Total
634 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0224 | 1 Microsoft | 3 Internet Information Services, Sql Server, Windows 2000 | 2023-12-10 | 5.0 MEDIUM | N/A |
| The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input. | |||||
| CVE-1999-0391 | 1 Microsoft | 3 Terminal Server, Windows 2000, Windows Nt | 2023-12-10 | 7.5 HIGH | N/A |
| The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user. | |||||
| CVE-2002-1700 | 2 Macromedia, Microsoft | 3 Coldfusion, Internet Information Services, Windows 2000 | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message. | |||||
| CVE-2001-0504 | 1 Microsoft | 1 Windows 2000 | 2023-12-10 | 7.5 HIGH | N/A |
| Vulnerability in authentication process for SMTP service in Microsoft Windows 2000 allows remote attackers to use incorrect credentials to gain privileges and conduct activities such as mail relaying. | |||||
| CVE-2001-1451 | 1 Microsoft | 1 Windows 2000 | 2023-12-10 | 5.0 MEDIUM | N/A |
| Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for Microsoft Windows 2000 before SP3, when the Print Spooler is not running, allows remote attackers to cause a denial of service (memory consumption) via a large number of GET or GETNEXT requests. | |||||
| CVE-2004-1319 | 2 Microsoft, Nortel | 9 Windows 2000, Windows 2003 Server, Windows 98 and 6 more | 2023-12-10 | 5.0 MEDIUM | N/A |
| The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180. | |||||
| CVE-2000-0933 | 1 Microsoft | 1 Windows 2000 | 2023-12-10 | 4.6 MEDIUM | N/A |
| The Input Method Editor (IME) in the Simplified Chinese version of Windows 2000 does not disable access to privileged functionality that should normally be restricted, which allows local users to gain privileges, aka the "Simplified Chinese IME State Recognition" vulnerability. | |||||
| CVE-2003-1106 | 1 Microsoft | 1 Windows 2000 | 2023-12-10 | 5.0 MEDIUM | N/A |
| The SMTP service in Microsoft Windows 2000 before SP4 allows remote attackers to cause a denial of service (crash or hang) via an e-mail message with a malformed time stamp in the FILETIME attribute. | |||||
| CVE-2001-1560 | 1 Microsoft | 2 Windows 2000, Windows Xp | 2023-12-10 | 2.1 LOW | N/A |
| Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 2000 and XP allows local users to cause a denial of service (system crash) by calling the ShowWindow function after receiving a WM_NCCREATE message. | |||||
| CVE-2002-0863 | 1 Microsoft | 5 .net Windows Server, Windows 2000, Windows 2000 Terminal Services and 2 more | 2023-12-10 | 5.0 MEDIUM | N/A |
| Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol." | |||||
| CVE-1999-0875 | 2 Microsoft, Sun | 5 Windows 2000, Windows 95, Windows 98se and 2 more | 2023-12-10 | 7.5 HIGH | N/A |
| DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow remote attackers to modify their default routes. | |||||
| CVE-1999-1358 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2023-12-10 | 4.6 MEDIUM | N/A |
| When an administrator in Windows NT or Windows 2000 changes a user policy, the policy is not properly updated if the local ntconfig.pol is not writable by the user, which could allow local users to bypass restrictions that would otherwise be enforced by the policy, possibly by changing the policy file to be read-only. | |||||
| CVE-2003-0910 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2023-12-10 | 7.2 HIGH | N/A |
| The NtSetLdtEntries function in the programming interface for the Local Descriptor Table (LDT) in Windows NT 4.0 and Windows 2000 allows local attackers to gain access to kernel memory and execute arbitrary code via an expand-down data segment descriptor descriptor that points to protected memory. | |||||
| CVE-2001-1244 | 7 Freebsd, Hp, Linux and 4 more | 9 Freebsd, Hp-ux, Vvos and 6 more | 2023-12-10 | 5.0 MEDIUM | N/A |
| Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that amplify network traffic and consume more server CPU to process. | |||||
| CVE-1999-0721 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2023-12-10 | 7.8 HIGH | N/A |
| Denial of service in Windows NT Local Security Authority (LSA) through a malformed LSA request. | |||||
| CVE-2002-1184 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2023-12-10 | 4.6 MEDIUM | N/A |
| The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs. | |||||
| CVE-2002-0151 | 1 Microsoft | 3 Windows 2000, Windows Nt, Windows Xp | 2023-12-10 | 7.2 HIGH | N/A |
| Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request. | |||||
| CVE-1999-0612 | 2 Gnu, Microsoft | 4 Finger Service, Fingerd, Windows 2000 and 1 more | 2023-12-10 | N/A | N/A |
| A version of finger is running that exposes valid user information to any entity on the network. | |||||
| CVE-2002-0694 | 1 Microsoft | 7 Windows 2000, Windows 2000 Terminal Services, Windows 98 and 4 more | 2023-12-10 | 7.5 HIGH | N/A |
| The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File." | |||||
| CVE-2002-1260 | 1 Microsoft | 8 Windows 2000, Windows 2000 Terminal Services, Windows 95 and 5 more | 2023-12-10 | 7.5 HIGH | N/A |
| The Java Database Connectivity (JDBC) APIs in Microsoft Virtual Machine (VM) 5.0.3805 and earlier allow remote attackers to bypass security checks and access database contents via an untrusted Java applet. | |||||