OVAL Definitions - Class: Vulnerability

Filter: Compliance Inventory Patch Vulnerability All
Title Definition Id Class Family
The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote att... oval:org.mitre.oval:def:10631 Vulnerability unix
The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and po... oval:org.mitre.oval:def:18034 Vulnerability windows
The handle_dr function in arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 2.6.31.1 does not properly ... oval:org.mitre.oval:def:9892 Vulnerability unix
The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows remote attackers to execute arbitrary co... oval:org.mitre.oval:def:9666 Vulnerability unix
The HFS and HFS+ (hfsplus) modules in Linux 2.6 allow attackers to cause a denial of service (oops) by using hfsplus to ... oval:org.mitre.oval:def:10777 Vulnerability unix
The hfsplus_block_allocate function in fs/hfsplus/bitmap.c in the Linux kernel before 2.6.28-rc1 does not check a certai... oval:org.mitre.oval:def:11635 Vulnerability unix
The hpssd message parser in hpssd.py in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to cause a denial... oval:org.mitre.oval:def:10636 Vulnerability unix
The HTBoundary_put_block function in HTBound.c for W3C libwww (w3c-libwww) allows remote servers to cause a denial of se... oval:org.mitre.oval:def:9653 Vulnerability unix
The HTML parser in Google Chrome before 12.0.742.112 does not properly address "lifetime and re-entrancy issues," which ... oval:org.mitre.oval:def:14479 Vulnerability windows
The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service (application crash) ... oval:org.mitre.oval:def:10212 Vulnerability unix
The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled,... oval:org.mitre.oval:def:10254 Vulnerability unix
The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Sh... oval:org.mitre.oval:def:10005 Vulnerability unix
The HTTP dissector in Ethereal 0.10.1 through 0.10.7 allows remote attackers to cause a denial of service (application c... oval:org.mitre.oval:def:9473 Vulnerability unix
The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and ... oval:org.mitre.oval:def:11005 Vulnerability unix
The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, which allows attackers to cause a denial of service (... oval:org.mitre.oval:def:11100 Vulnerability unix
The HTTPS implementation in Google Chrome before 28.0.1500.71 does not ensure that headers are terminated by \r\n\r\n (c... oval:org.mitre.oval:def:17033 Vulnerability windows
The http_payload_subdissector function in epan/dissectors/packet-http.c in the HTTP dissector in Wireshark 1.6.x before ... oval:org.mitre.oval:def:16820 Vulnerability windows
The hugepage code (hugetlb.c) in Linux kernel 2.6, possibly 2.6.12 and 2.6.13, in certain configurations, allows local u... oval:org.mitre.oval:def:10976 Vulnerability unix
The hypervisor_callback function in Xen, possibly before 3.4.0, as applied to the Linux kernel 2.6.30-rc4, 2.6.18, and p... oval:org.mitre.oval:def:10313 Vulnerability unix
The hyphenation functionality in Google Chrome before 24.0.1312.52 does not properly validate file names oval:org.mitre.oval:def:15746 Vulnerability windows
The HZ-GB-2312 character-set implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird... oval:org.mitre.oval:def:16955 Vulnerability windows
The i915 driver in (1) drivers/char/drm/i915_dma.c in the Linux kernel 2.6.24 on Debian GNU/Linux and (2) sys/dev/pci/dr... oval:org.mitre.oval:def:11542 Vulnerability unix
The IA32 system call emulation functionality in Linux kernel 2.4.x and 2.6.x before 2.6.22.7, when running on the x86_64... oval:org.mitre.oval:def:9735 Vulnerability unix
The IAPP dissector (packet-iapp.c) for Ethereal 0.9.1 to 0.10.9 does not properly use certain routines for formatting st... oval:org.mitre.oval:def:9687 Vulnerability unix
The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT r... oval:org.mitre.oval:def:10215 Vulnerability unix
the ied(1) command reveals data improperly. oval:org.mitre.oval:def:5311 Vulnerability unix
The ieee802154_map_rec function in epan/dissectors/packet-ieee802154.c in the IEEE 802.15.4 dissector in Wireshark 1.8.x... oval:org.mitre.oval:def:19193 Vulnerability windows
The image decoder in WebKit before r52833, as used in Google Chrome before 4.0.249.78, does not properly handle a failur... oval:org.mitre.oval:def:14079 Vulnerability windows
The image-codec implementation in the PDF functionality in Google Chrome before 20.0.1132.43 does not initialize an unsp... oval:org.mitre.oval:def:15455 Vulnerability windows
The implementation of Content Security Policy (CSP) violation reports in Mozilla Firefox 4.x through 5, SeaMonkey 2.x be... oval:org.mitre.oval:def:14458 Vulnerability windows

OVAL Definitions By Referenced Objects

How does it work?   User agreement and privacy statement   About & Contact
CVE is a registred trademark of the MITRE Corporation and the authoritive source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritive source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritive source of OVAL content is MITRE's OVAL web site.
Warning: This site and all data are provided as is. It is not guaranteed that all information is accurate and complete. Use any information provided on this site at your own risk. By using this site you accept that you know that these data are provided as is and not guaranteed to be accurate, correct or complete. All trademarks appearing on this site are the property of their respective owners in the US or other countries. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss. PLEASE SEE nvd.nist.gov and oval.mitre.org for more details about OVAL language and definitions.
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor/web site owner/maintainer be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Use of OVAL and all related data is subject to terms of use defined by Mitre at http://oval.mitre.org/oval/about/termsofuse.html