Total
632 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-2252 | 1 Microsoft | 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more | 2019-10-09 | 7.2 HIGH | N/A |
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability." | |||||
CVE-2002-0864 | 1 Microsoft | 4 .net Windows Server, Windows 2000, Windows 2000 Terminal Services and 1 more | 2019-04-30 | 5.0 MEDIUM | N/A |
The Remote Data Protocol (RDP) version 5.1 in Microsoft Windows XP allows remote attackers to cause a denial of service (crash) when Remote Desktop is enabled via a PDU Confirm Active data packet that does not set the Pattern BLT command, aka "Denial of Service in Remote Desktop." | |||||
CVE-2003-0715 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2019-04-30 | 10.0 HIGH | N/A |
Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528. | |||||
CVE-2002-0863 | 1 Microsoft | 5 .net Windows Server, Windows 2000, Windows 2000 Terminal Services and 2 more | 2019-04-30 | 5.0 MEDIUM | N/A |
Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol." | |||||
CVE-2002-2328 | 1 Microsoft | 1 Windows 2000 | 2019-04-30 | 7.1 HIGH | N/A |
Active Directory in Windows 2000, when supporting Kerberos V authentication and GSSAPI, allows remote attackers to cause a denial of service (hang) via an LDAP client that sets the page length to zero during a large request. | |||||
CVE-2003-0717 | 1 Microsoft | 5 Windows 2000, Windows 2003 Server, Windows Me and 2 more | 2019-04-30 | 7.5 HIGH | N/A |
The Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute arbitrary code via a buffer overflow attack. | |||||
CVE-2002-0224 | 1 Microsoft | 3 Internet Information Services, Sql Server, Windows 2000 | 2019-04-30 | 5.0 MEDIUM | N/A |
The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input. | |||||
CVE-2001-1517 | 1 Microsoft | 1 Windows 2000 | 2019-04-30 | 2.1 LOW | N/A |
** DISPUTED ** RunAs (runas.exe) in Windows 2000 stores cleartext authentication information in memory, which could allow attackers to obtain usernames and passwords by executing a process that is allocated the same memory page after termination of a RunAs command. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it, and the original researcher did not respond to requests for additional information. | |||||
CVE-2002-2077 | 1 Microsoft | 1 Windows 2000 | 2019-04-30 | 5.0 MEDIUM | N/A |
The DCOM client in Windows 2000 before SP3 does not properly clear memory before sending an "alter context" request, which may allow remote attackers to obtain sensitive information by sniffing the session. | |||||
CVE-2001-1515 | 1 Microsoft | 1 Windows 2000 | 2019-04-30 | 5.0 MEDIUM | N/A |
Macintosh clients, when using NT file system volumes on Windows 2000 SP1, create subdirectories and automatically modify the inherited NTFS permissions, which may cause the directories to have less restrictive permissions than intended. | |||||
CVE-2001-1451 | 1 Microsoft | 1 Windows 2000 | 2019-04-30 | 5.0 MEDIUM | N/A |
Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for Microsoft Windows 2000 before SP3, when the Print Spooler is not running, allows remote attackers to cause a denial of service (memory consumption) via a large number of GET or GETNEXT requests. | |||||
CVE-2000-1227 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2019-04-30 | 5.0 MEDIUM | N/A |
Windows NT 4.0 and Windows 2000 hosts allow remote attackers to cause a denial of service (unavailable connections) by sending multiple SMB SMBnegprots requests but not reading the response that is sent back. | |||||
CVE-2001-1452 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2019-04-30 | 5.0 MEDIUM | N/A |
By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS responses. | |||||
CVE-2001-1347 | 1 Microsoft | 1 Windows 2000 | 2019-04-30 | 4.6 MEDIUM | N/A |
Windows 2000 allows local users to cause a denial of service and possibly gain privileges by setting a hardware breakpoint that is handled using global debug registers, which could cause other processes to terminate due to an exception, and allow hijacking of resources such as named pipes. | |||||
CVE-2002-2401 | 1 Microsoft | 3 Windows 2000, Windows Nt, Windows Xp | 2019-04-30 | 3.6 LOW | N/A |
NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP does not verify user execution permissions for 16-bit executable files, which allows local users to bypass the loader and execute arbitrary programs. | |||||
CVE-2001-1518 | 1 Microsoft | 1 Windows 2000 | 2019-04-30 | 2.1 LOW | N/A |
RunAs (runas.exe) in Windows 2000 only creates one session instance at a time, which allows local users to cause a denial of service (RunAs hang) by creating a named pipe session with the authentication server without any request for service. NOTE: the vendor disputes this vulnerability, however the vendor also presents a scenario in which other users could be affected if running on a Terminal Server. Therefore this is a vulnerability. | |||||
CVE-2001-1560 | 1 Microsoft | 2 Windows 2000, Windows Xp | 2019-04-30 | 2.1 LOW | N/A |
Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 2000 and XP allows local users to cause a denial of service (system crash) by calling the ShowWindow function after receiving a WM_NCCREATE message. | |||||
CVE-2002-0151 | 1 Microsoft | 3 Windows 2000, Windows Nt, Windows Xp | 2019-04-30 | 7.2 HIGH | N/A |
Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request. | |||||
CVE-2003-0812 | 1 Microsoft | 2 Windows 2000, Windows Xp | 2019-04-30 | 7.5 HIGH | N/A |
Stack-based buffer overflow in a logging function for Windows Workstation Service (WKSSVC.DLL) allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file ("NetSetup.LOG"), as demonstrated using the NetAddAlternateComputerName API. | |||||
CVE-2005-0047 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2019-04-30 | 7.2 HIGH | N/A |
Windows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to execute arbitrary code, aka the "COM Structured Storage Vulnerability." |