Vulnerabilities > Microsoft > Windows XP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-09-15 | CVE-2010-1891 | Permissions, Privileges, and Access Controls vulnerability in Microsoft Windows Server 2003 and Windows XP The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2, when a Chinese, Japanese, or Korean locale is enabled, does not properly allocate memory for transactions, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Elevation of Privilege Vulnerability." | 6.9 |
| 2010-08-11 | CVE-2010-1888 | Race Condition vulnerability in Microsoft Windows XP Race condition in the kernel in Microsoft Windows XP SP3 allows local users to gain privileges via vectors involving thread creation, aka "Windows Kernel Data Initialization Vulnerability." | 6.8 |
| 2010-07-30 | CVE-2010-1778 | Cross-Site Scripting vulnerability in Apple Safari and Webkit Cross-site scripting (XSS) vulnerability in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via an RSS feed. | 4.3 |
| 2010-07-02 | CVE-2010-2594 | Cross-Site Request Forgery (CSRF) vulnerability in Intersect Alliance Snare Agent and Snare Epilog Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Solaris, Snare Agent 3.1.7 and earlier on Windows, Snare Agent 1.5.0 and earlier on Linux and AIX, Snare Agent 1.4 and earlier on IRIX, Snare Epilog 1.5.3 and earlier on Windows, and Snare Epilog 1.2 and earlier on UNIX allow remote attackers to hijack the authentication of administrators for requests that (1) change the password or (2) change the listening port. | 6.8 |
| 2010-06-15 | CVE-2010-2265 | Cross-Site Scripting vulnerability in Microsoft products Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm. | 4.3 |
| 2010-06-11 | CVE-2010-2264 | Information Exposure vulnerability in Apple Safari and Webkit The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document. | 4.3 |
| 2010-06-11 | CVE-2010-1764 | Multiple Security vulnerability in RETIRED: Apple Safari Prior to 5.0 and 4.1 WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, follows multiple redirections during form submission, which allows remote web servers to obtain sensitive information by recording the form data. | 4.3 |
| 2010-06-11 | CVE-2010-1762 | Cross-Site Scripting vulnerability in Apple Safari and Webkit Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML in a TEXTAREA element. | 4.3 |
| 2010-06-11 | CVE-2010-1421 | Multiple Security vulnerability in RETIRED: Apple Safari Prior to 5.0 and 4.1 The execCommand JavaScript function in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict remote execution of clipboard commands, which allows remote attackers to modify the clipboard via a crafted HTML document. | 4.3 |
| 2010-06-11 | CVE-2010-1418 | Cross-Site Scripting vulnerability in Apple Safari and Webkit Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via a FRAME element with a SRC attribute composed of a javascript: sequence preceded by spaces. | 4.3 |