Filtered by vendor Redhat Subscriptions
Filtered by product Linux Subscriptions
Total 700 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2004-0904 4 Conectiva, Mozilla, Netscape and 1 more 10 Linux, Firefox, Mozilla and 7 more 2024-11-21 N/A
Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.
CVE-2004-0903 4 Conectiva, Mozilla, Redhat and 1 more 9 Linux, Mozilla, Thunderbird and 6 more 2024-11-21 N/A
Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.
CVE-2004-0902 4 Conectiva, Mozilla, Redhat and 1 more 9 Linux, Mozilla, Thunderbird and 6 more 2024-11-21 N/A
Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the "Send page" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname.
CVE-2004-0619 1 Redhat 4 Enterprise Linux, Fedora Core, Kernel and 1 more 2024-11-21 N/A
Integer overflow in the ubsec_keysetup function for Linux Broadcom 5820 cryptonet driver allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a negative add_dsa_buf_bytes variable, which leads to a buffer overflow.
CVE-2004-0421 4 Libpng, Openpkg, Redhat and 1 more 7 Libpng, Openpkg, Enterprise Linux and 4 more 2024-11-21 N/A
The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message.
CVE-2004-0409 2 Redhat, Xchat 3 Enterprise Linux, Linux, Xchat 2024-11-21 N/A
Stack-based buffer overflow in the Socks-5 proxy code for XChat 1.8.0 to 2.0.8, with socks5 traversal enabled, allows remote attackers to execute arbitrary code.
CVE-2004-0405 2 Cvs, Redhat 3 Cvs, Enterprise Linux, Linux 2024-11-21 N/A
CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot dot) sequences in filenames via CVS client requests, a different vulnerability than CVE-2004-0180.
CVE-2004-0367 2 Ethereal Group, Redhat 3 Ethereal, Enterprise Linux, Linux 2024-11-21 N/A
Ethereal 0.10.1 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a zero-length Presentation protocol selector.
CVE-2004-0365 2 Ethereal, Redhat 3 Ethereal, Enterprise Linux, Linux 2024-11-21 7.5 High
The dissect_attribute_value_pairs function in packet-radius.c for Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a malformed RADIUS packet that triggers a null dereference.
CVE-2004-0235 8 Clearswift, F-secure, Rarlab and 5 more 15 Mailsweeper, F-secure Anti-virus, F-secure For Firewalls and 12 more 2024-11-21 N/A
Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path").
CVE-2004-0234 8 Clearswift, F-secure, Rarlab and 5 more 15 Mailsweeper, F-secure Anti-virus, F-secure For Firewalls and 12 more 2024-11-21 N/A
Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive.
CVE-2004-0233 4 Redhat, Sgi, Slackware and 1 more 5 Enterprise Linux, Linux, Propack and 2 more 2024-11-21 N/A
Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files.
CVE-2004-0232 5 Gentoo, Midnight Commander, Redhat and 2 more 6 Linux, Midnight Commander, Enterprise Linux and 3 more 2024-11-21 N/A
Multiple format string vulnerabilities in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code.
CVE-2004-0231 5 Gentoo, Midnight Commander, Redhat and 2 more 6 Linux, Midnight Commander, Enterprise Linux and 3 more 2024-11-21 N/A
Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with unknown impact, related to "Insecure temporary file and directory creations."
CVE-2004-0226 5 Gentoo, Midnight Commander, Redhat and 2 more 6 Linux, Midnight Commander, Enterprise Linux and 3 more 2024-11-21 N/A
Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code.
CVE-2004-0217 2 Redhat, Symantec 2 Linux, Antivirus Scan Engine 2024-11-21 7.0 High
The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan Engine 4.0 and 4.3 for Red Hat Linux allows local users to create or append to arbitrary files via a symlink attack on /tmp/LiveUpdate.log.
CVE-2004-0191 2 Mozilla, Redhat 3 Mozilla, Enterprise Linux, Linux 2024-11-21 N/A
Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events.
CVE-2004-0189 2 Redhat, Squid 3 Enterprise Linux, Linux, Squid 2024-11-21 N/A
The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists.
CVE-2004-0180 2 Cvs, Redhat 3 Cvs, Enterprise Linux, Linux 2024-11-21 N/A
The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405.
CVE-2004-0179 4 Apache, Debian, Redhat and 1 more 7 Openoffice, Subversion, Debian Linux and 4 more 2024-11-21 N/A
Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code.