Filtered by vendor Microsoft
Subscribe
Total
19518 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-1999-0104 | 4 Caldera, Hp, Microsoft and 1 more | 5 Openlinux, Hp-ux, Windows 95 and 2 more | 2024-02-28 | 5.0 MEDIUM | N/A |
A later variation on the Teardrop IP denial of service attack, a.k.a. Teardrop-2. | |||||
CVE-1999-0578 | 1 Microsoft | 1 Windows Nt | 2024-02-28 | 4.6 MEDIUM | N/A |
A Windows NT system's registry audit policy does not log an event success or failure for security-critical registry keys. | |||||
CVE-2000-1105 | 1 Microsoft | 1 Indexing Service | 2024-02-28 | 4.3 MEDIUM | N/A |
The ixsso.query ActiveX Object is marked as safe for scripting, which allows malicious web site operators to embed a script that remotely determines the existence of files on visiting Windows 2000 systems that have Indexing Services enabled. | |||||
CVE-2001-0341 | 1 Microsoft | 3 Frontpage Server Extensions, Windows 2000, Windows Nt | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in Microsoft Visual Studio RAD Support sub-component of FrontPage Server Extensions allows remote attackers to execute arbitrary commands via a long registration request (URL) to fp30reg.dll. | |||||
CVE-2002-0861 | 1 Microsoft | 2 Office Web Components, Project | 2024-02-28 | 7.5 HIGH | N/A |
Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to bypass the "Allow paste operations via script" setting, even when it is disabled, via the (1) Copy method of the Cell object or (2) the Paste method of the Range object. | |||||
CVE-2002-0862 | 2 Apple, Microsoft | 10 Macos, Internet Explorer, Office and 7 more | 2024-02-28 | 6.8 MEDIUM | N/A |
The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS. | |||||
CVE-2002-0154 | 1 Microsoft | 1 Sql Server | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments. | |||||
CVE-2000-0132 | 1 Microsoft | 1 Virtual Machine | 2024-02-28 | 2.6 LOW | N/A |
Microsoft Java Virtual Machine allows remote attackers to read files via the getSystemResourceAsStream function. | |||||
CVE-2001-0501 | 1 Microsoft | 1 Word | 2024-02-28 | 4.6 MEDIUM | N/A |
Microsoft Word 2002 and earlier allows attackers to automatically execute macros without warning the user by embedding the macros in a manner that escapes detection by the security scanner. | |||||
CVE-2002-1790 | 1 Microsoft | 3 Exchange Server, Internet Information Server, Internet Information Services | 2024-02-28 | 5.0 MEDIUM | N/A |
The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682. | |||||
CVE-2002-0077 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 7.5 HIGH | N/A |
Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked on an HTML page with the codebase property as part of Local Computer zone, which allows remote attackers to invoke executables present on the local system through objects such as the popup object, aka the "Local Executable Invocation via Object tag" vulnerability. | |||||
CVE-1999-1043 | 1 Microsoft | 1 Exchange Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Microsoft Exchange Server 5.5 and 5.0 does not properly handle (1) malformed NNTP data, or (2) malformed SMTP data, which allows remote attackers to cause a denial of service (application error). | |||||
CVE-2001-0505 | 1 Microsoft | 1 Services | 2024-02-28 | 5.0 MEDIUM | N/A |
Multiple memory leaks in Microsoft Services for Unix 2.0 allow remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed requests to (1) the Telnet service, or (2) the NFS service. | |||||
CVE-1999-0376 | 1 Microsoft | 1 Windows Nt | 2024-02-28 | 4.6 MEDIUM | N/A |
Local users in Windows NT can obtain administrator privileges by changing the KnownDLLs list to reference malicious programs. | |||||
CVE-2000-0277 | 1 Microsoft | 1 Excel | 2024-02-28 | 7.2 HIGH | N/A |
Microsoft Excel 97 and 2000 does not warn the user when executing Excel Macro Language (XLM) macros in external text files, which could allow an attacker to execute a macro virus, aka the "XLM Text Macro" vulnerability. | |||||
CVE-1999-0016 | 6 Cisco, Gnu, Hp and 3 more | 8 Ios, Inet, Hp-ux and 5 more | 2024-02-28 | 5.0 MEDIUM | N/A |
Land IP denial of service. | |||||
CVE-1999-1105 | 1 Microsoft | 1 Windows 95 | 2024-02-28 | 5.0 MEDIUM | N/A |
Windows 95, when Remote Administration and File Sharing for NetWare Networks is enabled, creates a share (C$) when an administrator logs in remotely, which allows remote attackers to read arbitrary files by mapping the network drive. | |||||
CVE-2002-0979 | 1 Microsoft | 1 Virtual Machine | 2024-02-28 | 7.5 HIGH | N/A |
The Java logging feature for the Java Virtual Machine in Internet Explorer writes output from functions such as System.out.println to a known pathname, which can be used to execute arbitrary code. | |||||
CVE-2002-0978 | 1 Microsoft | 1 File Transfer Manager | 2024-02-28 | 5.0 MEDIUM | N/A |
Microsoft File Transfer Manager (FTM) ActiveX control before 4.0 allows remote attackers to upload or download arbitrary files to arbitrary locations via a man-in-the-middle attack with modified TGT and TGN parameters in a call to the "Persist" function. | |||||
CVE-2000-0830 | 1 Microsoft | 1 Webtv | 2024-02-28 | 5.0 MEDIUM | N/A |
annclist.exe in webTV for Windows allows remote attackers to cause a denial of service by via a large, malformed UDP packet to ports 22701 through 22705. |