Vulnerabilities > Microsoft > Windows > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-11-21 | CVE-2012-4206 | Arbitrary Code Execution vulnerability in Mozilla Firefox and Firefox ESR Untrusted search path vulnerability in the installer in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 on Windows allows local users to gain privileges via a Trojan horse DLL in the default downloads directory. | 6.9 |
| 2012-08-31 | CVE-2012-4171 | Remote Denial of Service vulnerability in Adobe Flash Player and AIR Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow attackers to cause a denial of service (application crash) by leveraging a logic error during handling of Firefox dialogs. | 5.0 |
| 2012-08-29 | CVE-2012-3974 | Resource Management Errors vulnerability in Mozilla products Untrusted search path vulnerability in the installer in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 on Windows allows local users to gain privileges via a Trojan horse executable file in a root directory. | 6.9 |
| 2012-08-23 | CVE-2010-5145 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Websense web Filter and Websense web Security The Filtering Service in Websense Web Security and Web Filter before 6.3.1 Hotfix 136 and 7.x before 7.1.1 on Windows allows remote attackers to cause a denial of service (filtering outage) via a crafted sequence of characters in a URI. | 4.3 |
| 2012-08-21 | CVE-2012-4168 | Information Exposure vulnerability in Adobe Air, AIR SDK and Flash Player Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow remote attackers to read content from a different domain via a crafted web site. | 4.3 |
| 2012-08-06 | CVE-2012-4144 | Cross-Site Scripting vulnerability in Opera Browser Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, does not properly escape characters in DOM elements, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted HTML document. | 4.3 |
| 2012-08-06 | CVE-2012-4143 | Code Injection vulnerability in Opera Browser Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, allows user-assisted remote attackers to trick users into downloading and executing arbitrary files via a small window for the download dialog, a different vulnerability than CVE-2012-1924. | 6.8 |
| 2012-08-06 | CVE-2012-4142 | Cross-Site Scripting vulnerability in Opera Browser Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, ignores some characters in HTML documents in unspecified circumstances, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document. | 4.3 |
| 2012-07-17 | CVE-2012-1746 | Unspecified vulnerability in Oracle Database Server Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, when running on Windows, allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2012-1747. | 5.0 |
| 2012-06-29 | CVE-2012-2016 | Unspecified vulnerability in HP System Management Homepage Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows local users to obtain sensitive information via unknown vectors. | 4.9 |