| | | |
| | |
 | Loading… |
| compliance |
| inventory |
| miscellaneous |
| patch |
| vulnerability |
|
|
| oval:org.mitre.oval:def:998 | 35 | Solaris Xorg Privilege Escalation via Pixmaps Vulnerability | vulnerability |
| oval:org.mitre.oval:def:994 | 4 | CVS error_prog_name Double-free Vulnerability | vulnerability |
| oval:org.mitre.oval:def:993 | 4 | CVS Improper Handling of Malformed Entry Lines | vulnerability |
| oval:org.mitre.oval:def:9928 | 6 | Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via a crafted PDF file that calls an insecure JavaScript method in the EScript.api plug-in. NOTE: this issue might be subsumed by CVE-2008-0655. | vulnerability |
| oval:org.mitre.oval:def:992 | 42 | HP-UX Running on Itanium Platforms Local Denial of Service (DoS) | vulnerability |
| oval:org.mitre.oval:def:9914 | 6 | Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application, a different issue than CVE-2008-1191, aka the "fourth" issue. | vulnerability |
| oval:org.mitre.oval:def:991 | 39 | Multiple BO Vulnerabilities in MIT Kerberos 5 | vulnerability |
| oval:org.mitre.oval:def:9898 | 6 | The Java Virtual Machine (JVM) in Sun Java Runtime Environment (JRE) in SDK and JRE 1.3.x through 1.3.1_20 and 1.4.x through 1.4.2_15, and JDK and JRE 5.x through 5.0 Update 12 and 6.x through 6 Update 2, allows remote attackers to execute arbitrary programs, or read or modify arbitrary files, via applets that grant privileges to themselves. | vulnerability |
| oval:org.mitre.oval:def:988 | 4 | Ethereal MMSE Dissector Vulnerability | vulnerability |
| oval:org.mitre.oval:def:987 | 4 | Ethereal SPNEGO Dissector Vulnerability | vulnerability |
| oval:org.mitre.oval:def:986 | 4 | Ethereal AIM Dissector Vulnerability | vulnerability |
| oval:org.mitre.oval:def:9847 | 6 | The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the "external general entities" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources. | vulnerability |
| oval:org.mitre.oval:def:984 | 40 | Racoon Denial of Service via Large Length Field | vulnerability |
| oval:org.mitre.oval:def:9828 | 6 | Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player allow remote attackers to inject arbitrary web script or HTML via a crafted SWF file, related to "pre-generated SWF files" and Adobe Dreamweaver CS3 or Adobe Acrobat Connect. NOTE: the asfunction: vector is already covered by CVE-2007-6244.1. | vulnerability |
| oval:org.mitre.oval:def:982 | 4 | Ethereal Denial of Service via SIP Messages | vulnerability |
| oval:org.mitre.oval:def:9813 | 6 | Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods. NOTE: this issue might be subsumed by CVE-2008-0655. | vulnerability |
| oval:org.mitre.oval:def:980 | 6 | NTLM Authentication BO in Squid Web Proxy Cache | vulnerability |
| oval:org.mitre.oval:def:979 | 3 | Utempter Directory Traversal Vulnerability | vulnerability |
| oval:org.mitre.oval:def:978 | 4 | Multiple Directory Traversal Vulnerabilities in LHA | vulnerability |
| oval:org.mitre.oval:def:977 | 4 | Multiple BO Vulnerabilities in LHA get_header Function | vulnerability |
| oval:org.mitre.oval:def:976 | 4 | tcpdump Identification Payload in ISAKMP Packets Vulnerability | vulnerability |
| oval:org.mitre.oval:def:9755 | 6 | Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074. | vulnerability |
| oval:org.mitre.oval:def:975 | 39 | Red Hat OpenSSL do_change_cipher_spec Function Denial of Service | vulnerability |
| oval:org.mitre.oval:def:9731 | 6 | The DOC.print function in the Adobe JavaScript API, as used by Adobe Acrobat and Reader before 8.1.2, allows remote attackers to configure silent non-interactive printing, and trigger the printing of an arbitrary number of copies of a document. NOTE: this issue might be subsumed by CVE-2008-0655. | vulnerability |
| oval:org.mitre.oval:def:9729 | 6 | Unspecified vulnerability in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 6 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allows attackers to use untrusted applets to "access data in other applets," aka "The second issue." | vulnerability |
| oval:org.mitre.oval:def:972 | 4 | tcpdump Delete Payload in ISAKMP Packets Vulnerability | vulnerability |
| oval:org.mitre.oval:def:971 | 37 | libpng Malformed PNG Image Vulnerability | vulnerability |
| oval:org.mitre.oval:def:970 | 38 | CVS pserver BO | vulnerability |
| oval:org.mitre.oval:def:97 | 38 | Solaris cachefsd Buffer Overrun Vulnerability | vulnerability |
| oval:org.mitre.oval:def:9693 | 6 | Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)." | vulnerability |
| oval:org.mitre.oval:def:9684 | 6 | Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters. | vulnerability |
| oval:org.mitre.oval:def:9672 | 6 | Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1186, aka "the first issue." | vulnerability |
| oval:org.mitre.oval:def:967 | 37 | rsync Path Sanitation Vulnerability | vulnerability |
| oval:org.mitre.oval:def:9621 | 6 | Multiple unspecified vulnerabilities in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, and Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, allow attackers to develop Java applets or applications that are able to gain privileges, related to serialization in JRE. | vulnerability |
| oval:org.mitre.oval:def:960 | 4 | Magick XWD Decoder DoS | vulnerability |
| oval:org.mitre.oval:def:9585 | 6 | Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 5.0 Update 13 and earlier, and SDK/JRE 1.4.2_16 and earlier, allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1185, aka "the second issue." | vulnerability |
| oval:org.mitre.oval:def:9582 | 6 | Buffer overflow in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different issue than CVE-2008-1188, aka the "third" issue. | vulnerability |
| oval:org.mitre.oval:def:9565 | 6 | Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the security model for an applet's outbound connections by connecting to localhost services running on the machine that loaded the applet. | vulnerability |
| oval:org.mitre.oval:def:9546 | 6 | Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks. | vulnerability |
| oval:org.mitre.oval:def:9542 | 7 | Multiple unspecified vulnerabilities in the color management library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to cause a denial of service (crash) via unknown vectors. | vulnerability |