OVAL Definitions - Family: unix

Filter: Compliance Inventory Patch Vulnerability All
Title Definition Id Class Family
The rsvp_print function in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop... oval:org.mitre.oval:def:10732 Vulnerability unix
The rw_vm function in usercopy.c in the 4GB split patch for the Linux kernel in Red Hat Enterprise Linux 4 does not perf... oval:org.mitre.oval:def:11556 Vulnerability unix
The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval... oval:org.mitre.oval:def:9807 Vulnerability unix
The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0... oval:org.mitre.oval:def:11530 Vulnerability unix
The Samba smbd service should be enabled or disabled as approriate oval:gov.irs.sol10:def:21 Compliance unix
The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow us... oval:org.mitre.oval:def:9876 Vulnerability unix
The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem in the Linux kernel 2.6.26.3 does not check for t... oval:org.mitre.oval:def:9364 Vulnerability unix
The scm_send function in the scm layer for Linux kernel 2.4.x up to 2.4.28, and 2.6.x up to 2.6.9, allows local users to... oval:org.mitre.oval:def:11816 Vulnerability unix
The SCTP dissector in Wireshark (formerly Ethereal) 0.99.5 through 0.99.7 allows remote attackers to cause a denial of s... oval:org.mitre.oval:def:11378 Vulnerability unix
The SCTP-netfilter code in Linux kernel before 2.6.16.13 allows remote attackers to trigger a denial of service (infinit... oval:org.mitre.oval:def:10373 Vulnerability unix
The sctp_new function in (1) ip_conntrack_proto_sctp.c and (2) nf_conntrack_proto_sctp.c in Netfilter in Linux kernel 2.... oval:org.mitre.oval:def:10116 Vulnerability unix
The sctp_process_unk_param function in net/sctp/sm_make_chunk.c in the Linux kernel 2.6.33.3 and earlier, when SCTP is e... oval:org.mitre.oval:def:11416 Vulnerability unix
The sctp_rcv_ootb function in the SCTP implementation in the Linux kernel before 2.6.23 allows remote attackers to cause... oval:org.mitre.oval:def:11160 Vulnerability unix
The search_binary_handler function in exec.c in Linux 2.4 kernel on 64-bit x86 architectures does not check a return cod... oval:org.mitre.oval:def:10649 Vulnerability unix
The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an en... oval:org.mitre.oval:def:10580 Vulnerability unix
The SELinux version of PAM before 0.78 r3 allows local users to perform brute force password guessing attacks via unix_c... oval:org.mitre.oval:def:10193 Vulnerability unix
The selinux_ptrace logic in hooks.c in SELinux for Linux 2.6.6 allows local users with ptrace permissions to change the ... oval:org.mitre.oval:def:10102 Vulnerability unix
The sendmail services should be enabled or disabled as appropriate. oval:gov.irs.sol10:def:5 Compliance unix
The seqfile handling (ip6fl_get_n function in ip6_flowlabel.c) in Linux kernel 2.6 up to 2.6.18-stable allows local user... oval:org.mitre.oval:def:9311 Vulnerability unix
The session restore feature in Mozilla Firefox 3.x before 3.0.4 and 2.x before 2.0.0.18 allows remote attackers to viola... oval:org.mitre.oval:def:10943 Vulnerability unix
The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert a... oval:org.mitre.oval:def:9792 Vulnerability unix
The setroubleshoot package should not be installed oval:gov.irs.rhel5:def:79 Compliance unix
The setsockopt function in the L2CAP and HCI Bluetooth support in the Linux kernel before 2.4.34.3 allows context-depend... oval:org.mitre.oval:def:10626 Vulnerability unix
The setTimeout function in Mozilla Firefox before 3.0.12 does not properly preserve object wrapping, which allows remote... oval:org.mitre.oval:def:10572 Vulnerability unix
The SharedX program recserv is vulnerable to a denial of service attack. oval:org.mitre.oval:def:5752 Vulnerability unix
The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary ... oval:org.mitre.oval:def:10754 Vulnerability unix
The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary ... oval:org.mitre.oval:def:10246 Vulnerability unix
The shmctl function in Linux 2.6.9 and earlier allows local users to unlock the memory of other processes, which could c... oval:org.mitre.oval:def:8778 Vulnerability unix
The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly clear allocated memory i... oval:org.mitre.oval:def:8920 Vulnerability unix
The shmem_nopage function in shmem.c for the tmpfs driver in Linux kernel 2.6 does not properly verify the address argum... oval:org.mitre.oval:def:10400 Vulnerability unix

OVAL Definitions By Referenced Objects

How does it work?   User agreement and privacy statement   About & Contact
CVE is a registred trademark of the MITRE Corporation and the authoritive source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritive source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritive source of OVAL content is MITRE's OVAL web site.
Warning: This site and all data are provided as is. It is not guaranteed that all information is accurate and complete. Use any information provided on this site at your own risk. By using this site you accept that you know that these data are provided as is and not guaranteed to be accurate, correct or complete. All trademarks appearing on this site are the property of their respective owners in the US or other countries. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss. PLEASE SEE nvd.nist.gov and oval.mitre.org for more details about OVAL language and definitions.
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor/web site owner/maintainer be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Use of OVAL and all related data is subject to terms of use defined by Mitre at http://oval.mitre.org/oval/about/termsofuse.html