Vulnerabilities > Microsoft > Windows > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-11-05 | CVE-2009-3876 | Resource Management Errors vulnerability in SUN Jdk, JRE and SDK Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911. | 5.0 |
| 2009-11-05 | CVE-2009-3875 | Cryptographic Issues vulnerability in SUN Jdk, JRE and SDK The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital signatures, and possibly bypass authentication, via unspecified vectors related to "timing attack vulnerabilities," aka Bug Id 6863503. | 5.0 |
| 2009-10-22 | CVE-2009-1965 | Remote Net Foundation Layer vulnerability in Oracle Database Unspecified vulnerability in the Net Foundation Layer component in Oracle Database 9.2.0.8 and 10.1.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 5.4 |
| 2009-09-18 | CVE-2009-3243 | Multiple vulnerability in Wireshark 1.2.0/1.2.1 Unspecified vulnerability in the TLS dissector in Wireshark 1.2.0 and 1.2.1, when running on Windows, allows remote attackers to cause a denial of service (application crash) via unknown vectors related to TLS 1.2 conversations. | 5.0 |
| 2009-09-14 | CVE-2009-2804 | Numeric Errors vulnerability in Apple mac OS X, mac OS X Server and Safari Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an image, leading to a heap-based buffer overflow. | 6.8 |
| 2009-06-08 | CVE-2009-1419 | Unspecified vulnerability in HP Discovery&Dependency Mapping Inventory Unspecified vulnerability in HP Discovery & Dependency Mapping Inventory (DDMI) 2.0.0 through 2.52, 7.50, and 7.51 on Windows allows remote attackers to access DDMI agents via unknown vectors. | 4.0 |
| 2009-04-13 | CVE-2009-1267 | Denial Of Service vulnerability in Wireshark Prior to 1.0.7 Unspecified vulnerability in the LDAP dissector in Wireshark 0.99.2 through 1.0.6, when running on Windows, allows remote attackers to cause a denial of service (crash) via unknown attack vectors. | 5.0 |
| 2009-04-02 | CVE-2009-1233 | Improper Input Validation vulnerability in Apple Safari 3.2.2/4 Apple Safari 3.2.2 and 4 Beta on Windows allows remote attackers to cause a denial of service (application crash) via an XML document containing many nested A elements. | 4.3 |
| 2009-03-31 | CVE-2007-6724 | Configuration vulnerability in Vidalia-Project Vidalia Bundle Vidalia bundle before 0.1.2.18, when running on Windows, installs Privoxy with a configuration file (config.txt or config) that contains an insecure enable-remote-http-toggle setting, which allows remote attackers to bypass intended access restrictions and modify configuration. | 5.0 |
| 2009-03-31 | CVE-2007-6723 | Configuration vulnerability in Anonymityanywhere Tork 0.22 TorK before 0.22, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration. | 4.3 |