Windows 7 Security Vulnerabilities

CVE-2010-2594

Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Solaris, Snare Agent 3.1.7 and earlier on Windows, Snare Agent 1.5.0 and earlier on Linux and AIX, Snare Agent 1.4 and earlier on IRIX, Snare Epilog...

CVE-2010-2739

Buffer overflow in the CreateDIBPalette function in win32k.sys in Microsoft Windows XP SP3, Server 2003 R2 Enterprise SP2, Vista Business SP1, Windows 7, and Server 2008 SP2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by performing a clipboard...

CVE-2010-4182

Untrusted search path vulnerability in the Data Access Objects (DAO) library (dao360.dll) in Microsoft Windows XP Professional SP3, Windows Server 2003 R2 Enterprise Edition SP3, Windows Vista Business SP1, and Windows 7 Professional allows local users, and possibly remote attackers, to execute...

CVE-2010-4562

Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a...

CVE-2010-1383

CFNetwork in Apple Safari before 5.0.6 on Windows allows remote web servers to execute arbitrary code by replaying the NTLM credentials of a client user, related to a "credential reflection"...

CVE-2010-1420

Cross-site scripting (XSS) vulnerability in CFNetwork in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted text/plain...

CVE-2010-1886

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a process with NetworkService credentials, as demonstrated by TAPI Server, SQL Server, and IIS processes,....

CVE-2012-4337

Foxit Reader before 5.3 on Windows XP and Windows 7 allows remote attackers to execute arbitrary code via a PDF document with a crafted attachment that triggers calculation of a negative number during processing of cross...

CVE-2011-0244

WebKit in Apple Safari before 5.0.6 allows user-assisted remote attackers to read arbitrary files via vectors related to improper canonicalization of URLs within RSS...

CVE-2011-0217

Apple Safari before 5.0.6 provides AutoFill information to scripts that execute before HTML form submission, which allows remote attackers to obtain Address Book information via a crafted form, as demonstrated by a form that includes non-visible...

CVE-2011-0248

Stack-based buffer overflow in the QuickTime ActiveX control in Apple QuickTime before 7.7 on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTL...

CVE-2011-0214

CFNetwork in Apple Safari before 5.0.6 on Windows does not properly handle an untrusted attribute of a system root certificate, which allows remote web servers to bypass intended SSL restrictions via a certificate signed by a blacklisted certification...

CVE-2011-0219

Apple Safari before 5.0.6 allows remote attackers to bypass the Same Origin Policy, and modify the rendering of text from arbitrary web sites, via a Java applet that loads...

CVE-2011-4434

Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the...

CVE-2011-4695

Unspecified vulnerability in Microsoft Windows 7 SP1, when Java is installed, allows local users to bypass Internet Explorer sandbox restrictions and gain privileges via unknown vectors, as demonstrated by the White Phosphorus wp_ie_sandbox_escape module for Immunity CANVAS. NOTE: as of 20111207,.....

CVE-2011-1652

The default configuration of Microsoft Windows 7 immediately prefers a new IPv6 and DHCPv6 service over a currently used IPv4 and DHCPv4 service upon receipt of an IPv6 Router Advertisement (RA), and does not provide an option to ignore an unexpected RA, which allows remote attackers to conduct...

CVE-2011-1503

The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:///...

CVE-2011-1570

Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than...

CVE-2013-2553

Unspecified vulnerability in the kernel in Microsoft Windows 7 allows local users to gain privileges via unknown vectors, as demonstrated by Nils and Jon of MWR Labs during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than...

CVE-2013-2554

Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR and DEP protection mechanisms via unknown vectors, as demonstrated against Firefox by VUPEN during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than...

CVE-2013-3697

Integer overflow in the NWFS.SYS kernel driver 4.91.5.8 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003 and the NCPL.SYS kernel driver in Novell Client 2 SP2 on Windows Vista and Windows Server 2008 and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and...

CVE-2013-3876

DirectAccess in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly verify server X.509 certificates, which...

CVE-2022-37964

Windows Kernel Elevation of Privilege...

CVE-2022-38004

Windows Fax Service Remote Code Execution...

CVE-2022-37958

SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution...

CVE-2022-38005

Windows Print Spooler Elevation of Privilege...

CVE-2022-37969

Windows Common Log File System Driver Elevation of Privilege...

CVE-2022-38006

Windows Graphics Component Information Disclosure...

CVE-2022-35836

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution...

CVE-2022-35837

Windows Graphics Component Information Disclosure...

CVE-2022-35832

Windows Event Tracing Denial of Service...

CVE-2022-37956

Windows Kernel Elevation of Privilege...

CVE-2022-35833

Windows Secure Channel Denial of Service...

CVE-2022-37955

Windows Group Policy Elevation of Privilege...

CVE-2022-35835

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution...

CVE-2022-35840

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution...

CVE-2022-35834

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution...

CVE-2022-34733

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution...

CVE-2022-34720

Windows Internet Key Exchange (IKE) Extension Denial of Service...

CVE-2022-34731

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution...

CVE-2022-34734

Microsoft ODBC Driver Remote Code Execution...

CVE-2022-34730

Microsoft ODBC Driver Remote Code Execution...

CVE-2022-34727

Microsoft ODBC Driver Remote Code Execution...

CVE-2022-34726

Microsoft ODBC Driver Remote Code Execution...

CVE-2022-34729

Windows GDI Elevation of Privilege...

CVE-2022-35803

Windows Common Log File System Driver Elevation of Privilege...

CVE-2022-34722

Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution...

CVE-2022-34728

Windows Graphics Component Information Disclosure...

CVE-2022-34719

Windows Distributed File System (DFS) Elevation of Privilege...

CVE-2022-34732

Microsoft ODBC Driver Remote Code Execution...