Filtered by vendor Microsoft
Subscribe
Total
23518 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0001 | 4 Freebsd, Linux, Microsoft and 1 more | 5 Freebsd, Linux Kernel, Windows 2000 and 2 more | 2026-04-16 | 5.0 MEDIUM | N/A |
| Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak. | |||||
| CVE-2005-2089 | 1 Microsoft | 1 Internet Information Services | 2026-04-16 | 4.3 MEDIUM | N/A |
| Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes IIS to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | |||||
| CVE-2004-0597 | 2 Greg Roelofs, Microsoft | 6 Libpng, Msn Messenger, Windows 98se and 3 more | 2026-04-16 | 10.0 HIGH | N/A |
| Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking. | |||||
| CVE-1999-0987 | 1 Microsoft | 1 Windows Nt | 2026-04-16 | 10.0 HIGH | N/A |
| Windows NT does not properly download a system policy if the domain user logs into the domain with a space at the end of the domain name. | |||||
| CVE-1999-1474 | 1 Microsoft | 1 Powerpoint | 2026-04-16 | 7.5 HIGH | N/A |
| PowerPoint 95 and 97 allows remote attackers to cause an application to be run automatically without prompting the user, possibly through the slide show, when the document is opened in browsers such as Internet Explorer. | |||||
| CVE-2002-1714 | 1 Microsoft | 2 Ie, Internet Explorer | 2026-04-16 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to cause a denial of service (crash) via an object of type "text/html" with the DATA field that identifies the HTML document that contains the object, which may cause infinite recursion. | |||||
| CVE-2000-0790 | 1 Microsoft | 3 Windows 2000, Windows 98, Windows 98se | 2026-04-16 | 4.6 MEDIUM | N/A |
| The web-based folder display capability in Microsoft Internet Explorer 5.5 on Windows 98 allows local users to insert Trojan horse programs by modifying the Folder.htt file and using the InvokeVerb method in the ShellDefView ActiveX control to specify a default execute option for the first file that is listed in the folder. | |||||
| CVE-1999-1094 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | 7.5 HIGH | N/A |
| Buffer overflow in Internet Explorer 4.01 and earlier allows remote attackers to execute arbitrary commands via a long URL with the "mk:" protocol, aka the "MK Overrun security issue." | |||||
| CVE-2006-1302 | 1 Microsoft | 2 Excel, Excel Viewer | 2026-04-16 | 9.3 HIGH | N/A |
| Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with certain crafted fields in a SELECTION record, which triggers memory corruption, aka "Malformed SELECTION record Vulnerability." | |||||
| CVE-2002-1745 | 1 Microsoft | 1 Internet Information Services | 2026-04-16 | 5.0 MEDIUM | 7.5 HIGH |
| Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5.0 allows remote attackers to view the source code for files with extensions containing with one additional character after .html, .htm, .asp, or .inc, such as .aspx files. | |||||
| CVE-2002-1143 | 1 Microsoft | 2 Excel, Word | 2026-04-16 | 5.0 MEDIUM | N/A |
| Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka "Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure." | |||||
| CVE-2006-2218 | 1 Microsoft | 2 Internet Explorer, Windows Xp | 2026-04-16 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992. | |||||
| CVE-2001-0147 | 1 Microsoft | 1 Windows 2000 | 2026-04-16 | 10.0 HIGH | N/A |
| Buffer overflow in Windows 2000 event viewer snap-in allows attackers to execute arbitrary commands via a malformed field that is improperly handled during the detailed view of event records. | |||||
| CVE-2005-2274 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | 2.6 LOW | N/A |
| Microsoft Internet Explorer 6.0 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability." | |||||
| CVE-1999-0549 | 1 Microsoft | 1 Windows Nt | 2026-04-16 | 7.2 HIGH | N/A |
| Windows NT automatically logs in an administrator upon rebooting. | |||||
| CVE-2000-0323 | 1 Microsoft | 1 Jet | 2026-04-16 | 7.6 HIGH | N/A |
| The Microsoft Jet database engine allows an attacker to modify text files via a database query, aka the "Text I-ISAM" vulnerability. | |||||
| CVE-2002-0422 | 1 Microsoft | 1 Internet Information Services | 2026-04-16 | 2.6 LOW | N/A |
| IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to determine the internal IP address of the system (which may be obscured by NAT) via (1) a PROPFIND HTTP request with a blank Host header, which leaks the address in an HREF property in a 207 Multi-Status response, or (2) via the WRITE or MKCOL method, which leaks the IP in the Location server header. | |||||
| CVE-1999-1376 | 1 Microsoft | 1 Internet Information Server | 2026-04-16 | 10.0 HIGH | N/A |
| Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server Extensions allows remote attackers to execute arbitrary commands. | |||||
| CVE-2006-2370 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2026-04-16 | 7.5 HIGH | N/A |
| Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability." | |||||
| CVE-2003-1463 | 2 Alt-n, Microsoft | 2 Webadmin, All Windows | 2026-04-16 | 3.5 LOW | N/A |
| Absolute path traversal vulnerability in Alt-N Technologies WebAdmin 2.0.0 through 2.0.2 allows remote attackers with administrator privileges to (1) determine the installation path by reading the contents of the Name parameter in a link, and (2) read arbitrary files via an absolute path in the Name parameter. | |||||