Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
MicrosoftWindows Server 2008

3407 matches found

CVE
CVEadded 2010/06/08 10:30 p.m.67 views

CVE-2010-0485

The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute...

7.8CVSS6.7AI score0.00965EPSS
CVE
CVEadded 2013/04/09 10:55 p.m.67 views

CVE-2013-1292

Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of...

7.4CVSS6.4AI score0.00215EPSS
CVE
CVEadded 2014/06/11 4:56 a.m.67 views

CVE-2014-1817

usp10.dll in Uniscribe (aka the Unicode Script Processor) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP1 and SP2, Live Meeting ...

9.3CVSS8.6AI score0.44437EPSS
CVE
CVEadded 2015/03/11 10:59 a.m.67 views

CVE-2015-0073

The Windows Registry Virtualization feature in the kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict changes to virtual stores, which allows local ...

7.2CVSS6.3AI score0.04632EPSS
CVE
CVEadded 2015/04/14 8:59 p.m.67 views

CVE-2015-1643

Microsoft Windows Server 2003 R2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted appl...

7.2CVSS6.4AI score0.02327EPSS
CVE
CVEadded 2015/06/10 1:59 a.m.67 views

CVE-2015-1756

Use-after-free vulnerability in Microsoft Common Controls in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows user-assisted remote attackers to execute arbitrary code via a cra...

9.3CVSS7.4AI score0.44309EPSS
CVE
CVEadded 2015/09/09 12:59 a.m.67 views

CVE-2015-2507

The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Font Driver Elevat...

7.2CVSS6.3AI score0.07689EPSS
CVE
CVEadded 2015/11/11 12:59 p.m.67 views

CVE-2015-6095

Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles password changes, which allows physically proximate attackers to bypass authenticatio...

4.9CVSS6.6AI score0.06476EPSS
CVE
CVEadded 2017/03/17 12:59 a.m.67 views

CVE-2017-0126

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-...

4.3CVSS4.5AI score0.13744EPSS
CVE
CVEadded 2017/07/11 9:29 p.m.67 views

CVE-2017-8486

Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an information disclosure due to the way it handles objects in memory, aka "Win32k Information Disclosure Vulner...

4.7CVSS5AI score0.01433EPSS
CVE
CVEadded 2017/06/29 1:29 p.m.67 views

CVE-2017-8554

The kernel in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an authenticated attacker to obtain memory contents via a specially crafted application.

4.7CVSS4.5AI score0.0127EPSS
CVE
CVEadded 2017/10/13 1:29 p.m.67 views

CVE-2017-8694

The Microsoft Windows Kernel Mode Driver on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to prope...

7CVSS8AI score0.01133EPSS
CVE
CVEadded 2018/01/04 2:29 p.m.67 views

CVE-2018-0741

The Color Management Module (Icm32.dll) in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Microsoft Color Management Information Disclosure Vulnerability".

5.3CVSS5AI score0.17734EPSS
CVE
CVEadded 2018/02/15 2:29 a.m.67 views

CVE-2018-0760

The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1, Windows Server 2008 R2, and Windows Server 2012 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability". Thi...

5.5CVSS4.5AI score0.10128EPSS
CVE
CVEadded 2019/07/29 1:47 p.m.67 views

CVE-2019-1099

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1094, CVE-2019-1095, CVE-2019-1098, CVE-2019-1100, CVE-2019-1101, CVE-2019-1116.

6.5CVSS6.1AI score0.12437EPSS
CVE
CVEadded 2019/08/14 9:15 p.m.67 views

CVE-2019-1154

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user’s system.There are multiple ways an attacker could exploit th...

5.5CVSS5.2AI score0.00725EPSS
CVE
CVEadded 2021/12/15 3:15 p.m.67 views

CVE-2021-43245

Windows Digital TV Tuner Elevation of Privilege Vulnerability

7.8CVSS8.6AI score0.0015EPSS
CVE
CVEadded 2023/12/12 6:15 p.m.67 views

CVE-2023-36012

DHCP Server Service Information Disclosure Vulnerability

5.3CVSS6.5AI score0.00491EPSS
CVE
CVEadded 2025/05/13 5:15 p.m.67 views

CVE-2025-29837

Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to disclose information locally.

5.5CVSS6.7AI score0.00074EPSS
CVE
CVEadded 2009/10/14 10:30 a.m.66 views

CVE-2009-2511

Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers and other entities via...

7.5CVSS6.5AI score0.07123EPSS
CVE
CVEadded 2010/10/13 7:0 p.m.66 views

CVE-2010-2744

The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly manage a window class, which allows local users to gain privileges by creating a window, then using (1) the SetWindow...

7.2CVSS6.1AI score0.03606EPSS
CVE
CVEadded 2011/04/13 8:26 p.m.66 views

CVE-2011-1231

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer deref...

8.4CVSS6.4AI score0.00702EPSS
CVE
CVEadded 2015/02/11 3:0 a.m.66 views

CVE-2015-0010

The CryptProtectMemory function in cng.sys (aka the Cryptography Next Generation driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gol...

1.9CVSS6.2AI score0.01313EPSS
CVE
CVEadded 2015/06/10 1:59 a.m.66 views

CVE-2015-1727

Buffer overflow in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted ...

7.2CVSS6.8AI score0.1703EPSS
CVE
CVEadded 2015/08/15 12:59 a.m.66 views

CVE-2015-2428

Object Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly constrain impersonation levels during interaction with object symbolic links that originated in a ...

2.1CVSS6.4AI score0.01042EPSS
CVE
CVEadded 2015/08/15 12:59 a.m.66 views

CVE-2015-2429

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow attackers to bypass an application sandbox protection mechanism and perform unspecified registry actions via a crafted applicati...

9.3CVSS6.5AI score0.05306EPSS
CVE
CVEadded 2015/08/15 12:59 a.m.66 views

CVE-2015-2461

ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted Ope...

9.3CVSS7.3AI score0.54061EPSS
CVE
CVEadded 2015/09/09 12:59 a.m.66 views

CVE-2015-2528

Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Windows Task Management Elevation of Privilege Vulnerability," a dif...

7.2CVSS6.3AI score0.12637EPSS
CVE
CVEadded 2015/10/14 1:59 a.m.66 views

CVE-2015-2549

The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Corruption Vulne...

7.2CVSS6.3AI score0.0205EPSS
CVE
CVEadded 2015/12/09 11:59 a.m.66 views

CVE-2015-6126

Race condition in the Pragmatic General Multicast (PGM) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gai...

7.2CVSS6.6AI score0.00649EPSS
CVE
CVEadded 2017/06/15 1:29 a.m.66 views

CVE-2017-8473

Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Informat...

5CVSS4.7AI score0.15731EPSS
CVE
CVEadded 2017/08/08 9:29 p.m.66 views

CVE-2017-8593

Microsoft Win32k in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka ...

7CVSS7.5AI score0.00972EPSS
CVE
CVEadded 2023/12/12 6:15 p.m.66 views

CVE-2023-36005

Windows Telephony Server Elevation of Privilege Vulnerability

8.1CVSS8AI score0.08837EPSS
CVE
CVEadded 2024/09/10 5:15 p.m.66 views

CVE-2024-38234

Windows Networking Denial of Service Vulnerability

6.5CVSS7.8AI score0.0048EPSS
CVE
CVEadded 2025/01/14 6:15 p.m.66 views

CVE-2025-21272

Windows COM Server Information Disclosure Vulnerability

6.5CVSS6.3AI score0.0009EPSS
CVE
CVEadded 2009/06/10 6:0 p.m.65 views

CVE-2009-0229

The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability."

4.9CVSS7AI score0.03494EPSS
CVE
CVEadded 2010/01/13 7:30 p.m.65 views

CVE-2010-0018

Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code via comp...

9.3CVSS7.7AI score0.65957EPSS
CVE
CVEadded 2010/02/10 6:30 p.m.65 views

CVE-2010-0252

The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remot...

9.3CVSS7.4AI score0.42858EPSS
CVE
CVEadded 2010/04/14 4:0 p.m.65 views

CVE-2010-0487

The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does n...

9.3CVSS7.6AI score0.43076EPSS
CVE
CVEadded 2010/05/07 6:30 p.m.65 views

CVE-2010-1690

The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earl...

6.4CVSS6AI score0.54363EPSS
CVE
CVEadded 2011/08/10 9:55 p.m.65 views

CVE-2011-1967

Winsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process de...

7.2CVSS6.4AI score0.00214EPSS
CVE
CVEadded 2012/07/10 9:55 p.m.65 views

CVE-2012-1870

The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a thi...

4.3CVSS6.4AI score0.10507EPSS
CVE
CVEadded 2013/01/09 6:9 p.m.65 views

CVE-2013-0008

win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted applica...

7.2CVSS6.2AI score0.17562EPSS
CVE
CVEadded 2013/04/09 10:55 p.m.65 views

CVE-2013-1293

The NTFS kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application that leverages improper handling o...

6.9CVSS6.5AI score0.00775EPSS
CVE
CVEadded 2015/07/14 9:59 p.m.65 views

CVE-2015-2374

The Netlogon service in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2 does not properly implement domain-controller communication, which allows remote attackers to discover credentials by leveraging certain PDC access and spoof...

3.3CVSS6.6AI score0.02079EPSS
CVE
CVEadded 2015/08/15 12:59 a.m.65 views

CVE-2015-2465

The Windows shell in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 does not properly constrain impersonation levels, which allows local users to gain privileges via a c...

2.1CVSS6.4AI score0.00613EPSS
CVE
CVEadded 2015/08/15 12:59 a.m.65 views

CVE-2015-2474

Microsoft Windows Vista SP2 and Server 2008 SP2 allow remote authenticated users to execute arbitrary code via a crafted string in a Server Message Block (SMB) server error-logging action, aka "Server Message Block Memory Corruption Vulnerability."

9CVSS7.3AI score0.34555EPSS
CVE
CVEadded 2015/09/09 12:59 a.m.65 views

CVE-2015-2513

Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted .jnt file, aka "Windows Journal RCE Vul...

9.3CVSS7.4AI score0.23095EPSS
CVE
CVEadded 2015/09/09 12:59 a.m.65 views

CVE-2015-2516

Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to cause a denial of service (data loss) via a crafted .jnt file, aka "Windows ...

4.3CVSS6.5AI score0.1678EPSS
CVE
CVEadded 2015/09/09 12:59 a.m.65 views

CVE-2015-2530

Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted .jnt file, aka "Windows Journal RCE Vul...

9.3CVSS7.4AI score0.23095EPSS
Total number of security vulnerabilities3407