VYPR

Vendor CVEs

Microsoft

All CVEs

14,318 total · sorted by risk
  • CVE-2000-0580Jun 30, 2000
    risk 0.04cvss epss 0.17

    Windows 2000 Server allows remote attackers to cause a denial of service by sending a continuous stream of binary zeros to various TCP and UDP ports, which significantly increases the CPU utilization.

  • CVE-2000-0400May 13, 2000
    risk 0.04cvss epss 0.07

    The Microsoft Active Movie ActiveX Control in Internet Explorer 5 does not restrict which file types can be downloaded, which allows an attacker to download any type of file to a user's system by encoding it within an email message or news post.

  • CVE-2000-0347May 2, 2000
    risk 0.04cvss epss 0.18

    Windows 95 and Windows 98 allow a remote attacker to cause a denial of service via a NetBIOS session request packet with a NULL source name.

  • CVE-2000-0256Apr 19, 2000
    risk 0.04cvss epss 0.12

    Buffer overflows in htimage.exe and Imagemap.exe in FrontPage 97 and 98 Server Extensions allow a user to conduct activities that are not otherwise available through the web site, aka the "Server-Side Image Map Components" vulnerability.

  • CVE-2000-0260Apr 14, 2000
    risk 0.04cvss epss 0.14

    Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 allows users to cause a denial of service or execute commands, aka the "Link View Server-Side Component" vulnerability.

  • CVE-2000-0200Mar 6, 2000
    risk 0.04cvss epss 0.16

    Buffer overflow in Microsoft Clip Art Gallery allows remote attackers to cause a denial of service or execute commands via a malformed CIL (clip art library) file, aka the "Clip Art Buffer Overrun" vulnerability.

  • CVE-2000-0156Feb 16, 2000
    risk 0.04cvss epss 0.13

    Internet Explorer 4.x and 5.x allows remote web servers to access files on the client that are outside of its security domain, aka the "Image Source Redirect" vulnerability.

  • CVE-2000-0114Feb 2, 2000
    risk 0.04cvss epss 0.48

    Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory.

  • CVE-2000-0098Jan 26, 2000
    risk 0.04cvss epss 0.49

    Microsoft Index Server allows remote attackers to determine the real path for a web directory via a request to an Internet Data Query file that does not exist.

  • CVE-1999-0981Dec 8, 1999
    risk 0.04cvss epss 0.13

    Internet Explorer 5.01 and earlier allows a remote attacker to create a reference to a client window and use a server-side redirect to access local files via that window, aka "Server-side Page Reference Redirect."

  • CVE-1999-0989Dec 6, 1999
    risk 0.04cvss epss 0.12

    Buffer overflow in Internet Explorer 5 directshow filter (MSDXM.OCX) allows remote attackers to execute commands via the vnd.ms.radio protocol.

  • CVE-1999-0819Dec 1, 1999
    risk 0.04cvss epss 0.16

    NTMail does not disable the VRFY command, even if the administrator has explicitly disabled it.

  • CVE-1999-0793Nov 17, 1999
    risk 0.04cvss epss 0.13

    Internet Explorer allows remote attackers to read files by redirecting data to a Javascript applet.

  • CVE-1999-1110Nov 14, 1999
    risk 0.04cvss epss 0.10

    Windows Media Player ActiveX object as used in Internet Explorer 5.0 returns a specific error code when a file does not exist, which allows remote malicious web sites to determine the existence of files on the client.

  • CVE-2000-0330Nov 12, 1999
    risk 0.04cvss epss 0.15

    The networking software in Windows 95 and Windows 98 allows remote attackers to execute commands via a long file name string, aka the "File Access URL" vulnerability.

  • CVE-2000-0329Nov 11, 1999
    risk 0.04cvss epss 0.08

    A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability.

  • CVE-1999-0877Oct 1, 1999
    risk 0.04cvss epss 0.18

    Internet Explorer 5 allows remote attackers to read files via an ExecCommand method called on an IFRAME.

  • CVE-1999-0750Sep 13, 1999
    risk 0.04cvss epss 0.09

    Hotmail allows Javascript to be executed via the HTML STYLE tag, allowing remote attackers to execute commands on the user's Hotmail account.

  • CVE-1999-0669Sep 1, 1999
    risk 0.04cvss epss 0.08

    The Eyedog ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy.

  • CVE-1999-1016Aug 27, 1999
    risk 0.04cvss epss 0.08

    Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) FrontPage Express, (3) Outlook Express 5, and (4) Eudora, and possibly others, allows remote malicious web site or HTML emails to cause a denial of service (100% CPU consumption) via large HTML form fields such as…

  • CVE-1999-0749Aug 16, 1999
    risk 0.04cvss epss 0.08

    Buffer overflow in Microsoft Telnet client in Windows 95 and Windows 98 via a malformed Telnet argument.

  • CVE-1999-0875Aug 11, 1999
    risk 0.04cvss epss 0.18

    DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow remote attackers to modify their default routes.

  • CVE-1999-0224Jul 23, 1999
    risk 0.04cvss epss 0.17

    Denial of service in Windows NT messenger service through a long username.

  • CVE-1999-0140Jun 30, 1999
    risk 0.04cvss epss 0.14

    Denial of service in RAS/PPTP on NT systems.

  • CVE-1999-0755May 27, 1999
    risk 0.04cvss epss 0.16

    Windows NT RRAS and RAS clients cache a user's password even if the user has not selected the "Save password" option.

  • CVE-1999-1520May 11, 1999
    risk 0.04cvss epss 0.11

    A configuration problem in the Ad Server Sample directory (AdSamples) in Microsoft Site Server 3.0 allows an attacker to obtain the SITE.CSC file, which exposes sensitive SQL database information.

  • CVE-1999-1033May 11, 1999
    risk 0.04cvss epss 0.17

    Microsoft Outlook Express before 4.72.3612.1700 allows a malicious user to send a message that contains a .., which can inadvertently cause Outlook to re-enter POP3 command mode and cause the POP3 session to hang.

  • CVE-1999-0487May 1, 1999
    risk 0.04cvss epss 0.13

    The DHTML Edit ActiveX control in Internet Explorer allows remote attackers to read arbitrary files.

  • CVE-1999-0412Feb 19, 1999
    risk 0.04cvss epss 0.10

    In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension.

  • CVE-1999-1453Feb 2, 1999
    risk 0.04cvss epss 0.11

    Internet Explorer 4 allows remote attackers (malicious web site operators) to read the contents of the clipboard via the Internet WebBrowser ActiveX object.

  • CVE-1999-0449Jan 26, 1999
    risk 0.04cvss epss 0.50

    The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to the (1) advsearch.asp, (2) query.asp, or (3) search.asp scripts.

  • CVE-1999-0869Dec 1, 1998
    risk 0.04cvss epss 0.17

    Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing.

  • CVE-1999-0506Oct 1, 1998
    risk 0.04cvss epss 0.17

    A Windows NT domain user or administrator account has a default, null, blank, or missing password.

  • CVE-1999-0284Jan 1, 1998
    risk 0.04cvss epss 0.12

    Denial of service to NT mail servers including Ipswitch, Mdaemon, and Exchange through a buffer overflow in the SMTP HELO command.

  • CVE-1999-0294Oct 1, 1997
    risk 0.04cvss epss 0.14

    All records in a WINS database can be deleted through SNMP for a denial of service.

  • CVE-1999-0281Jun 1, 1997
    risk 0.04cvss epss 0.13

    Denial of service in IIS using long URLs.

  • CVE-1999-0562Jan 1, 1997
    risk 0.04cvss epss 0.11

    The registry in Windows NT can be accessed remotely by users who are not administrators.

  • CVE-1999-0233Feb 25, 1996
    risk 0.04cvss epss 0.16

    IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd files.

  • CVE-2026-21244Feb 10, 2026
    risk 0.03cvss epss 0.01

    Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.

  • CVE-2026-21250Feb 10, 2026
    risk 0.03cvss epss 0.01

    Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.

  • CVE-2026-21248Feb 10, 2026
    risk 0.03cvss epss 0.01

    Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.

  • CVE-2019-0539HigJan 8, 2019
    risk 0.03cvss 7.5epss 0.83

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0567,…

  • CVE-2015-6174Dec 9, 2015
    risk 0.03cvss epss 0.03

    The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka…

  • CVE-2015-6173Dec 9, 2015
    risk 0.03cvss epss 0.03

    The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka…

  • CVE-2015-6171Dec 9, 2015
    risk 0.03cvss epss 0.03

    The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka…

  • CVE-2015-6102Nov 11, 2015
    risk 0.03cvss epss 0.04

    The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to bypass the KASLR protection mechanism, and…

  • CVE-2015-6101Nov 11, 2015
    risk 0.03cvss epss 0.03

    The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka…

  • CVE-2015-6100Nov 11, 2015
    risk 0.03cvss epss 0.03

    The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka…

  • CVE-2015-6098Nov 11, 2015
    risk 0.03cvss epss 0.04

    Buffer overflow in the Network Driver Interface Standard (NDIS) implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "Windows NDIS Elevation of Privilege…

  • CVE-2015-6038Nov 11, 2015
    risk 0.03cvss epss 0.36

    Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3, 2010 SP2, and 2013 SP1 allow remote attackers to…

Page 218 of 287