OVAL Definitions - Family: unix

Filter: Compliance Inventory Patch Vulnerability All
Title Definition Id Class Family
The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to 2.2.27-rc2, 2.4.x to 2.4.31-pre1, and 2.6.x to 2.6.... oval:org.mitre.oval:def:10909 Vulnerability unix
The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants read access to private variables with unspecified nam... oval:org.mitre.oval:def:9443 Vulnerability unix
The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell m... oval:org.mitre.oval:def:9658 Vulnerability unix
The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux k... oval:org.mitre.oval:def:10852 Vulnerability unix
The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to "... oval:org.mitre.oval:def:10256 Vulnerability unix
The EstimateStripByteCounts function in TIFF library (libtiff) before 3.8.2 uses a 16-bit unsigned short when iterating ... oval:org.mitre.oval:def:10639 Vulnerability unix
The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current-clear_chil... oval:org.mitre.oval:def:9766 Vulnerability unix
The exif_read_data function in the Exif module in PHP before 4.4.1 allows remote attackers to cause a denial of service ... oval:org.mitre.oval:def:11032 Vulnerability unix
The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service... oval:org.mitre.oval:def:10695 Vulnerability unix
The exit_notify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the ... oval:org.mitre.oval:def:11206 Vulnerability unix
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav... oval:org.mitre.oval:def:10270 Vulnerability unix
The ext2 file system code in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via an ext2 stre... oval:org.mitre.oval:def:10006 Vulnerability unix
The ext3 code in Linux 2.4.x before 2.4.26 does not properly initialize journal descriptor blocks, which causes an infor... oval:org.mitre.oval:def:10556 Vulnerability unix
The ext3fs_dirhash function in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via an ext3 st... oval:org.mitre.oval:def:10992 Vulnerability unix
The ext4_decode_error function in fs/ext4/super.c in the ext4 filesystem in the Linux kernel before 2.6.32 allows user-a... oval:org.mitre.oval:def:11103 Vulnerability unix
The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 2.6.32-git6 allows user-assisted remote a... oval:org.mitre.oval:def:9874 Vulnerability unix
The ext4_fill_super function in fs/ext4/super.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 d... oval:org.mitre.oval:def:10683 Vulnerability unix
The ext4_group_add function in fs/ext4/resize.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 d... oval:org.mitre.oval:def:10942 Vulnerability unix
The ext4_isize function in fs/ext4/ext4.h in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 uses th... oval:org.mitre.oval:def:9200 Vulnerability unix
The favicon functionality in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbi... oval:org.mitre.oval:def:10655 Vulnerability unix
The fbComposite function in fbpict.c in the Render extension in the X server in X.Org X11R7.1 allows remote authenticate... oval:org.mitre.oval:def:10112 Vulnerability unix
The fib_seq_start function in fib_hash.c in Linux kernel allows local users to cause a denial of service (system crash) ... oval:org.mitre.oval:def:9487 Vulnerability unix
The file watch implementation in the audit subsystem (auditctl -w) in the Red Hat Enterprise Linux (RHEL) 4 kernel 2.6.9... oval:org.mitre.oval:def:9560 Vulnerability unix
The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permiss... oval:org.mitre.oval:def:11128 Vulnerability unix
The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netsc... oval:org.mitre.oval:def:11706 Vulnerability unix
The find_target function in ptrace32.c in the Linux kernel 2.4.x before 2.4.29 does not properly handle a NULL return va... oval:org.mitre.oval:def:9647 Vulnerability unix
The Firebird/Interbase dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of se... oval:org.mitre.oval:def:9799 Vulnerability unix
The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12, 2.0.0.4 and other versions before 2.0.0.8, and S... oval:org.mitre.oval:def:9763 Vulnerability unix
The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf 2.8.2, kpdf in kdegraphics 3.3.1, and possibly ot... oval:org.mitre.oval:def:10996 Vulnerability unix
The form autocomplete feature in Mozilla Firefox 1.5.x before 1.5.0.12, 2.x before 2.0.0.4, and possibly earlier version... oval:org.mitre.oval:def:11208 Vulnerability unix

OVAL Definitions By Referenced Objects

How does it work?   User agreement and privacy statement   About & Contact
CVE is a registred trademark of the MITRE Corporation and the authoritive source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritive source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritive source of OVAL content is MITRE's OVAL web site.
Warning: This site and all data are provided as is. It is not guaranteed that all information is accurate and complete. Use any information provided on this site at your own risk. By using this site you accept that you know that these data are provided as is and not guaranteed to be accurate, correct or complete. All trademarks appearing on this site are the property of their respective owners in the US or other countries. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss. PLEASE SEE nvd.nist.gov and oval.mitre.org for more details about OVAL language and definitions.
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor/web site owner/maintainer be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Use of OVAL and all related data is subject to terms of use defined by Mitre at http://oval.mitre.org/oval/about/termsofuse.html