OVAL Definitions - Source: Mitre

Filter: Compliance Inventory Patch Vulnerability All
Title Definition Id Class Family
The drag-and-drop implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on ... oval:org.mitre.oval:def:15658 Vulnerability windows
The drag-and-drop implementation in Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 allows remote at... oval:org.mitre.oval:def:16970 Vulnerability windows
The DRDA Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of servic... oval:org.mitre.oval:def:14219 Vulnerability windows
The drive_init function in QEMU 0.9.1 determines the format of a raw disk image based on the header, which allows local ... oval:org.mitre.oval:def:11021 Vulnerability unix
The drm/i915 component in the Linux kernel before 2.6.22.2, when used with i965G and later chipsets, allows local users ... oval:org.mitre.oval:def:11196 Vulnerability unix
The DTLS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not validate the fragment offset before ... oval:org.mitre.oval:def:16672 Vulnerability windows
The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to... oval:org.mitre.oval:def:9663 Vulnerability unix
The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to... oval:org.mitre.oval:def:10740 Vulnerability unix
The dvd_read_bca function in the DVD handling code in drivers/cdrom/cdrom.c in Linux kernel 2.2.16, and later versions, ... oval:org.mitre.oval:def:10886 Vulnerability unix
The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the Linux kernel 2.6.31 allows local users to cause a denial... oval:org.mitre.oval:def:10216 Vulnerability unix
The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows l... oval:org.mitre.oval:def:11136 Vulnerability unix
The eay_check_x509cert function in KAME Racoon successfully verifies certificates even when OpenSSL validation fails, wh... oval:org.mitre.oval:def:9163 Vulnerability unix
The ECNE chunk handling in Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (kerne... oval:org.mitre.oval:def:10934 Vulnerability unix
The ecryptfs_write_metadata_to_contents function in the eCryptfs functionality in the Linux kernel 2.6.28 before 2.6.28.... oval:org.mitre.oval:def:11068 Vulnerability unix
The eHCA driver in Linux kernel 2.6 before 2.6.22, when running on PowerPC, does not properly map userspace resources, w... oval:org.mitre.oval:def:10793 Vulnerability unix
The ElementAnimations::EnsureStyleRuleFor function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, ... oval:org.mitre.oval:def:16894 Vulnerability windows
The ELF loader in Linux kernel 2.4 before 2.4.25 allows local users to cause a denial of service (crash) via a crafted E... oval:org.mitre.oval:def:10123 Vulnerability unix
The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to 2.2.27-rc2, 2.4.x to 2.4.31-pre1, and 2.6.x to 2.6.... oval:org.mitre.oval:def:10909 Vulnerability unix
The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants read access to private variables with unspecified nam... oval:org.mitre.oval:def:9443 Vulnerability unix
The Engine Utilities component in IBM DB2 UDB 9.5 before FP6a uses world-writable permissions for the sqllib/cfg/db2sprf... oval:org.mitre.oval:def:14707 Vulnerability windows
The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell m... oval:org.mitre.oval:def:9658 Vulnerability unix
The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux k... oval:org.mitre.oval:def:10852 Vulnerability unix
The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to "... oval:org.mitre.oval:def:10256 Vulnerability unix
The ESPN App (Windows Store App) is installed oval:org.mitre.oval:def:18108 Inventory windows
The EstimateStripByteCounts function in TIFF library (libtiff) before 3.8.2 uses a 16-bit unsigned short when iterating ... oval:org.mitre.oval:def:10639 Vulnerability unix
The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.... oval:org.mitre.oval:def:15995 Vulnerability windows
The event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and ... oval:org.mitre.oval:def:14512 Vulnerability windows
The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current-clear_chil... oval:org.mitre.oval:def:9766 Vulnerability unix
The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service... oval:org.mitre.oval:def:10695 Vulnerability unix
The exif_read_data function in the Exif module in PHP before 4.4.1 allows remote attackers to cause a denial of service ... oval:org.mitre.oval:def:11032 Vulnerability unix

OVAL Definitions By Referenced Objects

How does it work?   User agreement and privacy statement   About & Contact
CVE is a registred trademark of the MITRE Corporation and the authoritive source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritive source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritive source of OVAL content is MITRE's OVAL web site.
Warning: This site and all data are provided as is. It is not guaranteed that all information is accurate and complete. Use any information provided on this site at your own risk. By using this site you accept that you know that these data are provided as is and not guaranteed to be accurate, correct or complete. All trademarks appearing on this site are the property of their respective owners in the US or other countries. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss. PLEASE SEE nvd.nist.gov and oval.mitre.org for more details about OVAL language and definitions.
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor/web site owner/maintainer be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Use of OVAL and all related data is subject to terms of use defined by Mitre at http://oval.mitre.org/oval/about/termsofuse.html