OVAL Definitions - Class: Vulnerability

Filter: Compliance Inventory Patch Vulnerability All
Title Definition Id Class Family
The (1) htmlentities and (2) htmlspecialchars functions in PHP before 5.2.5 accept partial multibyte sequences, which ha... oval:org.mitre.oval:def:10080 Vulnerability unix
The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions in fs/hugetlbfs/inode.c in the Linux kernel before ... oval:org.mitre.oval:def:10451 Vulnerability unix
The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4.0 do not properly set the same permissions on the ... oval:org.mitre.oval:def:9434 Vulnerability unix
The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on... oval:org.mitre.oval:def:9515 Vulnerability unix
The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASL_PATH environment variable to ... oval:org.mitre.oval:def:11678 Vulnerability unix
The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a fram... oval:org.mitre.oval:def:9997 Vulnerability unix
The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 ... oval:org.mitre.oval:def:11025 Vulnerability unix
The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid 2.5.6 and earlier, with NTLM authentication enabled... oval:org.mitre.oval:def:10489 Vulnerability unix
The (1) PANA and (2) KISMET dissectors in Wireshark (formerly Ethereal) 0.99.3 through 1.0.0 allow remote attackers to c... oval:org.mitre.oval:def:10536 Vulnerability unix
The (1) Password Manager in Mozilla Firefox 2.0, and and earlier; and the (2) Passcard Manager in Netscape 8.1.2... oval:org.mitre.oval:def:10031 Vulnerability unix
The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in the ESP Ghostscript (espgs) package in Trustix Se... oval:org.mitre.oval:def:10284 Vulnerability unix
The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via sym... oval:org.mitre.oval:def:10737 Vulnerability unix
The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp allow user-assisted remote attackers to cause a de... oval:org.mitre.oval:def:10099 Vulnerability unix
The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the Linux kernel before 2... oval:org.mitre.oval:def:10744 Vulnerability unix
The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through 1.2.4 allow remote attackers to cause a denial of service... oval:org.mitre.oval:def:9564 Vulnerability unix
The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcS... oval:org.mitre.oval:def:10109 Vulnerability unix
The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local users to overwrite or create arbitrary files via a sym... oval:org.mitre.oval:def:9402 Vulnerability unix
The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and Se... oval:org.mitre.oval:def:24144 Vulnerability windows
The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly check for overlappi... oval:org.mitre.oval:def:9512 Vulnerability unix
The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Upd... oval:org.mitre.oval:def:10761 Vulnerability unix
The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via... oval:org.mitre.oval:def:11558 Vulnerability unix
The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows... oval:org.mitre.oval:def:10376 Vulnerability unix
The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13... oval:org.mitre.oval:def:10790 Vulnerability unix
The acn_add_dmp_data function in epan/dissectors/packet-acn.c in the ACN dissector in Wireshark 1.6.x before 1.6.14 and ... oval:org.mitre.oval:def:16411 Vulnerability windows
The ActiveX control in Adobe Flash Player before and 11.x before on Windows allows attackers to ... oval:org.mitre.oval:def:14985 Vulnerability windows
The add_to_history function in svr_principal.c in libkadm5srv for MIT Kerberos 5 (krb5) up to 1.3.5, when performing a p... oval:org.mitre.oval:def:11911 Vulnerability unix
The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with ar... oval:org.mitre.oval:def:9250 Vulnerability windows
The AIM dissector in Ethereal 0.10.3 allows remote attackers to cause a denial of service (assert error) via unknown att... oval:org.mitre.oval:def:9433 Vulnerability unix
The AIM/ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) via a f... oval:org.mitre.oval:def:9283 Vulnerability unix
The aio_setup_ring function in Linux kernel does not properly initialize a variable, which allows local users to cause a... oval:org.mitre.oval:def:11234 Vulnerability unix

OVAL Definitions By Referenced Objects

How does it work?   User agreement and privacy statement   About & Contact
CVE is a registred trademark of the MITRE Corporation and the authoritive source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritive source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritive source of OVAL content is MITRE's OVAL web site.
Warning: This site and all data are provided as is. It is not guaranteed that all information is accurate and complete. Use any information provided on this site at your own risk. By using this site you accept that you know that these data are provided as is and not guaranteed to be accurate, correct or complete. All trademarks appearing on this site are the property of their respective owners in the US or other countries. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss. PLEASE SEE nvd.nist.gov and oval.mitre.org for more details about OVAL language and definitions.
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor/web site owner/maintainer be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Use of OVAL and all related data is subject to terms of use defined by Mitre at http://oval.mitre.org/oval/about/termsofuse.html