| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol." |
| Win32k.sys in Windows NT 4.0 before SP2 allows local users to cause a denial of service (crash) by calling certain WIN32K functions with incorrect parameters. |
| Land IP denial of service. |
| Denial of service in RPCSS.EXE program (RPC Locator) in Windows NT. |
| Windows NT RSHSVC program allows remote users to execute arbitrary commands. |
| Denial of service in telnet from the Windows NT Resource Kit, by opening then immediately closing a connection. |
| The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user. |
| The Windows NT guest account is enabled. |
| A system-critical Windows NT file or directory has inappropriate permissions. |
| Windows NT is not using a password filter utility, e.g. PASSFILT.DLL. |
| .reg files are associated with the Windows NT registry editor (regedit), making the registry susceptible to Trojan Horse attacks. |
| A Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories. |
| The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, system-critical permissions. |
| A Windows NT administrator account has the default name of Administrator. |
| A version of finger is running that exposes valid user information to any entity on the network. |
| The License Logging service for Windows NT Server, Windows 2000 Server, and Windows Server 2003 does not properly validate the length of messages, which leads to an "unchecked buffer" and allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, aka the "License Logging Service Vulnerability." |
| After an unattended installation of Windows NT 4.0, an installation file could include sensitive information such as the local Administrator password. |
| A Windows NT user can disable the keyboard or mouse by directly calling the IOCTLs which control them. |
| Memory leak in SNMP agent in Windows NT 4.0 before SP5 allows remote attackers to conduct a denial of service (memory exhaustion) via a large number of queries. |
| Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd. |
