Total
286 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-1360 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 2.1 LOW | N/A |
| Windows NT 4.0 allows local users to cause a denial of service via a user mode application that closes a handle that was opened in kernel mode, which causes a crash when the kernel attempts to close the handle. | |||||
| CVE-1999-0909 | 1 Microsoft | 4 Terminal Server, Windows 95, Windows 98se and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
| Multihomed Windows systems allow a remote attacker to bypass IP source routing restrictions via a malformed packet with IP options, aka the "Spoofed Route Pointer" vulnerability. | |||||
| CVE-2002-1260 | 1 Microsoft | 8 Windows 2000, Windows 2000 Terminal Services, Windows 95 and 5 more | 2025-04-03 | 7.5 HIGH | N/A |
| The Java Database Connectivity (JDBC) APIs in Microsoft Virtual Machine (VM) 5.0.3805 and earlier allow remote attackers to bypass security checks and access database contents via an untrusted Java applet. | |||||
| CVE-1999-0723 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2025-04-03 | 7.1 HIGH | N/A |
| The Windows NT Client Server Runtime Subsystem (CSRSS) can be subjected to a denial of service when all worker threads are waiting for user input. | |||||
| CVE-2006-2379 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2025-04-03 | 9.3 HIGH | N/A |
| Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing. | |||||
| CVE-2001-0046 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2025-04-03 | 4.6 MEDIUM | N/A |
| The default permissions for the SNMP Parameters registry key in Windows NT 4.0 allows remote attackers to read and possibly modify the SNMP community strings to obtain sensitive information or modify network configuration, aka one of the "Registry Permissions" vulnerabilities. | |||||
| CVE-1999-0376 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 4.6 MEDIUM | N/A |
| Local users in Windows NT can obtain administrator privileges by changing the KnownDLLs list to reference malicious programs. | |||||
| CVE-2003-0711 | 1 Microsoft | 5 Windows 2000, Windows 2003 Server, Windows Me and 2 more | 2025-04-03 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the PCHealth system in the Help and Support Center function in Windows XP and Windows Server 2003 allows remote attackers to execute arbitrary code via a long query in an HCP URL. | |||||
| CVE-2004-0208 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2025-04-03 | 7.2 HIGH | N/A |
| The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions. | |||||
| CVE-1999-0227 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
| Access violation in LSASS.EXE (LSA/LSARPC) program in Windows NT allows a denial of service. | |||||
| CVE-2002-0421 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
| IIS 4.0 allows local users to bypass the "User cannot change password" policy for Windows NT by directly calling .htr password changing programs in the /iisadmpwd directory, including (1) aexp2.htr, (2) aexp2b.htr, (3) aexp3.htr , or (4) aexp4.htr. | |||||
| CVE-1999-1222 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
| Netbt.sys in Windows NT 4.0 allows remote malicious DNS servers to cause a denial of service (crash) by returning 0.0.0.0 as the IP address for a DNS host name lookup. | |||||
| CVE-2003-0533 | 1 Microsoft | 7 Netmeeting, Windows 2000, Windows 2003 Server and 4 more | 2025-04-03 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm. | |||||
| CVE-1999-0612 | 2 Gnu, Microsoft | 4 Finger Service, Fingerd, Windows 2000 and 1 more | 2025-04-03 | N/A | N/A |
| A version of finger is running that exposes valid user information to any entity on the network. | |||||
| CVE-1999-0179 | 1 Microsoft | 2 Windows 95, Windows Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
| Windows NT crashes or locks up when a Samba client executes a "cd .." command on a file share. | |||||
| CVE-2000-1089 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in Microsoft Phone Book Service allows local users to execute arbitrary commands, aka the "Phone Book Service Buffer Overflow" vulnerability. | |||||
| CVE-1999-0015 | 4 Hp, Microsoft, Netbsd and 1 more | 5 Hp-ux, Windows 95, Windows Nt and 2 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| Teardrop IP denial of service. | |||||
| CVE-1999-0119 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 10.0 HIGH | N/A |
| Windows NT 4.0 beta allows users to read and delete shares. | |||||
| CVE-2004-1080 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Nt | 2025-04-03 | 10.0 HIGH | N/A |
| The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability." | |||||
| CVE-2005-1935 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the BERDecBitString function in Microsoft ASN.1 library (MSASN1.DLL) allows remote attackers to execute arbitrary code via nested constructed bit strings, which leads to a realloc of a non-null pointer and causes the function to overwrite previously freed memory, as demonstrated using a SPNEGO token with a constructed bit string during HTTP authentication, and a different vulnerability than CVE-2003-0818. NOTE: the researcher has claimed that MS:MS04-007 fixes this issue. | |||||