Browse

OVAL Objects OVAL Sources By Release Dates

OVAL Definitions

Windows Compliance Inventory Patches Vulnerabilities Unix/Linux Compliance Inventory Patches Vulnerabilities Red Hat Advisories Suse Linux Advisories IOS PixOS

OVAL Classes

Compliance Inventory Miscellaneous Patch Vulnerability

Other

Feedback About & Contact

OVAL Definitions - Class: Vulnerability

Filter: Compliance Inventory Patch Vulnerability All
Title Definition Id Class Family
The audit system in Linux kernel 2.6.6, and other versions before 2.6.13.4, when CONFIG_AUDITSYSCALL is enabled, uses an... oval:org.mitre.oval:def:9467 Vulnerability unix
The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handl... oval:org.mitre.oval:def:9600 Vulnerability unix
The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 all... oval:org.mitre.oval:def:22047 Vulnerability windows
The auto-reap of child processes in Linux kernel 2.6 before 2.6.15 includes processes with ptrace attached, which leads ... oval:org.mitre.oval:def:9080 Vulnerability unix
The AutoFill feature in Apple Safari before 5.0.1 oval:org.mitre.oval:def:11112 Vulnerability windows
The Autofill feature in Google Chrome before 19.0.1084.46 does not properly restrict field values oval:org.mitre.oval:def:15256 Vulnerability windows
The autofill implementation in Google Chrome before 20.0.1132.43 does not properly display text oval:org.mitre.oval:def:15565 Vulnerability windows
The AutoWrapperChanger class in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, ... oval:org.mitre.oval:def:17061 Vulnerability windows
The azx_position_ok function in hda_intel.c in Linux kernel 2.6.33-rc4 and earlier, when running on the AMD780V chip set... oval:org.mitre.oval:def:10027 Vulnerability unix
The backend for XenSource Xen Para Virtualized Frame Buffer (PVFB) in Xen ioemu does not properly restrict the frame buf... oval:org.mitre.oval:def:11189 Vulnerability unix
The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi... oval:org.mitre.oval:def:10181 Vulnerability unix
The Basic Authentication dialog implementation in Google Chrome before 13.0.782.107 does not properly handle strings, wh... oval:org.mitre.oval:def:14595 Vulnerability windows
The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote authenticated users to cause a denial of service (cras... oval:org.mitre.oval:def:10748 Vulnerability unix
The BER dissector in Ethereal 0.10.3 to 0.10.12 allows remote attackers to cause a denial of service (infinite loop) via... oval:org.mitre.oval:def:9665 Vulnerability unix
The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function... oval:org.mitre.oval:def:11148 Vulnerability unix
The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows con... oval:org.mitre.oval:def:10613 Vulnerability unix
The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a den... oval:org.mitre.oval:def:9780 Vulnerability unix
The binfmt functionality in the Linux kernel, when "memory overcommit" is enabled, allows local users to cause a denial ... oval:org.mitre.oval:def:9751 Vulnerability unix
The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly handle... oval:org.mitre.oval:def:9917 Vulnerability unix
The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, may create an interprete... oval:org.mitre.oval:def:11195 Vulnerability unix
The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated... oval:org.mitre.oval:def:9720 Vulnerability unix
The block reflow implementation in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey befo... oval:org.mitre.oval:def:9865 Vulnerability unix
The Bluetooth HCI ACL dissector in Wireshark 1.10.x before 1.10.2 does not properly maintain a certain free list oval:org.mitre.oval:def:19030 Vulnerability windows
The Bluetooth SDP dissector Wireshark (formerly Ethereal) 0.99.2 to 0.99.6 allows remote attackers to cause a denial of ... oval:org.mitre.oval:def:9488 Vulnerability unix
The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5... oval:org.mitre.oval:def:11719 Vulnerability unix
The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java R... oval:org.mitre.oval:def:10800 Vulnerability unix
The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a deni... oval:org.mitre.oval:def:10585 Vulnerability unix
The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomer... oval:org.mitre.oval:def:9984 Vulnerability unix
The browser engine in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird befor... oval:org.mitre.oval:def:9835 Vulnerability unix
The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonke... oval:org.mitre.oval:def:9590 Vulnerability unix

OVAL Definitions By Referenced Objects

Windows

Linux

Unix

Solaris

AIX:

Other:

HP UX:

ESX:

IOS:

How does it work?   User agreement and privacy statement   About & Contact
CVE is a registred trademark of the MITRE Corporation and the authoritive source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritive source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritive source of OVAL content is MITRE's OVAL web site.
Warning: This site and all data are provided as is. It is not guaranteed that all information is accurate and complete. Use any information provided on this site at your own risk. By using this site you accept that you know that these data are provided as is and not guaranteed to be accurate, correct or complete. All trademarks appearing on this site are the property of their respective owners in the US or other countries. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss. PLEASE SEE nvd.nist.gov and oval.mitre.org for more details about OVAL language and definitions.
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor/web site owner/maintainer be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Use of OVAL and all related data is subject to terms of use defined by Mitre at http://oval.mitre.org/oval/about/termsofuse.html