VYPR

Active Directory Services

by Microsoft

CVEs (38)

  • CVE-2008-5112Nov 17, 2008
    risk 0.05cvss epss 0.20

    The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a…

  • CVE-2013-3868Sep 11, 2013
    risk 0.03cvss epss 0.38

    Microsoft Active Directory Lightweight Directory Service (AD LDS) on Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows 8 and Active Directory Services on Windows Server 2008 SP2 and R2 SP1 and Server 2012 allow remote attackers to cause a denial…

  • CVE-2009-1139Jun 10, 2009
    risk 0.03cvss epss 0.39

    Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service…

  • CVE-2009-1138Jun 10, 2009
    risk 0.03cvss epss 0.39

    The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to…

  • CVE-2008-4023Oct 15, 2008
    risk 0.03cvss epss 0.39

    Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, aka "Active Directory Overflow Vulnerability."

  • CVE-2007-0040Jul 10, 2007
    risk 0.03cvss epss 0.39

    The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an…

  • CVE-2007-3028Jul 10, 2007
    risk 0.03cvss epss 0.40

    The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client…

  • CVE-2013-1282Apr 9, 2013
    risk 0.02cvss epss 0.27

    The LDAP service in Microsoft Active Directory, Active Directory Application Mode (ADAM), Active Directory Lightweight Directory Service (AD LDS), and Active Directory Services allows remote attackers to cause a denial of service (memory consumption and service outage) via a…

  • CVE-2011-0040Feb 9, 2011
    risk 0.02cvss epss 0.23

    The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers…

  • CVE-2009-1928Nov 11, 2009
    risk 0.02cvss epss 0.30

    Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2; Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2; and Active Directory Lightweight…

  • CVE-2008-1445Jun 12, 2008
    risk 0.02cvss epss 0.27

    Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request.

  • CVE-2008-0088Feb 12, 2008
    risk 0.02cvss epss 0.29

    Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request.

  • CVE-2003-0507Aug 7, 2003
    risk 0.02cvss epss 0.27

    Stack-based buffer overflow in Active Directory in Windows 2000 before SP4 allows remote attackers to cause a denial of service (reboot) and possibly execute arbitrary code via an LDAP version 3 search request with a large number of (1) "AND," (2) "OR," and possibly other…

  • CVE-2025-29968May 13, 2025
    risk 0.01cvss epss 0.02

    Improper input validation in Active Directory Certificate Services (AD CS) allows an authorized attacker to deny service over a network.

  • CVE-2025-21351Feb 11, 2025
    risk 0.01cvss epss 0.02

    Windows Active Directory Domain Services API Denial of Service Vulnerability

  • CVE-2015-2535Sep 9, 2015
    risk 0.01cvss epss 0.12

    Active Directory in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 allows remote authenticated users to cause a denial of service (service outage) by creating multiple machine accounts, aka "Active Directory Denial of Service Vulnerability."

  • CVE-2011-2014Nov 8, 2011
    risk 0.01cvss epss 0.11

    The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2,…

  • CVE-2025-27740Apr 8, 2025
    risk 0.00cvss epss 0.03

    Weak authentication in Windows Active Directory Certificate Services allows an authorized attacker to elevate privileges over a network.

Page 2 of 2