Vulnerabilities > Microsoft > Windows 7 > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-02-02 | CVE-2010-4562 | Information Exposure vulnerability in Microsoft products Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. | 4.3 |
| 2011-12-07 | CVE-2011-4695 | Local Security vulnerability in Windows 7 Home Premium Unspecified vulnerability in Microsoft Windows 7 SP1, when Java is installed, allows local users to bypass Internet Explorer sandbox restrictions and gain privileges via unknown vectors, as demonstrated by the White Phosphorus wp_ie_sandbox_escape module for Immunity CANVAS. local microsoft | 6.9 |
| 2011-07-21 | CVE-2011-0244 | Information Exposure vulnerability in Apple Safari and Webkit WebKit in Apple Safari before 5.0.6 allows user-assisted remote attackers to read arbitrary files via vectors related to improper canonicalization of URLs within RSS feeds. | 4.3 |
| 2011-07-21 | CVE-2011-0242 | Cross-Site Scripting vulnerability in Apple Safari and Webkit Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors involving a URL that contains a username. | 4.3 |
| 2011-07-21 | CVE-2011-0219 | Permissions, Privileges, and Access Controls vulnerability in Apple Safari and Webkit Apple Safari before 5.0.6 allows remote attackers to bypass the Same Origin Policy, and modify the rendering of text from arbitrary web sites, via a Java applet that loads fonts. | 5.8 |
| 2011-07-21 | CVE-2011-0217 | Information Exposure vulnerability in Apple Safari Apple Safari before 5.0.6 provides AutoFill information to scripts that execute before HTML form submission, which allows remote attackers to obtain Address Book information via a crafted form, as demonstrated by a form that includes non-visible fields. | 4.3 |
| 2011-07-21 | CVE-2011-0214 | Cryptographic Issues vulnerability in Apple Cfnetwork and Safari CFNetwork in Apple Safari before 5.0.6 on Windows does not properly handle an untrusted attribute of a system root certificate, which allows remote web servers to bypass intended SSL restrictions via a certificate signed by a blacklisted certification authority. | 5.0 |
| 2011-07-21 | CVE-2010-1420 | Cross-Site Scripting vulnerability in Apple Cfnetwork and Safari Cross-site scripting (XSS) vulnerability in CFNetwork in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted text/plain file. | 4.3 |
| 2011-02-10 | CVE-2011-0091 | Improper Authentication vulnerability in Microsoft Windows 7 and Windows Server 2008 Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network traffic and obtain sensitive information via a DES downgrade, aka "Kerberos Spoofing Vulnerability." | 6.4 |
| 2011-02-09 | CVE-2011-0031 | Information Exposure vulnerability in Microsoft Windows 7 and Windows Server 2008 The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, aka "Scripting Engines Information Disclosure Vulnerability." | 4.3 |