Windows 2003 Server Security Vulnerabilities and Issues — Page 2 of Windows 2003 Server CVE List

Lucene search

MicrosoftWindows 2003 Server

84 matches found

CVE•added 2011/01/07 12:0 p.m.•49 views

CVE-2010-4669

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 allows remote attackers to cause a denial of service (CPU consumption and system hang) by sending many Router Advertisement (RA) mess...

7.8CVSS7.2AI score0.07851EPSS

CVE•added 2011/02/10 4:0 p.m.•49 views

CVE-2011-0033

The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate parameter values in OpenType fonts, which allows remote attackers to execute arbitra...

9.3CVSS7.6AI score0.2718EPSS

CVE•added 2011/02/09 1:0 a.m.•49 views

CVE-2011-0089

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka ...

7.2CVSS6.4AI score0.00859EPSS

CVE•added 2011/04/13 6:55 p.m.•49 views

CVE-2011-0667

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application th...

7.2CVSS6.5AI score0.00623EPSS

CVE•added 2011/04/13 8:26 p.m.•49 views

CVE-2011-1225

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer deref...

7.2CVSS6.4AI score0.00827EPSS

CVE•added 2011/07/13 11:55 p.m.•49 views

CVE-2011-1283

The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 does not ensure that an unspecified array index has a non-negative value before performing read and w...

7.2CVSS6.5AI score0.00773EPSS

CVE•added 2011/06/16 8:55 p.m.•49 views

CVE-2011-1868

The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate fields in DFS responses, which allows remote DFS servers to execute arbitrary code via a crafted response, aka "DFS Memory Corruption Vulnerability."

10CVSS7.5AI score0.34714EPSS

CVE•added 2011/02/09 1:0 a.m.•48 views

CVE-2011-0030

The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout...

4.7CVSS6.1AI score0.01728EPSS

CVE•added 2011/04/13 6:55 p.m.•48 views

CVE-2011-0660

The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Respon...

9.3CVSS7.5AI score0.4891EPSS

CVE•added 2011/04/13 8:26 p.m.•48 views

CVE-2011-1234

7.2CVSS6.4AI score0.00639EPSS

CVE•added 2011/04/13 8:26 p.m.•48 views

CVE-2011-1239

7.2CVSS6.4AI score0.00623EPSS

CVE•added 2011/07/13 11:55 p.m.•48 views

CVE-2011-1883

7.2CVSS6.5AI score0.0061EPSS

CVE•added 2011/02/09 1:0 a.m.•47 views

CVE-2011-0086

7.2CVSS6.4AI score0.01164EPSS

CVE•added 2011/04/13 8:26 p.m.•47 views

CVE-2011-1235

7.2CVSS6.5AI score0.00623EPSS

CVE•added 2011/04/13 8:26 p.m.•47 views

CVE-2011-1241

7.2CVSS6.4AI score0.0061EPSS

CVE•added 2011/08/10 9:55 p.m.•47 views

CVE-2011-1968

The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly process packets in memory, which allows remote attackers to cause a denial of service (reboot) by sending crafted RDP packets triggering access to an object that (1) wa...

7.1CVSS6.6AI score0.74889EPSS

CVE•added 2011/02/09 1:0 a.m.•46 views

CVE-2011-0088

7.2CVSS6.3AI score0.00584EPSS

CVE•added 2011/04/13 8:26 p.m.•46 views

CVE-2011-1226

7.2CVSS6.4AI score0.00845EPSS

CVE•added 2011/04/13 8:26 p.m.•46 views

CVE-2011-1228

7.2CVSS6.4AI score0.00845EPSS

CVE•added 2011/04/13 8:26 p.m.•46 views

CVE-2011-1236

7.8CVSS6.5AI score0.01027EPSS

CVE•added 2011/04/13 8:26 p.m.•46 views

CVE-2011-1237

7.2CVSS6.4AI score0.01624EPSS

CVE•added 2011/07/13 11:55 p.m.•46 views

CVE-2011-1878

7.2CVSS6.5AI score0.0061EPSS

CVE•added 2011/07/13 11:55 p.m.•46 views

CVE-2011-1879

7.2CVSS6.5AI score0.0061EPSS

CVE•added 2011/04/13 8:26 p.m.•45 views

CVE-2011-0675

7.2CVSS6.5AI score0.00623EPSS

CVE•added 2011/07/13 11:55 p.m.•45 views

CVE-2011-1884

7.2CVSS6.5AI score0.0061EPSS

CVE•added 2011/02/09 1:0 a.m.•44 views

CVE-2011-0039

The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka "LSASS Length Validation Vulnerability."

7.2CVSS6.6AI score0.0128EPSS

CVE•added 2011/04/13 6:55 p.m.•44 views

CVE-2011-0665

7.2CVSS6.5AI score0.00623EPSS

CVE•added 2011/04/13 8:26 p.m.•44 views

CVE-2011-1233

7.2CVSS6.4AI score0.00845EPSS

CVE•added 2011/02/09 1:0 a.m.•43 views

CVE-2011-0040

The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers name collisions, aka...

5CVSS6.6AI score0.40229EPSS

CVE•added 2011/02/10 4:0 p.m.•43 views

CVE-2011-0043

Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 supports weak hashing algorithms, which allows local users to gain privileges by operating a service that sends crafted service tickets, as demonstrated by the CRC32 algorithm, aka "Kerberos Unkeyed Checksum Vulnerability."

7.2CVSS6.4AI score0.00651EPSS

CVE•added 2011/04/13 8:26 p.m.•43 views

CVE-2011-0674

7.2CVSS6.5AI score0.00623EPSS

CVE•added 2011/04/13 8:26 p.m.•43 views

CVE-2011-1232

7.2CVSS6.4AI score0.00845EPSS

CVE•added 2011/04/13 6:55 p.m.•42 views

CVE-2011-0666

7.2CVSS6.5AI score0.00623EPSS

CVE•added 2011/06/16 8:55 p.m.•41 views

CVE-2011-1264

Cross-site scripting (XSS) vulnerability in Active Directory Certificate Services Web Enrollment in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Active Directory Certific...

4.3CVSS5.7AI score0.02977EPSS

Total number of security vulnerabilities84