Windows 98 CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (109 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2000-0979	1 Microsoft	4 Windows 95, Windows 98, Windows 98se and 1 more	2026-04-16	N/A
File and Print Sharing service in Windows 95, Windows 98, and Windows Me does not properly check the password for a file share, which allows remote attackers to bypass share access controls by sending a 1-byte password that matches the first character of the real password, aka the "Share Level Password" vulnerability.
CVE-2000-1003	1 Microsoft	3 Windows 95, Windows 98, Windows 98se	2026-04-16	N/A
NETBIOS client in Windows 95 and Windows 98 allows a remote attacker to cause a denial of service by changing a file sharing service to return an unknown driver type, which causes the client to crash.
CVE-2004-0901	1 Microsoft	7 Windows 2000, Windows 2003 Server, Windows 98 and 4 more	2026-04-16	N/A
Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Font Conversion Vulnerability," a different vulnerability than CVE-2004-0571.
CVE-2006-2376	1 Microsoft	3 Windows 98, Windows 98se, Windows Me	2026-04-16	N/A
Integer overflow in the PolyPolygon function in Graphics Rendering Engine on Microsoft Windows 98 and Me allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) or EMF image with a sum of entries in the vertext counts array and number of polygons that triggers a heap-based buffer overflow.
CVE-2004-0571	1 Microsoft	7 Windows 2000, Windows 2003 Server, Windows 98 and 4 more	2026-04-16	N/A
Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CVE-2004-0901.
CVE-2004-0597	3 Greg Roelofs, Microsoft, Redhat	7 Libpng, Msn Messenger, Windows 98se and 4 more	2026-04-16	N/A
Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.
CVE-2001-0238	1 Microsoft	6 Windows 2000, Windows 95, Windows 98 and 3 more	2026-04-16	N/A
Microsoft Data Access Component Internet Publishing Provider 8.103.2519.0 and earlier allows remote attackers to bypass Security Zone restrictions via WebDAV requests.
CVE-2004-0230	7 Juniper, Mcafee, Microsoft and 4 more	12 Junos, Network Data Loss Prevention, Windows 2000 and 9 more	2025-05-02	N/A
TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.
CVE-2020-5674	2 Epson, Microsoft	37 Album Print, Color Calibration Utility, Colorbase and 34 more	2024-11-21	7.8 High
Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

« first previous Page 6 of 6.