Windows 95
Sign in to watchby Microsoft
CVEs (46)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-1999-0256 | 0.09 | — | 0.81 | Feb 1, 1998 | Buffer overflow in War FTP allows remote execution of commands. | ||
| CVE-1999-0016 | 0.09 | — | 0.81 | Dec 1, 1997 | Land IP denial of service. | ||
| CVE-2000-0305 | 0.06 | — | 0.41 | May 19, 2000 | Windows 95, Windows 98, Windows 2000, Windows NT 4.0, and Terminal Server systems allow a remote attacker to cause a denial of service by sending a large number of identical fragmented IP packets, aka jolt2 or the "IP Fragment Reassembly" vulnerability. | ||
| CVE-2000-0347 | 0.06 | — | 0.36 | May 2, 2000 | Windows 95 and Windows 98 allow a remote attacker to cause a denial of service via a NetBIOS session request packet with a NULL source name. | ||
| CVE-1999-0875 | 0.06 | — | 0.39 | Aug 11, 1999 | DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow remote attackers to modify their default routes. | ||
| CVE-1999-0918 | 0.06 | — | 0.41 | Jul 3, 1999 | Denial of service in various Windows systems via malformed, fragmented IGMP packets. | ||
| CVE-2000-0330 | 0.05 | — | 0.23 | Nov 12, 1999 | The networking software in Windows 95 and Windows 98 allows remote attackers to execute commands via a long file name string, aka the "File Access URL" vulnerability. | ||
| CVE-1999-0749 | 0.05 | — | 0.21 | Aug 16, 1999 | Buffer overflow in Microsoft Telnet client in Windows 95 and Windows 98 via a malformed Telnet argument. | ||
| CVE-1999-0153 | 0.05 | — | 0.19 | Jul 1, 1997 | Windows 95/NT out of band (OOB) data denial of service through NETBIOS port, aka WinNuke. | ||
| CVE-2002-0053 | 0.04 | — | 0.49 | Mar 8, 2002 | Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause a denial of service or execute arbitrary code via a malformed management request. NOTE: this candidate may be split or merged with other candidates. This and other PROTOS-related candidates, especially CVE-2002-0012 and CVE-2002-0013, will be updated when more accurate information is available. | ||
| CVE-2000-1039 | 0.04 | — | 0.45 | Jan 9, 2001 | Various TCP/IP stacks and network applications allow remote attackers to cause a denial of service by flooding a target host with TCP connection attempts and completing the TCP/IP handshake without maintaining the connection state on the attacker host, aka the "NAPTHA" class of vulnerabilities. NOTE: this candidate may change significantly as the security community discusses the technical nature of NAPTHA and learns more about the affected applications. This candidate is at a higher level of abstraction than is typical for CVE. | ||
| CVE-2000-0979 | 0.04 | — | 0.12 | Dec 19, 2000 | File and Print Sharing service in Windows 95, Windows 98, and Windows Me does not properly check the password for a file share, which allows remote attackers to bypass share access controls by sending a 1-byte password that matches the first character of the real password, aka the "Share Level Password" vulnerability. | ||
| CVE-2000-0168 | 0.04 | — | 0.17 | Mar 4, 2000 | Microsoft Windows 9x operating systems allow an attacker to cause a denial of service via a pathname that includes file device names, aka the "DOS Device in Path Name" vulnerability. | ||
| CVE-1999-1105 | 0.04 | — | 0.49 | Dec 31, 1999 | Windows 95, when Remote Administration and File Sharing for NetWare Networks is enabled, creates a share (C$) when an administrator logs in remotely, which allows remote attackers to read arbitrary files by mapping the network drive. | ||
| CVE-1999-0015 | 0.04 | — | 0.13 | Dec 16, 1997 | Teardrop IP denial of service. | ||
| CVE-2000-0155 | 0.03 | — | 0.02 | Feb 18, 2000 | Windows NT Autorun executes the autorun.inf file on non-removable media, which allows local attackers to specify an alternate program to execute when other users access a drive. | ||
| CVE-2000-0129 | 0.03 | — | 0.00 | Feb 4, 2000 | Buffer overflow in the SHGetPathFromIDList function of the Serv-U FTP server allows attackers to cause a denial of service by performing a LIST command on a malformed .lnk file. | ||
| CVE-1999-0975 | 0.03 | — | 0.00 | Dec 10, 1999 | The Windows help system can allow a local user to execute commands as another user by editing a table of contents metafile with a .CNT extension and modifying the topic action to include the commands to be executed when the .hlp file is accessed. | ||
| CVE-2000-0742 | 0.02 | — | 0.19 | Oct 20, 2000 | The IPX protocol implementation in Microsoft Windows 95 and 98 allows remote attackers to cause a denial of service by sending a ping packet with a source IP address that is a broadcast address, aka the "Malformed IPX Ping Packet" vulnerability. | ||
| CVE-2000-1079 | 0.02 | — | 0.21 | Aug 29, 2000 | Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram. |