Vulnerabilities > Microsoft > Windows
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-01-31 | CVE-2011-0450 | Remote Security vulnerability in Opera Web Browser The downloads manager in Opera before 11.01 on Windows does not properly determine the pathname of the filesystem-viewing application, which allows user-assisted remote attackers to execute arbitrary code via a crafted web site that hosts an executable file. | 7.6 |
2011-01-25 | CVE-2011-0638 | Configuration vulnerability in Microsoft Windows Microsoft Windows does not properly warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer. | 6.9 |
2011-01-19 | CVE-2010-4423 | Local Privilege-Escalation vulnerability in Oracle Database Server 10.2.0.4/10.2.0.5/11.1.0.7 Unspecified vulnerability in the Cluster Verify Utility component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1, when running on Windows, allows local users to affect confidentiality, integrity, and availability via unknown vectors. | 6.9 |
2010-12-22 | CVE-2010-4114 | Cross-Site Scripting vulnerability in HP Discovery&Dependency Mapping Inventory Cross-site scripting (XSS) vulnerability in HP Discovery & Dependency Mapping Inventory (DDMI) 2.5x, 7.5x, and 7.6x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2010-12-22 | CVE-2010-4111 | Cross-Site Scripting vulnerability in HP Insight Diagnostics Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.1.3712 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2010-12-22 | CVE-2010-4587 | Unspecified vulnerability in Opera Browser Opera before 11.00 on Windows does not properly implement the Insecure Third Party Module warning message, which might make it easier for user-assisted remote attackers to have an unspecified impact via a crafted module. | 9.3 |
2010-12-17 | CVE-2010-2603 | Cryptographic Issues vulnerability in RIM Blackberry Desktop Software RIM BlackBerry Desktop Software 4.7 through 6.0 for PC, and 1.0 for Mac, uses a weak password to encrypt a database backup file, which makes it easier for local users to decrypt the file via a brute force attack. | 2.1 |
2010-12-10 | CVE-2010-3769 | Buffer Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird The line-breaking implementation in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 on Windows does not properly handle long strings, which allows remote attackers to execute arbitrary code via a crafted document.write call that triggers a buffer over-read. | 9.3 |
2010-12-09 | CVE-2010-1508 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Heap-based buffer overflow in Apple QuickTime before 7.6.9 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Track Header (aka tkhd) atoms. | 9.3 |
2010-12-09 | CVE-2010-0530 | Permissions, Privileges, and Access Controls vulnerability in Apple Quicktime Apple QuickTime before 7.6.9 on Windows sets weak permissions for the Apple Computer directory in the profile of a user account, which allows local users to obtain sensitive information by reading files in this directory. | 2.1 |