OVAL Definitions - Class: Vulnerability

Filter: Compliance Inventory Patch Vulnerability All
Title Definition Id Class Family
The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 ... oval:org.mitre.oval:def:10510 Vulnerability unix
The Plugin Finder Service (PFS) in Firefox before 1.0.3 allows remote attackers to execute arbitrary code via a javascri... oval:org.mitre.oval:def:10279 Vulnerability unix
The PLUGINSPAGE functionality in Mozilla Firefox before allows remote user-assisted attackers to execute privile... oval:org.mitre.oval:def:9768 Vulnerability unix
The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.21 and 2.4 before 2.4.14, and Strongswan 4.2 before... oval:org.mitre.oval:def:11171 Vulnerability unix
The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other application... oval:org.mitre.oval:def:10316 Vulnerability unix
The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote attackers to cause a denial of service (applicati... oval:org.mitre.oval:def:10203 Vulnerability unix
The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to ca... oval:org.mitre.oval:def:10094 Vulnerability unix
The poll_mode_io file for the megaraid_sas driver in the Linux kernel and earlier has world-writable permission... oval:org.mitre.oval:def:10310 Vulnerability unix
The popup blocker in Mozilla Firefox before opens the "blocked popups" display in the context of the Location ba... oval:org.mitre.oval:def:10650 Vulnerability unix
The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) ... oval:org.mitre.oval:def:11710 Vulnerability unix
The PreserveWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17... oval:org.mitre.oval:def:17405 Vulnerability windows
The print_attr_string function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial... oval:org.mitre.oval:def:9989 Vulnerability unix
The print_fatal_signal function in kernel/signal.c in the Linux kernel before on the i386 platform, when print-... oval:org.mitre.oval:def:10550 Vulnerability unix
The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain p... oval:org.mitre.oval:def:11291 Vulnerability unix
The processcompl_compat function in drivers/usb/core/devio.c in Linux kernel 2.6.x through 2.6.32, and possibly other ve... oval:org.mitre.oval:def:10831 Vulnerability unix
The process_logon_packet function in the nmbd server for Samba 3.0.6 and earlier, when domain logons are enabled, allows... oval:org.mitre.oval:def:10344 Vulnerability unix
The procfs code (proc_misc.c) in Linux and other versions before 2.6.15 allows attackers to read sensitive kern... oval:org.mitre.oval:def:11747 Vulnerability unix
The ProcGetReservedColormapEntries function in the TOG-CUP extension in X.Org Xserver before 1.4.1 allows context-depend... oval:org.mitre.oval:def:11754 Vulnerability unix
The Profiler implementation in Mozilla Firefox before 22.0 parses untrusted data during UI rendering, which allows user-... oval:org.mitre.oval:def:16427 Vulnerability windows
The Program::getActiveUniformMaxLength function in libGLESv2/Program.cpp in libGLESv2.dll in the WebGLES library in Almo... oval:org.mitre.oval:def:14466 Vulnerability windows
The PropertyProvider::FindJustificationRange function in Mozilla Firefox before 30.0 allows remote attackers to execute ... oval:org.mitre.oval:def:25000 Vulnerability windows
The protocolIs function in platform/KURLGoogle.cpp in WebCore in WebKit before r55822, as used in Google Chrome before 4... oval:org.mitre.oval:def:14067 Vulnerability windows
The provider-edge MPLS NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allo... oval:org.mitre.oval:def:13781 Vulnerability ios
The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and ... oval:org.mitre.oval:def:9359 Vulnerability unix
The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and ... oval:org.mitre.oval:def:10263 Vulnerability unix
The ptrace call in the Linux kernel and 2.6.10 for the AMD64 platform allows local users to cause a denial of se... oval:org.mitre.oval:def:10630 Vulnerability unix
The ptrace_start function in kernel/ptrace.c in the Linux kernel 2.6.18 does not properly handle simultaneous execution ... oval:org.mitre.oval:def:8680 Vulnerability unix
The Public Key Pinning (PKP) implementation in Google Chrome before 36.0.1985.143 on Windows does not correctly consider... oval:org.mitre.oval:def:26311 Vulnerability windows
The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2.5.6 does not properly maintain a certain buffer, ... oval:org.mitre.oval:def:10829 Vulnerability unix
The pyGrub boot loader in Xen 3.0.3, 3.3.0, and Xen-3.3.1 does not support the password option in grub.conf for para-vir... oval:org.mitre.oval:def:9466 Vulnerability unix

OVAL Definitions By Referenced Objects

How does it work?   User agreement and privacy statement   About & Contact
CVE is a registred trademark of the MITRE Corporation and the authoritive source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritive source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritive source of OVAL content is MITRE's OVAL web site.
Warning: This site and all data are provided as is. It is not guaranteed that all information is accurate and complete. Use any information provided on this site at your own risk. By using this site you accept that you know that these data are provided as is and not guaranteed to be accurate, correct or complete. All trademarks appearing on this site are the property of their respective owners in the US or other countries. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss. PLEASE SEE nvd.nist.gov and oval.mitre.org for more details about OVAL language and definitions.
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor/web site owner/maintainer be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Use of OVAL and all related data is subject to terms of use defined by Mitre at http://oval.mitre.org/oval/about/termsofuse.html