OVALdb logo

Professional OVAL Repository

Skip Navigation LinksCategories > Latest Updates
Date Range
v
Class
v
Namespace
v
Search

New Definitions:
Page 1 of 20 (769 items)Prev1234567181920Next
OVALid 
Version 
Class 
Title 
Created 
[Condition]
[Condition]
xv
[Condition]
xv
[Condition]
oval:ru.altx-soft.win:def:474781inventoryMySQL Workbench is installed4/25/2017
oval:com.altx-soft.win:def:474771vulnerabilityVulnerability in MySQL Workbench 6.3.8 and earlier (CVE-2017-3469)4/25/2017
oval:com.altx-soft.win:def:474761vulnerabilityVulnerability in MySQL Enterprise Monitor 3.1.6.8003 and earlier, 3.2.1182 and earlier and 3.3.2.1162 and earlier (CVE-2017-3307)4/25/2017
oval:com.altx-soft.win:def:474751vulnerabilityVulnerability in MySQL Enterprise Monitor 3.1.6.8003 and earlier, 3.2.1182 and earlier and 3.3.2.1162 and earlier (CVE-2017-3306)4/25/2017
oval:com.altx-soft.win:def:474741vulnerabilityVulnerability in MySQL Cluster 7.2.27 and earlier, 7.3.16 and earlier, 7.4.14 and earlier and 7.5.5 and earlier (CVE-2017-3304)4/25/2017
oval:ru.altx-soft.win:def:474731vulnerabilityЦелочисленное переполнение в Google Chrome до 57.0.2987.98 (CVE-2017-5051)4/25/2017
oval:ru.altx-soft.win:def:474721vulnerabilityЦелочисленное переполнение в Google Chrome до 57.0.2987.98 (CVE-2017-5050)4/25/2017
oval:ru.altx-soft.win:def:474711vulnerabilityЦелочисленное переполнение в Google Chrome до 57.0.2987.98 (CVE-2017-5049)4/25/2017
oval:ru.altx-soft.win:def:474701vulnerabilityЦелочисленное переполнение в Google Chrome до 57.0.2987.98 (CVE-2017-5048)4/25/2017
oval:ru.altx-soft.win:def:474691vulnerabilityЦелочисленное переполнение в Google Chrome до 57.0.2987.98 (CVE-2017-5047)4/25/2017
oval:ru.altx-soft.win:def:474681vulnerabilityУязвимость в Oracle Berkeley DB до 6.2.32 (CVE-2017-3617)4/25/2017
oval:ru.altx-soft.win:def:474671vulnerabilityУязвимость в Oracle Berkeley DB до 6.2.32 (CVE-2017-3616)4/25/2017
oval:ru.altx-soft.win:def:474661vulnerabilityУязвимость в Oracle Berkeley DB до 6.2.32 (CVE-2017-3615)4/25/2017
oval:ru.altx-soft.win:def:474651vulnerabilityУязвимость в Oracle Berkeley DB до 6.2.32 (CVE-2017-3614)4/25/2017
oval:ru.altx-soft.win:def:474641vulnerabilityУязвимость в Oracle Berkeley DB до 6.2.32 (CVE-2017-3613)4/25/2017
oval:ru.altx-soft.win:def:474631vulnerabilityУязвимость в Oracle Berkeley DB до 6.2.32 (CVE-2017-3612)4/25/2017
oval:ru.altx-soft.win:def:474621vulnerabilityУязвимость в Oracle Berkeley DB до 6.2.32 (CVE-2017-3611)4/25/2017
oval:ru.altx-soft.win:def:474611vulnerabilityУязвимость в Oracle Berkeley DB до 6.2.32 (CVE-2017-3610)4/25/2017
oval:ru.altx-soft.win:def:474601vulnerabilityУязвимость в Oracle Berkeley DB до 6.2.32 (CVE-2017-3609)4/25/2017
oval:ru.altx-soft.win:def:474591vulnerabilityУязвимость в Oracle Berkeley DB до 6.2.32 (CVE-2017-3608)4/25/2017
oval:ru.altx-soft.win:def:474581vulnerabilityУязвимость в Oracle Berkeley DB до 6.2.32 (CVE-2017-3607)4/25/2017
oval:ru.altx-soft.win:def:474571vulnerabilityУязвимость в Oracle Berkeley DB до 6.2.32 (CVE-2017-3606)4/25/2017
oval:ru.altx-soft.win:def:474561vulnerabilityУязвимость в Oracle Berkeley DB до 6.2.32 (CVE-2017-3605)4/25/2017
oval:ru.altx-soft.win:def:474551vulnerabilityУязвимость в Oracle Berkeley DB до 6.2.32 (CVE-2017-3604)4/25/2017
oval:ru.altx-soft.win:def:474541vulnerabilityУязвимость в Oracle MySQL Server 5.5.54 и ниже, 5.6.35 и ниже и 5.7.17 и ниже (CVE-2017-3600)4/25/2017
oval:ru.altx-soft.win:def:474531vulnerabilityУязвимость в Oracle MySQL Server 5.6.35 и ниже и 5.7.17 и ниже (CVE-2017-3599)4/25/2017
oval:ru.altx-soft.win:def:474521vulnerabilityУязвимость в Oracle MySQL 5.1.41 и ниже (CVE-2017-3589)4/25/2017
oval:ru.altx-soft.win:def:474511vulnerabilityУязвимость в Oracle VM VirtualBox до 5.0.38 и до 5.1.20 (CVE-2017-3587)4/25/2017
oval:ru.altx-soft.win:def:474501vulnerabilityУязвимость в Oracle MySQL 5.1.41 и ниже (CVE-2017-3586)4/25/2017
oval:ru.altx-soft.win:def:474491vulnerabilityУязвимость в Oracle VM VirtualBox до 5.0.38 и до 5.1.20 (CVE-2017-3576)4/25/2017
oval:ru.altx-soft.win:def:474481vulnerabilityУязвимость в Oracle VM VirtualBox до 5.0.38 и до 5.1.20 (CVE-2017-3575)4/25/2017
oval:ru.altx-soft.win:def:474471vulnerabilityУязвимость в Oracle Database Server 11.2.0.4 и 12.1.0.2 (CVE-2017-3567)4/25/2017
oval:ru.altx-soft.win:def:474461vulnerabilityУязвимость в Oracle VM VirtualBox до 5.0.38 и до 5.1.20 (CVE-2017-3563)4/25/2017
oval:ru.altx-soft.win:def:474451vulnerabilityУязвимость в Oracle VM VirtualBox до 5.0.38 и до 5.1.20 (CVE-2017-3561)4/25/2017
oval:ru.altx-soft.win:def:474441vulnerabilityУязвимость в Oracle VM VirtualBox до 5.0.38 и до 5.1.20 (CVE-2017-3559)4/25/2017
oval:ru.altx-soft.win:def:474431vulnerabilityУязвимость в Oracle VM VirtualBox до 5.0.38 и до 5.1.20 (CVE-2017-3558)4/25/2017
oval:ru.altx-soft.win:def:474421vulnerabilityУязвимость в Oracle PeopleSoft PeopleTools 8.54 и 8.55 (CVE-2017-3548)4/25/2017
oval:ru.altx-soft.win:def:474411vulnerabilityУязвимость в Oracle PeopleSoft PeopleTools 8.54 и 8.55 (CVE-2017-3547)4/25/2017
oval:ru.altx-soft.win:def:474401vulnerabilityУязвимость в Oracle PeopleSoft PeopleTools 8.54 и 8.55 (CVE-2017-3546)4/25/2017
oval:ru.altx-soft.win:def:474391vulnerabilityУязвимость в Oracle Java SE 6u141, 7u131 и 8u121 (CVE-2017-3544)4/25/2017
Page 1 of 20 (769 items)Prev1234567181920Next


Modified Definitions:
Page 1 of 230 (9179 items)Prev1234567228229230Next
OVALid 
Version 
Class 
Title 
Updated 
[Condition]
[Condition]
xv
[Condition]
xv
[Condition]
oval:org.cisecurity:def:21722vulnerabilityBuffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 – CVE-2017-72694/23/2017
oval:org.cisecurity:def:21713vulnerabilityWindows OLE Elevation of Privilege Vulnerability – CVE-2017-02114/23/2017
oval:org.cisecurity:def:21703vulnerabilityWin32k Information Disclosure Vulnerability – CVE-2017-00584/23/2017
oval:org.cisecurity:def:21693vulnerabilityWin32k Elevation of Privilege Vulnerability – CVE-2017-01894/23/2017
oval:org.cisecurity:def:21682vulnerabilityMicrosoft Office Security Feature Bypass Vulnerability – CVE-2017-02044/23/2017
oval:org.cisecurity:def:21653vulnerabilityWindows Graphics Component Elevation of Privilege Vulnerability – CVE-2017-01564/23/2017
oval:org.cisecurity:def:21642vulnerabilityMicrosoft Outlook Remote Code Execution Vulnerability – CVE-2017-01064/23/2017
oval:org.cisecurity:def:21633vulnerabilityWindows Graphics Elevation of Privilege Vulnerability – CVE-2017-01554/23/2017
oval:org.cisecurity:def:21623vulnerabilityWin32k Information Disclosure Vulnerability – CVE-2017-01884/23/2017
oval:org.cisecurity:def:21613vulnerabilityWindows Kernel Information Disclosure Vulnerability – CVE-2017-01674/23/2017
oval:org.cisecurity:def:21672inventoryMicrosoft Outlook 2013 SP1 is installed4/23/2017
oval:org.cisecurity:def:21662inventoryMicrosoft Outlook 2016 is installed4/23/2017
oval:org.mitre.oval:def:999914vulnerabilityRace condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm.4/22/2017
oval:org.mitre.oval:def:999812vulnerabilityHeap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp.4/22/2017
oval:org.mitre.oval:def:999713vulnerabilityThe (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.4/22/2017
oval:org.mitre.oval:def:999614vulnerabilityStack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal.4/22/2017
oval:org.mitre.oval:def:999513vulnerabilityThe Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running on AMD64 and other 7th and 8th generation AuthenticAMD processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one process to determine portions of the state of floating point instructions of other processes, which can be leveraged to obtain sensitive information such as cryptographic keys. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processers in a security-relevant fashion that was not addressed by the kernels.4/22/2017
oval:org.mitre.oval:def:999414vulnerabilityMozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a multipart/alternative e-mail message containing a text/enhanced part that triggers access to an incorrect object type.4/22/2017
oval:org.mitre.oval:def:999312vulnerabilitypwmconfig in LM_sensors before 2.9.1 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the fancontrol temporary file.4/22/2017
oval:org.mitre.oval:def:999213vulnerabilityXpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.4/22/2017
oval:org.mitre.oval:def:999113vulnerabilityInteger overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures.4/22/2017
oval:org.mitre.oval:def:999014vulnerabilityThe nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver.4/22/2017
oval:org.mitre.oval:def:99951vulnerabilityHyperlink Object Buffer Overflow Vulnerability4/22/2017
oval:org.mitre.oval:def:998913vulnerabilityThe print_attr_string function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a RADIUS attribute with a large length value.4/22/2017
oval:org.mitre.oval:def:998813vulnerabilityMultiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving "a shortcoming in the magicHTML filter."4/22/2017
oval:org.mitre.oval:def:998714vulnerabilityThe originates_from_local_legacy_unicast_socket function (avahi-core/server.c) in avahi-daemon in Avahi before 0.6.24 allows remote attackers to cause a denial of service (crash) via a crafted mDNS packet with a source port of 0, which triggers an assertion failure.4/22/2017
oval:org.mitre.oval:def:998613vulnerabilityNet-SNMP 5.0.x before 5.0.10.2, 5.2.x before 5.2.1.2, and 5.1.3, when net-snmp is using stream sockets such as TCP, allows remote attackers to cause a denial of service (daemon hang and CPU consumption) via a TCP packet of length 1, which triggers an infinite loop.4/22/2017
oval:org.mitre.oval:def:998513vulnerabilityRIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE.4/22/2017
oval:org.mitre.oval:def:998414vulnerabilityThe BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.4/22/2017
oval:org.mitre.oval:def:998313vulnerabilityMultiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations".4/22/2017
oval:org.mitre.oval:def:998214vulnerabilityUnspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has unknown impact and attack vectors related to "missing sanity checks around exif processing."4/22/2017
oval:org.mitre.oval:def:998114vulnerabilityBuffer overflow in the extract_one function from lhext.c in LHA may allow attackers to execute arbitrary code via a long w (working directory) command line option, a different issue than CVE-2004-0769. NOTE: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise used across security boundaries.4/22/2017
oval:org.mitre.oval:def:998014vulnerabilityThe generic_file_splice_write function in fs/splice.c in the Linux kernel before 2.6.19 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by splicing into an inode in order to create an executable file in a setgid directory, a different vulnerability than CVE-2008-4210.4/22/2017
oval:org.mitre.oval:def:997914vulnerabilityArray index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file.4/22/2017
oval:org.mitre.oval:def:997813vulnerabilityLinux kernel 2.4.x and 2.6.x up to 2.6.16 allows local users to bypass IPC permissions and modify a readonly attachment of shared memory by using mprotect to give write permission to the attachment. NOTE: some original raw sources combined this issue with CVE-2006-1524, but they are different bugs.4/22/2017
oval:org.mitre.oval:def:997714vulnerabilityRed Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named.4/22/2017
oval:org.mitre.oval:def:997613vulnerabilitySquid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered and the environment does not prevent IP spoofing, allows remote attackers to spoof DNS lookups.4/22/2017
oval:org.mitre.oval:def:997513vulnerabilityRace condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by Unzip after the decompression is complete.4/22/2017
oval:org.mitre.oval:def:997414vulnerabilityUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) "a similar trust issue with interfaces," aka "Trusted Methods Chaining Remote Code Execution Vulnerability."4/22/2017
oval:org.mitre.oval:def:997314vulnerabilitysrc/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP packets, which allows remote SDP servers to cause a denial of service or possibly have unspecified other impact via a crafted length field that triggers excessive memory allocation or a buffer over-read.4/22/2017
Page 1 of 230 (9179 items)Prev1234567228229230Next

company ALTEX-SOFT 2008-2017, © ZAO ALTEX-SOFT , ovaldb@altx-soft.com

OVAL and the OVAL logo are registered trademarks of The MITRE Corporation. Other names may be trademarks of their respective owners.