Search Results (16514 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-2443 3 Gnome, Red Hat, Redhat 3 Libsoup, Enterprise Linux, Enterprise Linux 2026-04-16 5.3 Medium
A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations, this could allow a remote attacker to access portions of server memory beyond the intended response. Exploitation requires a vulnerable configuration and access to a server using the embedded SoupServer component.
CVE-2026-3234 2 Apache, Redhat 3 Mod Proxy Cluster, Enterprise Linux, Jboss Core Services 2026-04-16 4.3 Medium
A flaw was found in mod_proxy_cluster. This vulnerability, a Carriage Return Line Feed (CRLF) injection in the decodeenc() function, allows a remote attacker to bypass input validation. By injecting CRLF sequences into the cluster configuration, an attacker can corrupt the response body of INFO endpoint responses. Exploitation requires network access to the MCMP protocol port, but no authentication is needed.
CVE-2026-3632 3 Gnome, Libsoup, Redhat 3 Libsoup, Libsoup, Enterprise Linux 2026-04-16 3.9 Low
A flaw was found in libsoup, a library used by applications to send network requests. This vulnerability occurs because libsoup does not properly validate hostnames, allowing special characters to be injected into HTTP headers. A remote attacker could exploit this to perform HTTP smuggling, where they can send hidden, malicious requests alongside legitimate ones. In certain situations, this could lead to Server-Side Request Forgery (SSRF), enabling an attacker to force the server to make unauthorized requests to other internal or external systems. The impact is low, as SoupServer is not actually used in internet infrastructure.
CVE-2026-2272 2 Gimp, Redhat 2 Gimp, Enterprise Linux 2026-04-16 4.3 Medium
A flaw was found in GIMP. An integer overflow vulnerability exists when processing ICO image files, specifically in the `ico_read_info` and `ico_read_icon` functions. This issue arises because a size calculation for image buffers can wrap around due to a 32-bit integer evaluation, allowing oversized image headers to bypass security checks. A remote attacker could exploit this by providing a specially crafted ICO file, leading to a buffer overflow and memory corruption, which may result in an application level denial of service.
CVE-2005-4872 2 Pcre, Redhat 2 Pcre, Enterprise Linux 2026-04-16 N/A
Perl-Compatible Regular Expression (PCRE) library before 6.2 does not properly count the number of named capturing subpatterns, which allows context-dependent attackers to cause a denial of service (crash) via a regular expression with a large number of named subpatterns, which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.
CVE-2004-1005 6 Debian, Gentoo, Midnight Commander and 3 more 8 Debian Linux, Linux, Midnight Commander and 5 more 2026-04-16 N/A
Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.
CVE-2005-4837 3 Net-snmp, Redhat, Sourceforge 3 Net-snmp, Enterprise Linux, Net-snmp 2026-04-16 N/A
snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3, and 5.0.x before 5.0.10.2, when running in master agentx mode, allows remote attackers to cause a denial of service (crash) by causing a particular TCP disconnect, which triggers a free of an incorrect variable, a different vulnerability than CVE-2005-2177.
CVE-2005-4811 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
The hugepage code (hugetlb.c) in Linux kernel 2.6, possibly 2.6.12 and 2.6.13, in certain configurations, allows local users to cause a denial of service (crash) by triggering an mmap error before a prefault, which causes an error in the unmap_hugepage_area function.
CVE-2004-1004 6 Debian, Gentoo, Midnight Commander and 3 more 8 Debian Linux, Linux, Midnight Commander and 5 more 2026-04-16 N/A
Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.
CVE-2003-0856 2 Redhat, Stephen Hemminger 3 Enterprise Linux, Linux, Iproute 2026-04-16 N/A
iproute 2.4.7 and earlier allows local users to cause a denial of service via spoofed messages as other users to the kernel netlink interface.
CVE-2005-4798 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
Buffer overflow in NFS readlink handling in the Linux Kernel 2.4 up to 2.4.31 allows remote NFS servers to cause a denial of service (crash) via a long symlink, which is not properly handled in (1) nfs2xdr.c or (2) nfs3xdr.c and causes a crash in the NFS client.
CVE-2005-4744 2 Freeradius, Redhat 2 Freeradius, Enterprise Linux 2026-04-16 N/A
Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the external database query to fail. NOTE: this single issue is part of a larger-scale disclosure, originally by SUSE, which reported multiple issues that were disputed by FreeRADIUS. Disputed issues included file descriptor leaks, memory disclosure, LDAP injection, and other issues. Without additional information, the most recent FreeRADIUS report is being regarded as the authoritative source for this CVE identifier.
CVE-2004-1026 3 Enlightenment, Gentoo, Redhat 4 Imlib, Linux, Enterprise Linux and 1 more 2026-04-16 N/A
Multiple integer overflows in the image handler for imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files.
CVE-2005-4667 2 Info-zip, Redhat 2 Unzip, Enterprise Linux 2026-04-16 N/A
Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs.
CVE-2005-4605 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
The procfs code (proc_misc.c) in Linux 2.6.14.3 and other versions before 2.6.15 allows attackers to read sensitive kernel memory via unspecified vectors in which a signed value is added to an unsigned value.
CVE-2004-0990 6 Gd Graphics Library, Gentoo, Openpkg and 3 more 6 Gdlib, Linux, Openpkg and 3 more 2026-04-16 N/A
Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941.
CVE-2003-0855 2 Charles Kerr, Redhat 3 Pan, Enterprise Linux, Linux 2026-04-16 N/A
Pan 0.13.3 and earlier allows remote attackers to cause a denial of service (crash) via a news post with a long author email address.
CVE-2002-1572 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Linux 2026-04-16 N/A
Signed integer overflow in the bttv_read function in the bttv driver (bttv-driver.c) in Linux kernel before 2.4.20 has unknown impact and attack vectors.
CVE-2005-4601 2 Imagemagick, Redhat 2 Imagemagick, Enterprise Linux 2026-04-16 N/A
The delegate code in ImageMagick 6.2.4.5-0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename that is processed by the display command.
CVE-2005-4585 2 Ethereal Group, Redhat 2 Ethereal, Enterprise Linux 2026-04-16 N/A
Unspecified vulnerability in the GTP dissector for Ethereal 0.9.1 to 0.10.13 allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors.