Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) NetFlow, (2) IGAP, (3) EIGRP, (4) PGM, (5) IrDA, (6) BGP, (7) ISUP, or (8) TCAP dissectors.
CVE-2004-0177 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Linux 2026-04-16 N/A
The ext3 code in Linux 2.4.x before 2.4.26 does not properly initialize journal descriptor blocks, which causes an information leak in which in-memory data is written to the device for the ext3 file system, which allows privileged users to obtain portions of kernel memory by reading the raw device.
CVE-2004-0178 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before 2.4.26, when operating in 16 bit mode, does not properly handle certain sample sizes, which allows local users to cause a denial of service (crash) via a sample with an odd number of bytes.
CVE-2004-0179 4 Apache, Debian, Redhat and 1 more 7 Openoffice, Subversion, Debian Linux and 4 more 2026-04-16 N/A
Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code.
CVE-2004-0183 2 Redhat, Tcpdump 2 Enterprise Linux, Tcpdump 2026-04-16 N/A
TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via ISAKMP packets containing a Delete payload with a large number of SPI's, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite.
CVE-2004-0189 2 Redhat, Squid 3 Enterprise Linux, Linux, Squid 2026-04-16 N/A
The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists.
CVE-2004-0191 2 Mozilla, Redhat 3 Mozilla, Enterprise Linux, Linux 2026-04-16 N/A
Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events.
CVE-2001-1022 3 Gnu, Jgroff, Redhat 3 Groff, Jgroff, Linux 2026-04-16 N/A
Format string vulnerability in pic utility in groff 1.16.1 and other versions, and jgroff before 1.15, allows remote attackers to bypass the -S option and execute arbitrary commands via format string specifiers in the plot command.
CVE-2026-3429 2 Keycloak, Redhat 5 Keycloak, Build Keycloak, Jboss Enterprise Application Platform and 2 more 2026-04-15 4.2 Medium
A flaw was identified in the Account REST API of Keycloak that allows a user authenticated at a lower security level to perform sensitive actions intended only for higher-assurance sessions. Specifically, an attacker who has already obtained a victim’s password can delete the victim’s registered MFA/OTP credential without first proving possession of that factor. The attacker can then register their own MFA device, effectively taking full control of the account. This weakness undermines the intended protection provided by multi-factor authentication.
CVE-2026-2366 2 Keycloak, Redhat 2 Keycloak, Build Keycloak 2026-04-15 3.1 Low
A flaw was found in Keycloak. An authorization bypass vulnerability in the Keycloak Admin API allows any authenticated user, even those without administrative privileges, to enumerate the organization memberships of other users. This information disclosure occurs if the attacker knows the victim's unique identifier (UUID) and the Organizations feature is enabled.