Total
634 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-0054 | 1 Microsoft | 2 Exchange Server, Windows 2000 | 2024-11-20 | 7.5 HIGH | N/A |
SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials. | |||||
CVE-2002-0053 | 1 Microsoft | 6 Windows 2000, Windows 95, Windows 98 and 3 more | 2024-11-20 | 7.5 HIGH | N/A |
Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause a denial of service or execute arbitrary code via a malformed management request. NOTE: this candidate may be split or merged with other candidates. This and other PROTOS-related candidates, especially CVE-2002-0012 and CVE-2002-0013, will be updated when more accurate information is available. | |||||
CVE-2002-0051 | 1 Microsoft | 1 Windows 2000 | 2024-11-20 | 4.6 MEDIUM | 7.8 HIGH |
Windows 2000 allows local users to prevent the application of new group policy settings by opening Group Policy files with exclusive-read access. | |||||
CVE-2002-0034 | 1 Microsoft | 2 Windows 2000, Windows Xp | 2024-11-20 | 4.6 MEDIUM | N/A |
The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the conversion to produce a file system with less secure permissions than expected. | |||||
CVE-2002-0020 | 1 Microsoft | 2 Interix, Windows 2000 | 2024-11-20 | 7.5 HIGH | N/A |
Buffer overflow in telnet server in Windows 2000 and Interix 2.2 allows remote attackers to execute arbitrary code via malformed protocol options. | |||||
CVE-2002-0018 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2024-11-20 | 10.0 HIGH | N/A |
In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain. | |||||
CVE-2001-1560 | 1 Microsoft | 2 Windows 2000, Windows Xp | 2024-11-20 | 2.1 LOW | N/A |
Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 2000 and XP allows local users to cause a denial of service (system crash) by calling the ShowWindow function after receiving a WM_NCCREATE message. | |||||
CVE-2001-1519 | 1 Microsoft | 1 Windows 2000 | 2024-11-20 | 3.6 LOW | N/A |
RunAs (runas.exe) in Windows 2000 allows local users to create a spoofed named pipe when the service is stopped, then capture cleartext usernames and passwords when clients connect to the service. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it | |||||
CVE-2001-1518 | 1 Microsoft | 1 Windows 2000 | 2024-11-20 | 2.1 LOW | N/A |
RunAs (runas.exe) in Windows 2000 only creates one session instance at a time, which allows local users to cause a denial of service (RunAs hang) by creating a named pipe session with the authentication server without any request for service. NOTE: the vendor disputes this vulnerability, however the vendor also presents a scenario in which other users could be affected if running on a Terminal Server. Therefore this is a vulnerability. | |||||
CVE-2001-1517 | 1 Microsoft | 1 Windows 2000 | 2024-11-20 | 2.1 LOW | N/A |
RunAs (runas.exe) in Windows 2000 stores cleartext authentication information in memory, which could allow attackers to obtain usernames and passwords by executing a process that is allocated the same memory page after termination of a RunAs command. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it, and the original researcher did not respond to requests for additional information | |||||
CVE-2001-1515 | 1 Microsoft | 1 Windows 2000 | 2024-11-20 | 5.0 MEDIUM | 7.5 HIGH |
Macintosh clients, when using NT file system volumes on Windows 2000 SP1, create subdirectories and automatically modify the inherited NTFS permissions, which may cause the directories to have less restrictive permissions than intended. | |||||
CVE-2001-1452 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2024-11-20 | 5.0 MEDIUM | 7.5 HIGH |
By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS responses. | |||||
CVE-2001-1451 | 1 Microsoft | 1 Windows 2000 | 2024-11-20 | 5.0 MEDIUM | N/A |
Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for Microsoft Windows 2000 before SP3, when the Print Spooler is not running, allows remote attackers to cause a denial of service (memory consumption) via a large number of GET or GETNEXT requests. | |||||
CVE-2001-1347 | 1 Microsoft | 1 Windows 2000 | 2024-11-20 | 4.6 MEDIUM | N/A |
Windows 2000 allows local users to cause a denial of service and possibly gain privileges by setting a hardware breakpoint that is handled using global debug registers, which could cause other processes to terminate due to an exception, and allow hijacking of resources such as named pipes. | |||||
CVE-2001-1302 | 1 Microsoft | 1 Windows 2000 | 2024-11-20 | 2.1 LOW | N/A |
The change password option in the Windows Security interface for Windows 2000 allows attackers to use the option to attempt to change passwords of other users on other systems or identify valid accounts by monitoring error messages, possibly due to a problem in the NetuserChangePassword function. | |||||
CVE-2001-1288 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2024-11-20 | 2.1 LOW | N/A |
Windows 2000 and Windows NT allows local users to cause a denial of service (reboot) by executing a command at the command prompt and pressing the F7 and enter keys several times while the command is executing, possibly related to an exception handling error in csrss.exe. | |||||
CVE-2001-1244 | 7 Freebsd, Hp, Linux and 4 more | 9 Freebsd, Hp-ux, Vvos and 6 more | 2024-11-20 | 5.0 MEDIUM | N/A |
Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that amplify network traffic and consume more server CPU to process. | |||||
CVE-2001-1238 | 1 Microsoft | 1 Windows 2000 | 2024-11-20 | 4.6 MEDIUM | 7.8 HIGH |
Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters named (1) winlogon.exe, (2) csrss.exe, (3) smss.exe and (4) services.exe via the Process tab which could allow local users to install Trojan horses that cannot be stopped with the Task Manager. | |||||
CVE-2001-0951 | 1 Microsoft | 1 Windows 2000 | 2024-11-20 | 5.0 MEDIUM | N/A |
Windows 2000 allows remote attackers to cause a denial of service (CPU consumption) by flooding Internet Key Exchange (IKE) UDP port 500 with packets that contain a large number of dot characters. | |||||
CVE-2001-0879 | 1 Microsoft | 4 Sql Server, Windows 2000, Windows Nt and 1 more | 2024-11-20 | 5.0 MEDIUM | N/A |
Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service. |