Search
Total
632 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-0595 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2008-09-09 | 2.1 LOW | N/A |
| A Windows NT system does not clear the system page file during shutdown, which might allow sensitive information to be recorded. | |||||
| CVE-1999-0582 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2008-09-09 | 5.0 MEDIUM | N/A |
| A Windows NT account policy has inappropriate, security-critical settings for lockout, e.g. lockout duration, lockout after bad logon attempts, etc. | |||||
| CVE-1999-0585 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2008-09-09 | 2.1 LOW | N/A |
| A Windows NT administrator account has the default name of Administrator. | |||||
| CVE-1999-0612 | 2 Gnu, Microsoft | 4 Finger Service, Fingerd, Windows 2000 and 1 more | 2008-09-09 | 0.0 LOW | N/A |
| A version of finger is running that exposes valid user information to any entity on the network. | |||||
| CVE-1999-0535 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2008-09-09 | 10.0 HIGH | N/A |
| A Windows NT account policy for passwords has inappropriate, security-critical settings, e.g. for password length, password age, or uniqueness. | |||||
| CVE-1999-0519 | 1 Microsoft | 4 Outlook, Windows 2000, Windows 95 and 1 more | 2008-09-09 | 7.5 HIGH | N/A |
| A NETBIOS/SMB share password is the default, null, or missing. | |||||
| CVE-1999-0504 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2008-09-09 | 7.5 HIGH | N/A |
| A Windows NT local user or administrator account has a default, null, blank, or missing password. | |||||
| CVE-1999-0503 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2008-09-09 | 7.2 HIGH | N/A |
| A Windows NT local user or administrator account has a guessable password. | |||||
| CVE-1999-0499 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2008-09-09 | 7.5 HIGH | N/A |
| NETBIOS share information may be published through SNMP registry keys in NT. | |||||
| CVE-1999-0511 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2008-09-09 | 7.5 HIGH | N/A |
| IP forwarding is enabled on a machine which is not a router or firewall. | |||||
| CVE-1999-0506 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2008-09-09 | 7.2 HIGH | N/A |
| A Windows NT domain user or administrator account has a default, null, blank, or missing password. | |||||
| CVE-1999-0249 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2008-09-09 | 7.2 HIGH | N/A |
| Windows NT RSHSVC program allows remote users to execute arbitrary commands. | |||||
| CVE-1999-0534 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2008-09-09 | 4.6 MEDIUM | N/A |
| A Windows NT user has inappropriate rights or privileges, e.g. Act as System, Add Workstation, Backup, Change System Time, Create Pagefile, Create Permanent Object, Create Token Name, Debug, Generate Security Audit, Increase Priority, Increase Quota, Load Driver, Lock Memory, Profile Single Process, Remote Shutdown, Replace Process Token, Restore, System Environment, Take Ownership, or Unsolicited Input. | |||||
| CVE-1999-0505 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2008-09-09 | 7.2 HIGH | N/A |
| A Windows NT domain user or administrator account has a guessable password. | |||||
| CVE-1999-0391 | 1 Microsoft | 3 Terminal Server, Windows 2000, Windows Nt | 2008-09-09 | 7.5 HIGH | N/A |
| The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user. | |||||
| CVE-1999-0153 | 2 Microsoft, Sco | 4 Windows 2000, Windows 95, Windows Nt and 1 more | 2008-09-09 | 5.0 MEDIUM | N/A |
| Windows 95/NT out of band (OOB) data denial of service through NETBIOS port, aka WinNuke. | |||||
| CVE-1999-0572 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2008-09-09 | 9.3 HIGH | N/A |
| .reg files are associated with the Windows NT registry editor (regedit), making the registry susceptible to Trojan Horse attacks. | |||||
| CVE-2007-6043 | 1 Microsoft | 1 Windows 2000 | 2008-09-05 | 7.1 HIGH | N/A |
| The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1) forward security and (2) backward security, related to use of eight instances of the RC4 cipher, and possibly a related issue to CVE-2007-3898. | |||||
| CVE-2005-3168 | 1 Microsoft | 1 Windows 2000 | 2008-09-05 | 7.5 HIGH | N/A |
| The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 for SP4, when using a security template to set Access Control Lists (ACLs) on folders, does not apply ACLs on folders that are listed after a long folder entry, which could result in less secure permissions than specified by the template. | |||||
| CVE-2005-3175 | 1 Microsoft | 1 Windows 2000 | 2008-09-05 | 7.2 HIGH | N/A |
| Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local administrator to unlock a computer even if it has been locked by a domain administrator, which allows the local administrator to access the session as the domain administrator. | |||||
| CVE-2005-3176 | 1 Microsoft | 1 Windows 2000 | 2008-09-05 | 7.5 HIGH | N/A |
| Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record the IP address of a Windows Terminal Services client in a security log event if the client connects successfully, which could make it easier for attackers to escape detection. | |||||
| CVE-2005-3171 | 1 Microsoft | 1 Windows 2000 | 2008-09-05 | 4.6 MEDIUM | N/A |
| Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID 1704 to indicate that Group Policy security settings were successfully updated, even when the processing fails such as when Ntuser.pol cannot be accessed, which could cause system administrators to believe that the system is compliant with the specified settings. | |||||
| CVE-2005-3173 | 1 Microsoft | 1 Windows 2000 | 2008-09-05 | 4.6 MEDIUM | N/A |
| Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions. | |||||
| CVE-2005-3169 | 1 Microsoft | 1 Windows 2000 | 2008-09-05 | 5.0 MEDIUM | N/A |
| Microsoft Windows 2000 before Update Rollup 1 for SP4, when the "audit directory service access" policy is enabled, does not record a 565 event message for File Delete Child operations on an Active Directory object in the security event log, which could allow attackers to conduct unauthorized activities without detection. | |||||
| CVE-2005-3170 | 1 Microsoft | 1 Windows 2000 | 2008-09-05 | 5.1 MEDIUM | N/A |
| The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a trusted site. | |||||
| CVE-2005-3174 | 1 Microsoft | 1 Windows 2000 | 2008-09-05 | 4.6 MEDIUM | N/A |
| Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long. | |||||
| CVE-2005-3177 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2008-09-05 | 4.6 MEDIUM | N/A |
| CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, Windows XP, and Windows Server 2003, when running in fix mode, does not properly handle security descriptors if the master file table contains a large number of files or if the descriptors do not satisfy certain NTFS conventions, which could cause ACLs for some files to be reverted to less secure defaults, or cause security descriptors to be removed. | |||||
| CVE-2005-3172 | 1 Microsoft | 1 Windows 2000 | 2008-09-05 | 5.0 MEDIUM | N/A |
| The WideCharToMultiByte function in Microsoft Windows 2000 before Update Rollup 1 for SP4 does not properly convert strings with Japanese composite characters in the last character, which could prevent the string from being null terminated and lead to data corruption or enable buffer overflow attacks. | |||||
| CVE-2004-0540 | 1 Microsoft | 1 Windows 2000 | 2008-09-05 | 10.0 HIGH | N/A |
| Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain. | |||||
| CVE-2001-1519 | 1 Microsoft | 1 Windows 2000 | 2008-09-05 | 3.6 LOW | N/A |
| ** DISPUTED ** RunAs (runas.exe) in Windows 2000 allows local users to create a spoofed named pipe when the service is stopped, then capture cleartext usernames and passwords when clients connect to the service. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it. | |||||
| CVE-2001-0324 | 1 Microsoft | 2 Windows 2000, Windows 98 | 2008-09-05 | 2.6 LOW | N/A |
| Windows 98 and Windows 2000 Java clients allow remote attackers to cause a denial of service via a Java applet that opens a large number of UDP sockets, which prevents the host from establishing any additional UDP connections, and possibly causes a crash. | |||||
| CVE-1999-1358 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2008-09-05 | 4.6 MEDIUM | N/A |
| When an administrator in Windows NT or Windows 2000 changes a user policy, the policy is not properly updated if the local ntconfig.pol is not writable by the user, which could allow local users to bypass restrictions that would otherwise be enforced by the policy, possibly by changing the policy file to be read-only. | |||||