U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Windows
  • Search Type: Search All
  • CPE Name Search: false
There are 12,195 matching records.
Displaying matches 11,961 through 11,980.
Vuln ID Summary CVSS Severity
CVE-2001-1116

Identix BioLogon 2.03 and earlier does not lock secondary displays on a multi-monitor system running Windows 98 or ME, which allows an attacker with physical access to the system to bypass authentication through a secondary display.

Published: August 02, 2001; 12:00:00 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2001-1055

The Microsoft Windows network stack allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed ARP request packets with random source IP and MAC addresses, as demonstrated by ARPNuke.

Published: July 30, 2001; 12:00:00 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2001-1288

Windows 2000 and Windows NT allows local users to cause a denial of service (reboot) by executing a command at the command prompt and pressing the F7 and enter keys several times while the command is executing, possibly related to an exception handling error in csrss.exe.

Published: July 27, 2001; 12:00:00 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2001-0018

Windows 2000 domain controller in Windows 2000 Server, Advanced Server, or Datacenter Server allows remote attackers to cause a denial of service via a flood of malformed service requests.

Published: July 21, 2001; 12:00:00 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2001-0345

Microsoft Windows 2000 telnet service allows attackers to prevent idle Telnet sessions from timing out, causing a denial of service by creating a large number of idle sessions.

Published: July 21, 2001; 12:00:00 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2001-0346

Handle leak in Microsoft Windows 2000 telnet service allows attackers to cause a denial of service by starting a large number of sessions and terminating them.

Published: July 21, 2001; 12:00:00 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2001-0347

Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid.

Published: July 21, 2001; 12:00:00 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2001-0348

Microsoft Windows 2000 telnet service allows attackers to cause a denial of service (crash) via a long logon command that contains a backspace.

Published: July 21, 2001; 12:00:00 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2001-0349

Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the first of two variants of this vulnerability.

Published: July 21, 2001; 12:00:00 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2001-0350

Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the second of two variants of this vulnerability.

Published: July 21, 2001; 12:00:00 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2001-0351

Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service.

Published: July 21, 2001; 12:00:00 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2001-0502

Running Windows 2000 LDAP Server over SSL, a function does not properly check the permissions of a user request when the directory principal is a domain user and the data attribute is the domain password, which allows local users to modify the login password of other users.

Published: July 21, 2001; 12:00:00 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2001-0513

Oracle listener process on Windows NT redirects connection requests to another port and creates a separate thread to process the request, which allows remote attackers to cause a denial of service by repeatedly connecting to the Oracle listener but not connecting to the redirected port.

Published: July 21, 2001; 12:00:00 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2001-1302

The change password option in the Windows Security interface for Windows 2000 allows attackers to use the option to attempt to change passwords of other users on other systems or identify valid accounts by monitoring error messages, possibly due to a problem in the NetuserChangePassword function.

Published: July 18, 2001; 12:00:00 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2001-1238

Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters named (1) winlogon.exe, (2) csrss.exe, (3) smss.exe and (4) services.exe via the Process tab which could allow local users to install Trojan horses that cannot be stopped with the Task Manager.

Published: July 16, 2001; 12:00:00 AM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2001-0241

Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0.

Published: June 27, 2001; 12:00:00 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2001-0242

Buffer overflows in Microsoft Windows Media Player 7 and earlier allow remote attackers to execute arbitrary commands via (1) a long version tag in an .ASX file, or (2) a long banner tag, a variant of the ".ASX Buffer Overrun" vulnerability as discussed in MS:MS00-090.

Published: June 27, 2001; 12:00:00 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2001-0243

Windows Media Player 7 and earlier stores Internet shortcuts in a user's Temporary Files folder with a fixed filename instead of in the Internet Explorer cache, which causes the HTML in those shortcuts to run in the Local Computer Zone instead of the Internet Zone, which allows remote attackers to read certain files.

Published: June 27, 2001; 12:00:00 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2001-0245

Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highlighting" vulnerability.

Published: June 27, 2001; 12:00:00 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2001-0364

SSH Communications Security sshd 2.4 for Windows allows remote attackers to create a denial of service via a large number of simultaneous connections.

Published: June 27, 2001; 12:00:00 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 5.0 MEDIUM