Total
98 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-0533 | 1 Microsoft | 7 Netmeeting, Windows 2000, Windows 2003 Server and 4 more | 2018-10-12 | 7.5 HIGH | N/A |
Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm. | |||||
CVE-2002-1183 | 1 Microsoft | 3 Windows 98, Windows 98se, Windows Nt | 2018-10-12 | 7.5 HIGH | N/A |
Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote attackers to execute code, aka "New Variant of Certificate Validation Flaw Could Enable Identity Spoofing" (CAN-2002-0862). | |||||
CVE-2002-0070 | 1 Microsoft | 4 Windows 2000, Windows 98, Windows 98se and 1 more | 2018-10-12 | 7.6 HIGH | N/A |
Buffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled. | |||||
CVE-2002-0699 | 1 Microsoft | 6 Windows 2000, Windows 98, Windows 98se and 3 more | 2018-10-12 | 5.0 MEDIUM | N/A |
Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML. | |||||
CVE-2001-0877 | 1 Microsoft | 4 Windows 98, Windows 98se, Windows Me and 1 more | 2018-10-12 | 5.0 MEDIUM | N/A |
Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service via (1) a spoofed SSDP advertisement that causes the client to connect to a service on another machine that generates a large amount of traffic (e.g., chargen), or (2) via a spoofed SSDP announcement to broadcast or multicast addresses, which could cause all UPnP clients to send traffic to a single target system. | |||||
CVE-2001-0876 | 1 Microsoft | 4 Windows 98, Windows 98se, Windows Me and 1 more | 2018-10-12 | 7.5 HIGH | N/A |
Buffer overflow in Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to execute arbitrary code via a NOTIFY directive with a long Location URL. | |||||
CVE-2001-0721 | 1 Microsoft | 4 Windows 98, Windows 98se, Windows Me and 1 more | 2018-10-12 | 5.0 MEDIUM | N/A |
Universal Plug and Play (UPnP) in Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service (memory consumption or crash) via a malformed UPnP request. | |||||
CVE-2002-0053 | 1 Microsoft | 6 Windows 2000, Windows 95, Windows 98 and 3 more | 2018-10-12 | 7.5 HIGH | N/A |
Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause a denial of service or execute arbitrary code via a malformed management request. NOTE: this candidate may be split or merged with other candidates. This and other PROTOS-related candidates, especially CVE-2002-0012 and CVE-2002-0013, will be updated when more accurate information is available. | |||||
CVE-2001-0238 | 1 Microsoft | 6 Windows 2000, Windows 95, Windows 98 and 3 more | 2018-10-12 | 7.5 HIGH | N/A |
Microsoft Data Access Component Internet Publishing Provider 8.103.2519.0 and earlier allows remote attackers to bypass Security Zone restrictions via WebDAV requests. | |||||
CVE-2000-1039 | 1 Microsoft | 5 Windows 95, Windows 98, Windows 98se and 2 more | 2018-10-12 | 5.0 MEDIUM | N/A |
Various TCP/IP stacks and network applications allow remote attackers to cause a denial of service by flooding a target host with TCP connection attempts and completing the TCP/IP handshake without maintaining the connection state on the attacker host, aka the "NAPTHA" class of vulnerabilities. NOTE: this candidate may change significantly as the security community discusses the technical nature of NAPTHA and learns more about the affected applications. This candidate is at a higher level of abstraction than is typical for CVE. | |||||
CVE-1999-0387 | 1 Microsoft | 2 Windows 95, Windows 98 | 2018-10-12 | 7.8 HIGH | N/A |
A legacy credential caching mechanism used in Windows 95 and Windows 98 systems allows attackers to read plaintext network passwords. | |||||
CVE-2000-0980 | 1 Microsoft | 4 Windows 95, Windows 98, Windows 98se and 1 more | 2018-10-12 | 5.0 MEDIUM | N/A |
NMPI (Name Management Protocol on IPX) listener in Microsoft NWLink does not properly filter packets from a broadcast address, which allows remote attackers to cause a broadcast storm and flood the network. | |||||
CVE-2000-0979 | 1 Microsoft | 4 Windows 95, Windows 98, Windows 98se and 1 more | 2018-10-12 | 6.4 MEDIUM | N/A |
File and Print Sharing service in Windows 95, Windows 98, and Windows Me does not properly check the password for a file share, which allows remote attackers to bypass share access controls by sending a 1-byte password that matches the first character of the real password, aka the "Share Level Password" vulnerability. | |||||
CVE-2000-0742 | 1 Microsoft | 2 Windows 95, Windows 98 | 2018-10-12 | 5.0 MEDIUM | N/A |
The IPX protocol implementation in Microsoft Windows 95 and 98 allows remote attackers to cause a denial of service by sending a ping packet with a source IP address that is a broadcast address, aka the "Malformed IPX Ping Packet" vulnerability. | |||||
CVE-2000-0404 | 1 Microsoft | 5 Terminal Server, Windows 2000, Windows 95 and 2 more | 2018-10-12 | 5.0 MEDIUM | N/A |
The CIFS Computer Browser service allows remote attackers to cause a denial of service by sending a ResetBrowser frame to the Master Browser, aka the "ResetBrowser Frame" vulnerability. | |||||
CVE-2000-0330 | 1 Microsoft | 2 Windows 95, Windows 98 | 2018-10-12 | 7.6 HIGH | N/A |
The networking software in Windows 95 and Windows 98 allows remote attackers to execute commands via a long file name string, aka the "File Access URL" vulnerability. | |||||
CVE-2000-0305 | 2 Be, Microsoft | 6 Beos, Terminal Server, Windows 2000 and 3 more | 2018-10-12 | 7.8 HIGH | N/A |
Windows 95, Windows 98, Windows 2000, Windows NT 4.0, and Terminal Server systems allow a remote attacker to cause a denial of service by sending a large number of identical fragmented IP packets, aka jolt2 or the "IP Fragment Reassembly" vulnerability. | |||||
CVE-2000-0073 | 1 Microsoft | 3 Windows 2000, Windows 98, Windows Nt | 2018-10-12 | 5.0 MEDIUM | N/A |
Buffer overflow in Microsoft Rich Text Format (RTF) reader allows attackers to cause a denial of service via a malformed control word. | |||||
CVE-1999-0918 | 1 Microsoft | 4 Windows 2000, Windows 95, Windows 98 and 1 more | 2018-10-12 | 7.8 HIGH | N/A |
Denial of service in various Windows systems via malformed, fragmented IGMP packets. | |||||
CVE-1999-0749 | 1 Microsoft | 2 Windows 95, Windows 98 | 2018-10-12 | 2.6 LOW | N/A |
Buffer overflow in Microsoft Telnet client in Windows 95 and Windows 98 via a malformed Telnet argument. |