U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:microsoft:windows_7:-:*:x86:*:*:*:*:*
  • CPE Name Search: true
There are 707 matching records.
Displaying matches 621 through 640.
Vuln ID Summary CVSS Severity
CVE-2010-1400

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving caption elements.

Published: June 11, 2010; 2:00:29 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1399

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during a selection change on a form input element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document.

Published: June 11, 2010; 2:00:29 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1398

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly perform ordered list insertions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document, related to the insertion of an unspecified element into an editable container and the access of an uninitialized element.

Published: June 11, 2010; 2:00:29 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1397

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to a layout change during selection rendering and the DOCUMENT_POSITION_DISCONNECTED attribute in a container of an unspecified type.

Published: June 11, 2010; 2:00:24 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1396

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the contentEditable attribute and removing container elements.

Published: June 11, 2010; 2:00:24 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1395

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving DOM constructor objects, related to a "scope management issue."

Published: June 11, 2010; 2:00:24 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-1394

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML document fragments.

Published: June 11, 2010; 2:00:24 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-1393

The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to discover sensitive URLs via an HREF attribute associated with a redirecting URL.

Published: June 11, 2010; 2:00:24 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-1392

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to HTML buttons and the first-letter CSS style.

Published: June 11, 2010; 2:00:21 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1391

Multiple directory traversal vulnerabilities in the (a) Local Storage and (b) Web SQL database implementations in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allow remote attackers to create arbitrary database files via vectors involving a (1) %2f and .. (dot dot) or (2) %5c and .. (dot dot) in a URL.

Published: June 11, 2010; 2:00:21 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-1390

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to improper UTF-7 canonicalization, and lack of termination of a quoted string in an HTML document.

Published: June 11, 2010; 2:00:21 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-1389

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) paste or (2) drag-and-drop operation for a selection.

Published: June 11, 2010; 2:00:20 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-1388

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6, and before 4.1 on Mac OS X 10.4, does not properly handle clipboard (1) drag and (2) paste operations for URLs, which allows user-assisted remote attackers to read arbitrary files via a crafted HTML document.

Published: June 11, 2010; 2:00:20 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-1385

Use-after-free vulnerability in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.

Published: June 11, 2010; 2:00:15 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1384

Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not provide a warning about a (1) http or (2) https URL that contains a username and password, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL.

Published: June 11, 2010; 2:00:15 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-1262

Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to the CStyleSheet object and a free of the root container, aka "Memory Corruption Vulnerability."

Published: June 08, 2010; 6:30:01 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1261

The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."

Published: June 08, 2010; 6:30:01 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1260

The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability."

Published: June 08, 2010; 6:30:01 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1259

Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."

Published: June 08, 2010; 6:30:01 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1255

The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, aka "Win32k TrueType Font Parsing Vulnerability."

Published: June 08, 2010; 6:30:01 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM