Total
634 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-2328 | 1 Microsoft | 1 Windows 2000 | 2019-04-30 | 7.1 HIGH | N/A |
| Active Directory in Windows 2000, when supporting Kerberos V authentication and GSSAPI, allows remote attackers to cause a denial of service (hang) via an LDAP client that sets the page length to zero during a large request. | |||||
| CVE-2003-0496 | 1 Microsoft | 2 Windows 2000, Windows 2000 Terminal Services | 2019-04-30 | 7.2 HIGH | N/A |
| Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file. | |||||
| CVE-2000-0885 | 1 Microsoft | 3 Systems Management Server, Windows 2000, Windows Nt | 2019-04-30 | 7.5 HIGH | N/A |
| Buffer overflows in Microsoft Network Monitor (Netmon) allow remote attackers to execute arbitrary commands via a long Browser Name in a CIFS Browse Frame, a long SNMP community name, or a long username or filename in an SMB session, aka the "Netmon Protocol Parsing" vulnerability. NOTE: It is highly likely that this candidate will be split into multiple candidates. | |||||
| CVE-2001-0018 | 1 Microsoft | 1 Windows 2000 | 2019-04-30 | 5.0 MEDIUM | N/A |
| Windows 2000 domain controller in Windows 2000 Server, Advanced Server, or Datacenter Server allows remote attackers to cause a denial of service via a flood of malformed service requests. | |||||
| CVE-2007-3901 | 1 Microsoft | 5 Directx, Windows 2000, Windows 2003 Server and 2 more | 2019-04-30 | 8.5 HIGH | N/A |
| Stack-based buffer overflow in the DirectShow Synchronized Accessible Media Interchange (SAMI) parser in quartz.dll for Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted SAMI file. | |||||
| CVE-2002-1561 | 1 Microsoft | 4 Windows 2000, Windows 2000 Terminal Services, Windows Nt and 1 more | 2019-04-30 | 5.0 MEDIUM | N/A |
| The RPC component in Windows 2000, Windows NT 4.0, and Windows XP allows remote attackers to cause a denial of service (disabled RPC service) via a malformed packet to the RPC Endpoint Mapper at TCP port 135, which triggers a null pointer dereference. | |||||
| CVE-2002-0443 | 1 Microsoft | 1 Windows 2000 | 2019-04-30 | 4.6 MEDIUM | N/A |
| Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords. | |||||
| CVE-2000-1227 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2019-04-30 | 5.0 MEDIUM | N/A |
| Windows NT 4.0 and Windows 2000 hosts allow remote attackers to cause a denial of service (unavailable connections) by sending multiple SMB SMBnegprots requests but not reading the response that is sent back. | |||||
| CVE-2001-0341 | 1 Microsoft | 3 Frontpage Server Extensions, Windows 2000, Windows Nt | 2019-04-30 | 7.5 HIGH | N/A |
| Buffer overflow in Microsoft Visual Studio RAD Support sub-component of FrontPage Server Extensions allows remote attackers to execute arbitrary commands via a long registration request (URL) to fp30reg.dll. | |||||
| CVE-2001-0147 | 1 Microsoft | 1 Windows 2000 | 2019-04-30 | 10.0 HIGH | N/A |
| Buffer overflow in Windows 2000 event viewer snap-in allows attackers to execute arbitrary commands via a malformed field that is improperly handled during the detailed view of event records. | |||||
| CVE-2001-0048 | 1 Microsoft | 1 Windows 2000 | 2019-04-30 | 7.2 HIGH | N/A |
| The "Configure Your Server" tool in Microsoft 2000 domain controllers installs a blank password for the Directory Service Restore Mode, which allows attackers with physical access to the controller to install malicious programs, aka the "Directory Service Restore Mode Password" vulnerability. | |||||
| CVE-2002-1257 | 1 Microsoft | 8 Windows 2000, Windows 2000 Terminal Services, Windows 95 and 5 more | 2019-04-30 | 10.0 HIGH | N/A |
| Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to execute arbitrary code by including a Java applet that invokes COM (Component Object Model) objects in a web site or an HTML mail. | |||||
| CVE-2002-0864 | 1 Microsoft | 4 .net Windows Server, Windows 2000, Windows 2000 Terminal Services and 1 more | 2019-04-30 | 5.0 MEDIUM | N/A |
| The Remote Data Protocol (RDP) version 5.1 in Microsoft Windows XP allows remote attackers to cause a denial of service (crash) when Remote Desktop is enabled via a PDU Confirm Active data packet that does not set the Pattern BLT command, aka "Denial of Service in Remote Desktop." | |||||
| CVE-2005-1982 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2019-04-30 | 3.6 LOW | N/A |
| Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used. | |||||
| CVE-2003-0350 | 1 Microsoft | 1 Windows 2000 | 2019-04-30 | 4.6 MEDIUM | N/A |
| The control for listing accessibility options in the Accessibility Utility Manager on Windows 2000 (ListView) does not properly handle Windows messages, which allows local users to execute arbitrary code via a "Shatter" style message to the Utility Manager that references a user-controlled callback function. | |||||
| CVE-2001-1560 | 1 Microsoft | 2 Windows 2000, Windows Xp | 2019-04-30 | 2.1 LOW | N/A |
| Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 2000 and XP allows local users to cause a denial of service (system crash) by calling the ShowWindow function after receiving a WM_NCCREATE message. | |||||
| CVE-2001-0237 | 1 Microsoft | 1 Windows 2000 | 2019-04-30 | 5.0 MEDIUM | N/A |
| Memory leak in Microsoft 2000 domain controller allows remote attackers to cause a denial of service by repeatedly connecting to the Kerberos service and then disconnecting without sending any data. | |||||
| CVE-2004-1319 | 2 Microsoft, Nortel | 9 Windows 2000, Windows 2003 Server, Windows 98 and 6 more | 2019-04-30 | 5.0 MEDIUM | N/A |
| The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180. | |||||
| CVE-2001-0879 | 1 Microsoft | 4 Sql Server, Windows 2000, Windows Nt and 1 more | 2019-04-30 | 5.0 MEDIUM | N/A |
| Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service. | |||||
| CVE-2001-1518 | 1 Microsoft | 1 Windows 2000 | 2019-04-30 | 2.1 LOW | N/A |
| RunAs (runas.exe) in Windows 2000 only creates one session instance at a time, which allows local users to cause a denial of service (RunAs hang) by creating a named pipe session with the authentication server without any request for service. NOTE: the vendor disputes this vulnerability, however the vendor also presents a scenario in which other users could be affected if running on a Terminal Server. Therefore this is a vulnerability. | |||||