LiveActive security incident?Get immediate response
CVE archive

December 2000

Browse CVE records published in December 2000, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 7 of 57 matching CVEs · Page 2 of 2.

Unknown · CVSS Not scored

CVE-2000-1083: The xp_showcolv function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly res...

The xp_showcolv function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.

Published Dec 19, 2000 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2000-1087: The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not...

The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.

Published Dec 19, 2000 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2000-1039: Various TCP/IP stacks and network applications allow remote attackers to cause a denial of service by flood...

Various TCP/IP stacks and network applications allow remote attackers to cause a denial of service by flooding a target host with TCP connection attempts and completing the TCP/IP handshake without maintaining the connection state on the attacker host, aka the "NAPTHA" class of vulnerabilities. NOTE: this candidate may change significantly as the security community discusses the technical nature of NAPTHA and learns more about the affected applications. This candidate is at a higher level of abstraction than is typical for CVE.

Published Dec 19, 2000 · Updated Aug 8, 2024