Export limit exceeded: 18983 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (18983 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-0692 1 Microsoft 3 Frontpage Server Extensions, Windows 2000, Windows Xp 2026-04-16 N/A
Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to cause a denial of service (CPU consumption) or run arbitrary code, respectively, via a certain type of web file request.
CVE-2001-1244 7 Freebsd, Hp, Linux and 4 more 9 Freebsd, Hp-ux, Vvos and 6 more 2026-04-16 N/A
Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that amplify network traffic and consume more server CPU to process.
CVE-2005-3059 3 Linux, Microsoft, Opera 3 Linux Kernel, Windows, Opera Browser 2026-04-16 N/A
Multiple unspecified vulnerabilities in Opera 8.50 on Linux and Windows have unknown impact and attack vectors, related to (1) " handling of must-revalidate cache directive for HTTPS pages" or (2) a "display issue with cookie comment encoding."
CVE-2005-3168 1 Microsoft 1 Windows 2000 2026-04-16 N/A
The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 for SP4, when using a security template to set Access Control Lists (ACLs) on folders, does not apply ACLs on folders that are listed after a long folder entry, which could result in less secure permissions than specified by the template.
CVE-2005-3169 1 Microsoft 1 Windows 2000 2026-04-16 N/A
Microsoft Windows 2000 before Update Rollup 1 for SP4, when the "audit directory service access" policy is enabled, does not record a 565 event message for File Delete Child operations on an Active Directory object in the security event log, which could allow attackers to conduct unauthorized activities without detection.
CVE-2005-3173 1 Microsoft 1 Windows 2000 2026-04-16 N/A
Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions.
CVE-2005-3174 1 Microsoft 1 Windows 2000 2026-04-16 N/A
Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long.
CVE-2005-3175 1 Microsoft 1 Windows 2000 2026-04-16 N/A
Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local administrator to unlock a computer even if it has been locked by a domain administrator, which allows the local administrator to access the session as the domain administrator.
CVE-2005-3176 1 Microsoft 1 Windows 2000 2026-04-16 N/A
Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record the IP address of a Windows Terminal Services client in a security log event if the client connects successfully, which could make it easier for attackers to escape detection.
CVE-2005-3483 2 Graphon, Microsoft 2 Go-global, Windows 2026-04-16 N/A
Buffer overflow in GO-Global for Windows 3.1.0.3270 and earlier allows remote attackers to execute arbitrary code via a data block that is longer than the specified data block size.
CVE-2000-0742 1 Microsoft 2 Windows 95, Windows 98 2026-04-16 N/A
The IPX protocol implementation in Microsoft Windows 95 and 98 allows remote attackers to cause a denial of service by sending a ping packet with a source IP address that is a broadcast address, aka the "Malformed IPX Ping Packet" vulnerability.
CVE-2005-3595 1 Microsoft 1 Windows Xp 2026-04-16 N/A
By default Microsoft Windows XP Home Edition installs with a blank password for the Administrator account, which allows remote attackers to gain control of the computer.
CVE-2001-0860 1 Microsoft 2 Windows 2000, Windows Xp 2026-04-16 N/A
Terminal Services Manager MMC in Windows 2000 and XP trusts the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through a Network Address Translation (NAT).
CVE-2005-4696 1 Microsoft 1 Windows Xp 2026-04-16 N/A
The Microsoft Wireless Zero Configuration system (WZCS) stores WEP keys and pair-wise Master Keys (PMK) of the WPA pre-shared key in plaintext in memory of the explorer process, which allows attackers with access to process memory to steal the keys and access the network.
CVE-2002-0444 1 Microsoft 1 Windows 2000 Terminal Services 2026-04-16 N/A
Microsoft Windows 2000 running the Terminal Server 90-day trial version, and possibly other versions, does not apply group policies to incoming users when the number of connections to the SYSVOL share exceeds the maximum, e.g. with a maximum number of licenses, which can allow remote authenticated users to bypass group policies.
CVE-2006-3899 1 Microsoft 2 Internet Explorer, Windows Xp 2026-04-16 N/A
Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the stringToBinary function of the CEnroll.CEnroll.2 ActiveX object with a long second argument, which triggers an invalid memory access inside the SysAllocStringLen function.
CVE-2006-0013 1 Microsoft 2 Windows 2003 Server, Windows Xp 2026-04-16 N/A
Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207.
CVE-2006-0010 1 Microsoft 7 Windows 2000, Windows 2003 Server, Windows 98 and 4 more 2026-04-16 N/A
Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.
CVE-2006-0023 1 Microsoft 1 Windows Xp 2026-04-16 N/A
Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit.
CVE-2001-0348 1 Microsoft 1 Windows 2000 2026-04-16 N/A
Microsoft Windows 2000 telnet service allows attackers to cause a denial of service (crash) via a long logon command that contains a backspace.