Export limit exceeded: 25543 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25543 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-0283 | 1 Microsoft | 1 Windows Xp | 2026-04-16 | N/A |
| Windows XP with port 445 open allows remote attackers to cause a denial of service (CPU consumption) via a flood of TCP SYN packets containing possibly malformed data. | ||||
| CVE-2002-0285 | 1 Microsoft | 1 Outlook Express | 2026-04-16 | N/A |
| Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") in a message header as if it were a valid carriage return/line feed combination (CR/LF), which could allow remote attackers to bypass virus protection and or other filtering mechanisms via a mail message with headers that only contain the CR, which causes Outlook to create separate headers. | ||||
| CVE-2002-0079 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2026-04-16 | N/A |
| Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code. | ||||
| CVE-2002-0075 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2026-04-16 | N/A |
| Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message. | ||||
| CVE-2002-0074 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session. | ||||
| CVE-2002-0073 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2026-04-16 | N/A |
| The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters. | ||||
| CVE-2002-0078 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| The zone determination function in Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to run scripts in the Local Computer zone by embedding the script in a cookie, aka the "Cookie-based Script Execution" vulnerability. | ||||
| CVE-2001-1450 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Microsoft Internet Explorer 5.0 through 6.0 allows attackers to cause a denial of service (browser crash) via a crafted FTP URL such as "/.#./". | ||||
| CVE-2001-1451 | 1 Microsoft | 1 Windows 2000 | 2026-04-16 | N/A |
| Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for Microsoft Windows 2000 before SP3, when the Print Spooler is not running, allows remote attackers to cause a denial of service (memory consumption) via a large number of GET or GETNEXT requests. | ||||
| CVE-2001-1452 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2026-04-16 | 7.5 High |
| By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS responses. | ||||
| CVE-2001-1489 | 1 Microsoft | 1 Ie | 2026-04-16 | N/A |
| Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images. | ||||
| CVE-2001-1497 | 1 Microsoft | 2 Ie, Internet Explorer | 2026-04-16 | N/A |
| Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password guessing attack. | ||||
| CVE-2001-1515 | 1 Microsoft | 1 Windows 2000 | 2026-04-16 | 7.5 High |
| Macintosh clients, when using NT file system volumes on Windows 2000 SP1, create subdirectories and automatically modify the inherited NTFS permissions, which may cause the directories to have less restrictive permissions than intended. | ||||
| CVE-2001-1517 | 1 Microsoft | 1 Windows 2000 | 2026-04-16 | N/A |
| RunAs (runas.exe) in Windows 2000 stores cleartext authentication information in memory, which could allow attackers to obtain usernames and passwords by executing a process that is allocated the same memory page after termination of a RunAs command. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it, and the original researcher did not respond to requests for additional information | ||||
| CVE-2001-1518 | 1 Microsoft | 1 Windows 2000 | 2026-04-16 | N/A |
| RunAs (runas.exe) in Windows 2000 only creates one session instance at a time, which allows local users to cause a denial of service (RunAs hang) by creating a named pipe session with the authentication server without any request for service. NOTE: the vendor disputes this vulnerability, however the vendor also presents a scenario in which other users could be affected if running on a Terminal Server. Therefore this is a vulnerability. | ||||
| CVE-2001-1519 | 1 Microsoft | 1 Windows 2000 | 2026-04-16 | N/A |
| RunAs (runas.exe) in Windows 2000 allows local users to create a spoofed named pipe when the service is stopped, then capture cleartext usernames and passwords when clients connect to the service. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it | ||||
| CVE-2001-1533 | 1 Microsoft | 1 Isa Server | 2026-04-16 | 5.3 Medium |
| Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets. NOTE: the vendor disputes this issue, saying that it requires high bandwidth to exploit, and the server does not experience any instability. Therefore this "laws of physics" issue might not be included in CVE | ||||
| CVE-2001-1539 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Stack consumption vulnerability in Internet Explorer The JavaScript settimeout function in Internet Explorer allows remote attackers to cause a denial of service (crash) via the JavaScript settimeout function. NOTE: the vendor could not reproduce the problem. | ||||
| CVE-2001-1547 | 1 Microsoft | 1 Outlook Express | 2026-04-16 | N/A |
| Outlook Express 6.0, with "Do not allow attachments to be saved or opened that could potentially be a virus" enabled, does not block email attachments from forwarded messages, which could allow remote attackers to execute arbitrary code. | ||||
| CVE-2001-1552 | 1 Microsoft | 1 Windows Me | 2026-04-16 | N/A |
| ssdpsrv.exe in Windows ME allows remote attackers to cause a denial of service by sending multiple newlines in a Simple Service Discovery Protocol (SSDP) message. NOTE: multiple replies to the original post state that the problem could not be reproduced. | ||||