OVAL Definitions - Class: Vulnerability

Filter: Compliance Inventory Patch Vulnerability All
Title Definition Id Class Family
The alert-mailing implementation in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to gain privileges an... oval:org.mitre.oval:def:10136 Vulnerability unix
The alsa-lib package in Red Hat Linux 4 disables stack protection for the libasound.so library, which makes it easier fo... oval:org.mitre.oval:def:10355 Vulnerability unix
The AMPQ dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of ... oval:org.mitre.oval:def:16677 Vulnerability windows
The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to ... oval:org.mitre.oval:def:11452 Vulnerability unix
The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverr... oval:org.mitre.oval:def:11094 Vulnerability unix
The API in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows does not prevent access to un... oval:org.mitre.oval:def:24569 Vulnerability windows
The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) att... oval:org.mitre.oval:def:9782 Vulnerability unix
The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x befor... oval:org.mitre.oval:def:9449 Vulnerability unix
The appendChild function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, SeaMonkey 2.x, and possibly ot... oval:org.mitre.oval:def:14163 Vulnerability windows
The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers ... oval:org.mitre.oval:def:10968 Vulnerability unix
The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memor... oval:org.mitre.oval:def:10605 Vulnerability unix
The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does... oval:org.mitre.oval:def:9935 Vulnerability unix
The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0... oval:org.mitre.oval:def:10981 Vulnerability unix
The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63... oval:org.mitre.oval:def:9577 Vulnerability unix
The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MP... oval:org.mitre.oval:def:10358 Vulnerability unix
The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit... oval:org.mitre.oval:def:11376 Vulnerability unix
The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player 2.0.5 and earlier allows remote attackers to caus... oval:org.mitre.oval:def:17023 Vulnerability windows
The ASF_ReadObject_file_properties function in modules/demux/asf/libasf.c in the ASF Demuxer in VideoLAN VLC Media Playe... oval:org.mitre.oval:def:23776 Vulnerability windows
The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4... oval:org.mitre.oval:def:16701 Vulnerability windows
The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 befor... oval:org.mitre.oval:def:11079 Vulnerability unix
The asn1buf_skiptail function in the ASN.1 decoder library for MIT Kerberos 5 (krb5) 1.2.2 through 1.3.4 allows remote a... oval:org.mitre.oval:def:10014 Vulnerability unix
The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerbero... oval:org.mitre.oval:def:10694 Vulnerability unix
The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid... oval:org.mitre.oval:def:10198 Vulnerability unix
The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote att... oval:org.mitre.oval:def:10931 Vulnerability unix
The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command E... oval:org.mitre.oval:def:9891 Vulnerability unix
The atm module in Linux kernel 2.6 before 2.6.14 allows local users to cause a denial of service (panic) via certain soc... oval:org.mitre.oval:def:10214 Vulnerability unix
The atm_get_addr function in addr.c for Linux kernel 2.6.10 and 2.6.11 before 2.6.11-rc4 may allow local users to trigge... oval:org.mitre.oval:def:10095 Vulnerability unix
The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows... oval:org.mitre.oval:def:9475 Vulnerability unix
The Audio Security File is world writable. oval:org.mitre.oval:def:5052 Vulnerability unix
The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Upd... oval:org.mitre.oval:def:11326 Vulnerability unix

OVAL Definitions By Referenced Objects

How does it work?   User agreement and privacy statement   About & Contact
CVE is a registred trademark of the MITRE Corporation and the authoritive source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritive source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritive source of OVAL content is MITRE's OVAL web site.
Warning: This site and all data are provided as is. It is not guaranteed that all information is accurate and complete. Use any information provided on this site at your own risk. By using this site you accept that you know that these data are provided as is and not guaranteed to be accurate, correct or complete. All trademarks appearing on this site are the property of their respective owners in the US or other countries. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss. PLEASE SEE nvd.nist.gov and oval.mitre.org for more details about OVAL language and definitions.
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor/web site owner/maintainer be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Use of OVAL and all related data is subject to terms of use defined by Mitre at http://oval.mitre.org/oval/about/termsofuse.html