Search Results (23508 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2001-1378 2 Fetchmail, Redhat 2 Fetchmail, Linux 2026-04-16 N/A
fetchmailconf in fetchmail before 5.7.4 allows local users to overwrite files of other users via a symlink attack on temporary files.
CVE-2006-3636 2 Gnu, Redhat 2 Mailman, Enterprise Linux 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2006-0557 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
sys_mbind in mempolicy.c in Linux kernel 2.6.16 and earlier does not sanity check the maxnod variable before making certain computations for the get_nodes function, which has unknown impact and attack vectors.
CVE-2006-0558 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
perfmon (perfmon.c) in Linux kernel on IA64 architectures allows local users to cause a denial of service (crash) by interrupting a task while another process is accessing the mm_struct, which triggers a BUG_ON action in the put_page_testzero function.
CVE-2005-3088 2 Fetchmail, Redhat 2 Fetchmail, Enterprise Linux 2026-04-16 N/A
fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 creates configuration files with insecure world-readable permissions, which allows local users to obtain sensitive information such as passwords.
CVE-2006-3628 3 Ethereal Group, Redhat, Wireshark 3 Ethereal, Enterprise Linux, Wireshark 2026-04-16 N/A
Multiple format string vulnerabilities in Wireshark (aka Ethereal) 0.10.x to 0.99.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) ANSI MAP, (2) Checkpoint FW-1, (3) MQ, (4) XML, and (5) NTP dissectors.
CVE-2000-0230 2 Halloween, Redhat 2 Halloween Linux, Linux 2026-04-16 N/A
Buffer overflow in imwheel allows local users to gain root privileges via the imwheel-solo script and a long HOME environmental variable.
CVE-2005-1992 2 Redhat, Yukihiro Matsumoto 2 Enterprise Linux, Ruby 2026-04-16 N/A
The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents "security protection" using handlers, which allows remote attackers to execute arbitrary commands.
CVE-2004-0113 2 Apache, Redhat 3 Http Server, Enterprise Linux, Linux 2026-04-16 N/A
Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
CVE-2004-0097 2 Openh323 Project, Redhat 3 Pwlib, Enterprise Linux, Linux 2026-04-16 N/A
Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
CVE-2000-0229 4 Alessandro Rubini, Debian, Redhat and 1 more 4 Gpm, Debian Linux, Linux and 1 more 2026-04-16 N/A
gpm-root in the gpm package does not properly drop privileges, which allows local users to gain privileges by starting a utility from gpm-root.
CVE-2006-0150 2 Dave Carrigan, Redhat 2 Auth Ldap, Enterprise Linux 2026-04-16 N/A
Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
CVE-2006-0746 2 Redhat, Xpdf 2 Enterprise Linux, Xpdf 2026-04-16 N/A
Certain patches for kpdf do not include all relevant patches from xpdf that were associated with CVE-2005-3627, which allows context-dependent attackers to exploit vulnerabilities that were present in CVE-2005-3627.
CVE-2000-0118 2 Redhat, Sun 3 Linux, Solaris, Sunos 2026-04-16 N/A
The Red Hat Linux su program does not log failed password guesses if the su process is killed before it times out, which allows local attackers to conduct brute force password guessing.
CVE-1999-0894 1 Redhat 1 Linux 2026-04-16 N/A
Red Hat Linux screen program does not use Unix98 ptys, allowing local users to write to other terminals.
CVE-2026-3429 2 Keycloak, Redhat 5 Keycloak, Build Keycloak, Jboss Enterprise Application Platform and 2 more 2026-04-15 4.2 Medium
A flaw was identified in the Account REST API of Keycloak that allows a user authenticated at a lower security level to perform sensitive actions intended only for higher-assurance sessions. Specifically, an attacker who has already obtained a victim’s password can delete the victim’s registered MFA/OTP credential without first proving possession of that factor. The attacker can then register their own MFA device, effectively taking full control of the account. This weakness undermines the intended protection provided by multi-factor authentication.
CVE-2026-2366 2 Keycloak, Redhat 2 Keycloak, Build Keycloak 2026-04-15 3.1 Low
A flaw was found in Keycloak. An authorization bypass vulnerability in the Keycloak Admin API allows any authenticated user, even those without administrative privileges, to enumerate the organization memberships of other users. This information disclosure occurs if the attacker knows the victim's unique identifier (UUID) and the Organizations feature is enabled.
CVE-2026-3121 2 Keycloak, Redhat 8 Keycloak, Build Keycloak, Build Of Keycloak and 5 more 2026-04-15 6.5 Medium
A flaw was found in Keycloak. An administrator with `manage-clients` permission can exploit a misconfiguration where this permission is equivalent to `manage-permissions`. This allows the administrator to escalate privileges and gain control over roles, users, or other administrative functions within the realm. This privilege escalation can occur when admin permissions are enabled at the realm level.
CVE-2026-2239 2 Gimp, Redhat 2 Gimp, Enterprise Linux 2026-04-15 2.8 Low
A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the fread_pascal_string function when processing a specially crafted PSD (Photoshop Document) file. This occurs because the buffer allocated for a Pascal string is not properly null-terminated, leading to an out-of-bounds read when strlen() is subsequently called. Successfully exploiting this vulnerability can cause the application to crash, resulting in an application level Denial of Service.
CVE-2026-1180 1 Redhat 4 Build Keycloak, Jboss Enterprise Application Platform, Jbosseapxp and 1 more 2026-04-15 5.8 Medium
A flaw was identified in Keycloak’s OpenID Connect Dynamic Client Registration feature when clients authenticate using private_key_jwt. The issue allows a client to specify an arbitrary jwks_uri, which Keycloak then retrieves without validating the destination. This enables attackers to coerce the Keycloak server into making HTTP requests to internal or restricted network resources. As a result, attackers can probe internal services and cloud metadata endpoints, creating an information disclosure and reconnaissance risk.