Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Filtered by product Windows Xp
Total 1351 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2001-1571 1 Microsoft 1 Windows Xp 2024-11-20 5.0 MEDIUM N/A
The Remote Desktop client in Windows XP sends the most recent user account name in cleartext, which could allow remote attackers to obtain terminal server user account names via sniffing.
CVE-2001-1570 1 Microsoft 1 Windows Xp 2024-11-20 2.1 LOW N/A
Windows XP with fast user switching and account lockout enabled allows local users to deny user account access by setting the fast user switch to the same user (self) multiple times, which causes other accounts to be locked out.
CVE-2001-1560 1 Microsoft 2 Windows 2000, Windows Xp 2024-11-20 2.1 LOW N/A
Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 2000 and XP allows local users to cause a denial of service (system crash) by calling the ShowWindow function after receiving a WM_NCCREATE message.
CVE-2001-1200 1 Microsoft 1 Windows Xp 2024-11-20 7.2 HIGH N/A
Microsoft Windows XP allows local users to bypass a locked screen and run certain programs that are associated with Hot Keys.
CVE-2001-0909 1 Microsoft 1 Windows Xp 2024-11-20 7.5 HIGH N/A
Buffer overflow in helpctr.exe program in Microsoft Help Center for Windows XP allows remote attackers to execute arbitrary code via a long hcp: URL.
CVE-2001-0879 1 Microsoft 4 Sql Server, Windows 2000, Windows Nt and 1 more 2024-11-20 5.0 MEDIUM N/A
Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service.
CVE-2001-0877 1 Microsoft 4 Windows 98, Windows 98se, Windows Me and 1 more 2024-11-20 5.0 MEDIUM N/A
Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service via (1) a spoofed SSDP advertisement that causes the client to connect to a service on another machine that generates a large amount of traffic (e.g., chargen), or (2) via a spoofed SSDP announcement to broadcast or multicast addresses, which could cause all UPnP clients to send traffic to a single target system.
CVE-2001-0876 1 Microsoft 4 Windows 98, Windows 98se, Windows Me and 1 more 2024-11-20 7.5 HIGH N/A
Buffer overflow in Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to execute arbitrary code via a NOTIFY directive with a long Location URL.
CVE-2001-0860 1 Microsoft 2 Windows 2000, Windows Xp 2024-11-20 7.5 HIGH N/A
Terminal Services Manager MMC in Windows 2000 and XP trusts the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through a Network Address Translation (NAT).
CVE-2001-0721 1 Microsoft 4 Windows 98, Windows 98se, Windows Me and 1 more 2024-11-20 5.0 MEDIUM N/A
Universal Plug and Play (UPnP) in Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service (memory consumption or crash) via a malformed UPnP request.
CVE-2000-1218 1 Microsoft 5 Windows 2000, Windows 98, Windows 98se and 2 more 2024-11-20 7.5 HIGH 9.8 CRITICAL
The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache.