Filtered by vendor Microsoft
Subscribe
Total
19770 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-0995 | 1 Microsoft | 1 Windows Nt | 2024-02-28 | 7.8 HIGH | N/A |
| Windows NT Local Security Authority (LSA) allows remote attackers to cause a denial of service via malformed arguments to the LsaLookupSids function which looks up the SID, aka "Malformed Security Identifier Request." | |||||
| CVE-2001-1055 | 1 Microsoft | 2 Windows 98, Windows 98se | 2024-02-28 | 5.0 MEDIUM | N/A |
| The Microsoft Windows network stack allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed ARP request packets with random source IP and MAC addresses, as demonstrated by ARPNuke. | |||||
| CVE-2002-0722 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 7.5 HIGH | N/A |
| Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to misrepresent the source of a file in the File Download dialogue box to trick users into thinking that the file type is safe to download, aka "File Origin Spoofing." | |||||
| CVE-2002-0649 | 1 Microsoft | 2 Data Engine, Sql Server | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption, as exploited by the Slammer/Sapphire worm. | |||||
| CVE-1999-0226 | 1 Microsoft | 1 Windows Nt | 2024-02-28 | 10.0 HIGH | N/A |
| Windows NT TCP/IP processes fragmented IP packets improperly, causing a denial of service. | |||||
| CVE-2003-0525 | 1 Microsoft | 1 Windows Nt | 2024-02-28 | 5.0 MEDIUM | N/A |
| The getCanonicalPath function in Windows NT 4.0 may free memory that it does not own and cause heap corruption, which allows attackers to cause a denial of service (crash) via requests that cause a long file name to be passed to getCanonicalPath, as demonstrated on the IBM JVM using a long string to the java.io.getCanonicalPath Java method. | |||||
| CVE-1999-0490 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 7.5 HIGH | N/A |
| MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to learn information about a local user's files via an IMG SRC tag. | |||||
| CVE-2002-0866 | 1 Microsoft | 1 Virtual Machine | 2024-02-28 | 7.5 HIGH | N/A |
| Java Database Connectivity (JDBC) classes in Microsoft Virtual Machine (VM) up to and including 5.0.3805 allow remote attackers to load and execute DLLs (dynamic link libraries) via a Java applet that calls the constructor for com.ms.jdbc.odbc.JdbcOdbc with the desired DLL terminated by a null string, aka "DLL Execution via JDBC Classes." | |||||
| CVE-2000-1089 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2024-02-28 | 10.0 HIGH | N/A |
| Buffer overflow in Microsoft Phone Book Service allows local users to execute arbitrary commands, aka the "Phone Book Service Buffer Overflow" vulnerability. | |||||
| CVE-1999-0227 | 1 Microsoft | 1 Windows Nt | 2024-02-28 | 5.0 MEDIUM | N/A |
| Access violation in LSASS.EXE (LSA/LSARPC) program in Windows NT allows a denial of service. | |||||
| CVE-1999-0348 | 1 Microsoft | 1 Internet Information Server | 2024-02-28 | 5.0 MEDIUM | N/A |
| IIS ASP caching problem releases sensitive information when two virtual servers share the same physical directory. | |||||
| CVE-2000-0439 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 2.6 LOW | N/A |
| Internet Explorer 4.0 and 5.0 allows a malicious web site to obtain client cookies from another domain by including that domain name and escaped characters in a URL, aka the "Unauthorized Cookie Access" vulnerability. | |||||
| CVE-2004-0866 | 4 Kde, Microsoft, Mozilla and 1 more | 5 Konqueror, Ie, Internet Explorer and 2 more | 2024-02-28 | 7.5 HIGH | N/A |
| Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. | |||||
| CVE-2002-0644 | 1 Microsoft | 2 Data Engine, Sql Server | 2024-02-28 | 7.5 HIGH | N/A |
| Buffer overflow in several Database Consistency Checkers (DBCCs) for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows members of the db_owner and db_ddladmin roles to execute arbitrary code. | |||||
| CVE-2000-0160 | 1 Microsoft | 3 Ie, Internet Explorer, Outlook | 2024-02-28 | 7.6 HIGH | N/A |
| The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components without prompting the user by stating that the software's manufacturer is Microsoft. | |||||
| CVE-2002-1872 | 1 Microsoft | 1 Sql Server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password. | |||||
| CVE-2002-1795 | 1 Microsoft | 1 Tsac Activex Control | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in connect.asp in Microsoft Terminal Services Advanced Client (TSAC) ActiveX control allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2001-0344 | 1 Microsoft | 1 Sql Server | 2024-02-28 | 7.2 HIGH | N/A |
| An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account. | |||||
| CVE-2002-0624 | 1 Microsoft | 2 Msde, Sql Server | 2024-02-28 | 7.5 HIGH | N/A |
| Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption Procedure." | |||||
| CVE-2002-1186 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-02-28 | 5.0 MEDIUM | N/A |
| Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters Information Disclosure." | |||||