Lucene search
K
MicrosoftWindows Server 2008*

686 matches found

CVE
CVE
added 2022/04/15 7:3 p.m.1487 views

CVE-2022-24521

CVE-2022-24521 is a Windows Windows Common Log File System Driver Privilege Escalation vulnerability. The CVE entry reports an elevation-of-privilege flaw in the CLFS driver; CVSS scores shown include a 2.0/2.0 base (MEDIUM) on NVD and a 3.1-based HIGH score from Microsoft, both indicating local ...

7.8CVSS8.9AI score0.07304EPSS
In wild
CVE
CVE
added 2022/04/15 7:5 p.m.1119 views

CVE-2022-26904

CVE-2022-26904 is a Windows User Profile Service Elevation of Privilege vulnerability. The issue is a race-condition–driven LPE in the User Profile Service, with attacker-controlled code execution at SYSTEM granted by bypasses and PoCs described in public sources. A Metasploit module exists for t...

7CVSS8.2AI score0.09817EPSS
In wild
CVE
CVE
added 2011/12/30 1:0 a.m.862 views

CVE-2011-3416

CVE-2011-3416 affects Microsoft .NET Framework's ASP.NET Forms Authentication, allowing remote authenticated users to obtain access to arbitrary user accounts via a crafted username. Affected: .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0. The issue is addressed by MS11-100; vulnerable...

8.5CVSS6AI score0.45576EPSS
CVE
CVE
added 2009/09/08 10:0 p.m.713 views

CVE-2009-3103

CVE-2009-3103 affects SMBv2 in srv2.sys on Windows Vista (Gold, SP1, SP2), Windows Server 2008 (Gold, SP2), and Windows 7 RC. Description and NSE/script references describe an out-of-bounds/array indexing issue in the SMB Negotiation protocol handling (ProcessID High header) that can allow remote...

10CVSS9.4AI score0.90121EPSS
CVE
CVE
added 2022/04/15 7:4 p.m.695 views

CVE-2022-26809

CVE-2022-26809 is a Windows RPC Runtime Remote Code Execution vulnerability. Public material in the connected documents indicates an unauthenticated remote attacker can trigger code execution by sending a crafted RPC call, with the real vulnerability located in OSF_CASSOCIATION::ProcessBindAckOrN...

10CVSS9.6AI score0.91316EPSS
CVE
CVE
added 2016/04/12 11:0 p.m.479 views

CVE-2016-0128

Technical details about CVE-2016-0128 are not provided in the connected documents. The initial description mentions Badlock affecting Windows SAM/LSAD, but no explicit exploit vectors, affected products, or fixes are given here. Monitor for updates.

6.8CVSS6.4AI score0.20877EPSS
CVE
CVE
added 2022/04/15 7:3 p.m.385 views

CVE-2022-24481

CVE-2022-24481 is a Windows Common Log File System Driver elevation-of-privilege vulnerability. The connected exploit reports describe a memory/counterpart corruption involving CLFS_CONTAINER_CONTEXT.pContainer that can be triggered from CClfsContainer::Close by modifying CLFS_BASE_RECORD_HEADER....

7.8CVSS8.6AI score0.17108EPSS
In wild
CVE
CVE
added 2012/03/13 9:0 p.m.351 views

CVE-2012-0002

CVE-2012-0002 is a Remote Desktop Protocol memory-processing vulnerability in affected Windows platforms (Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2/R2, Windows 7 SP1). The flaw permits remote code execution by sending specially crafted RDP packets tha...

9.3CVSS9.5AI score0.73924EPSS
CVE
CVE
added 2017/03/17 12:0 a.m.350 views

CVE-2017-0055

CVE-2017-0055 refers to a cross-site scripting (XSS) elevation-of-privilege vulnerability in Microsoft Internet Information Services (IIS). The issue affects IIS on multiple Windows platforms (Vista through Windows Server 2016) and allows a remote attacker to craft a request that can execute scri...

6.1CVSS5.4AI score0.16369EPSS
CVE
CVE
added 2011/11/08 9:0 p.m.327 views

CVE-2011-2016

CVE-2011-2016 describes an untrusted search path vulnerability in Windows Mail and Windows Meeting Space, affecting Windows Vista SP2, Windows Server 2008 SP2, R2 and R2 SP1, and Windows 7 (Gold and SP1). The root cause is loading a Trojan horse DLL from the current working directory when opening...

9.3CVSS6.4AI score0.08103EPSS
CVE
CVE
added 2022/04/15 7:3 p.m.298 views

CVE-2022-24500

CVE-2022-24500 is a Windows SMB Remote Code Execution vulnerability. Connected exploit posts provide concrete steps and code to launch a Windows SMB-based RCE, requiring the target to interact with a malicious server/share over SMB (port 445). The GitHub exploits illustrate an end-to-end chain (d...

8.8CVSS9.4AI score0.38165EPSS
CVE
CVE
added 2022/04/15 7:3 p.m.289 views

CVE-2022-24528

CVE-2022-24528 is a Remote Code Execution vulnerability in Windows RPC Runtime. It is a network-exposed issue affecting the Windows RPC runtime, with a high-severity impact (C/H/I/A: high) per CVSS v3.1 (8.8) and a medium base score (6.8) in CVSS v2. The CVSS v3.1 vector indicates network access,...

8.8CVSS9.4AI score0.02435EPSS
CVE
CVE
added 2018/05/09 7:0 p.m.287 views

CVE-2018-8166

The CVE-2018-8166 entry is supported by connected documents describing a Win32k privilege-escalation vulnerability in Windows where the Win32k component mishandles objects in memory, allowing local kernel-mode code execution if exploited. Affected products span multiple Windows versions (e.g., Wi...

7CVSS7.4AI score0.01169EPSS
In wild
CVE
CVE
added 2018/05/09 7:0 p.m.284 views

CVE-2018-8164

CVE-2018-8164 is a Win32k privilege-escalation vulnerability in Windows where the Win32k component fails to properly handle objects in memory. Affected are multiple Windows releases (server and client SKUs listed in the CVE entry). The connected documents corroborate a kernel-mode elevation of pr...

7.8CVSS7.4AI score0.01424EPSS
In wild
CVE
CVE
added 2017/05/12 2:0 p.m.269 views

CVE-2017-0214

CVE-2017-0213 is a Windows Privilege Escalation flaw in the COM Aggregate Marshaler. Reports confirm it enables local elevation of privilege when a specially crafted app is run, affecting Windows client and server SKUs listed in the CVE description. Several connected sources document exploitation...

7CVSS5.9AI score0.03457EPSS
In wild
CVE
CVE
added 2009/10/14 10:0 a.m.268 views

CVE-2009-2524

CVE-2009-2524 refers to an Integer Overflow in LSASS during NTLM authentication in multiple Windows versions. A malformed NTLM packet can cause LSASS to crash and reboot the host, i.e., a denial-of-service condition. Affected software includes Windows XP SP2/SP3, Windows Server 2003 SP2, Windows ...

7.8CVSS6.5AI score0.28261EPSS
CVE
CVE
added 2016/04/12 11:0 p.m.263 views

CVE-2016-0143

CVE-2016-0143 is a Windows Win32k Privilege Escalation vulnerability in the kernel-mode driver (win32k.sys) affecting multiple Windows versions (Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, 8.1, 2012, RT 8.1, Windows 10 Gold/1511). Root cause: improper handling of objects in memory within the Wi...

7.8CVSS6.8AI score0.03596EPSS
In wild
CVE
CVE
added 2016/08/09 9:0 p.m.260 views

CVE-2016-3308

Technical details for CVE-2016-3308 are not publicly available in the provided documents; monitor for updates.

7.8CVSS7.5AI score0.06418EPSS
In wild
CVE
CVE
added 2017/03/17 12:0 a.m.259 views

CVE-2017-0025

Technical details such as affected products, vulnerable components, impact, and remediation for CVE-2017-0025 are not provided in the connected documents; no publicly disclosed specifics are included here. Monitor for updates.

7.8CVSS6.2AI score0.01835EPSS
In wild
CVE
CVE
added 2017/11/15 3:0 a.m.259 views

CVE-2017-11835

CVE-2017-11835 affects the Microsoft Windows Embedded OpenType (EOT) font engine. The vulnerability exists in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, where specially crafted embedded fonts parsed by the EOT font engine can allow a local attacker who logs on and opens a document to read...

5.5CVSS4.7AI score0.02384EPSS
CVE
CVE
added 2017/03/17 12:0 a.m.253 views

CVE-2017-0047

Technical details about CVE-2017-0047 are not provided in the connected documents. Public information in the Initial Description is limited to an overview; monitor for updates.

7.8CVSS6.2AI score0.01858EPSS
In wild
CVE
CVE
added 2017/07/11 9:0 p.m.244 views

CVE-2017-8563

CVE-2017-8563 is an elevation-of-privilege vulnerability in Windows where Kerberos can fall back to NTLM as the default authentication protocol. The issue is exposed via LDAP/NTLM negotiation and can enable domain‑level credential abuse if NTLM relay occurs. Public documentation notes that follow...

8.1CVSS7.1AI score0.07176EPSS
CVE
CVE
added 2011/04/13 6:0 p.m.234 views

CVE-2011-0657

CVE-2011-0657 affects the DNSAPI.dll DNS client in multiple Windows platforms (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2/R2, Windows 7 SP1). Root cause: improper processing of DNS queries by the DNS client, enabling remote attackers to run arbitrary code via (1) a crafted L...

9.8CVSS7.6AI score0.63335EPSS
CVE
CVE
added 2016/08/09 9:0 p.m.230 views

CVE-2016-3311

CVE-2016-3311 is a Windows kernel-mode driver elevation of privilege vulnerability affecting multiple Windows versions (Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, 8.1, Server 2012, Windows RT 8.1, and Windows 10 variants). The issue arises in Win32k kernel components where a crafted applicatio...

7.8CVSS7.5AI score0.01528EPSS
In wild
CVE
CVE
added 2013/09/11 10:0 a.m.226 views

CVE-2013-0810

CVE-2013-0810 affects Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP2, and Windows Server 2008 SP2. Attackers could trigger remote code execution by delivering a crafted theme file containing a malicious screensaver. The root cause is improper handling of screensaver/theme data, al...

9.3CVSS7.7AI score0.59885EPSS
Web
CVE
CVE
added 2022/04/15 7:5 p.m.226 views

CVE-2022-26903

Technical details about CVE-2022-26903 (affected components, root cause, impact, and fixes) are not provided in the supplied documents. Monitor for updates from Microsoft and CVE databases for official disclosures and remediation information.

9.3CVSS8.8AI score0.02516EPSS
CVE
CVE
added 2016/08/09 9:0 p.m.220 views

CVE-2016-3310

CVE-2016-3310 is a Win32k Elevation of Privilege vulnerability affecting multiple Windows versions. The issue arises in kernel‑mode drivers where improper handling of memory objects enables a local user to execute code with SYSTEM privileges via a crafted application. This is a local, non‑authent...

7.8CVSS7.5AI score0.02628EPSS
In wild
CVE
CVE
added 2009/11/11 7:0 p.m.218 views

CVE-2009-2512

CVE-2009-2512 describes a remote code execution vulnerability in Microsoft Windows WSDAPI (Web Services on Devices API) affecting Windows Vista (Gold, SP1, SP2) and Windows Server 2008 (Gold, SP2). The root cause is memory corruption due to improper processing/validation of WSD message headers (M...

9.8CVSS7.3AI score0.31215EPSS
CVE
CVE
added 2013/08/14 10:0 a.m.216 views

CVE-2013-3175

CVE-2013-3175 is a Windows elevation-of-privilege issue in the handling of asynchronous RPC requests. Affected products include Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT. Root cause...

10CVSS7.5AI score0.27538EPSS
CVE
CVE
added 2022/04/15 7:2 p.m.215 views

CVE-2022-21983

CVE-2022-21983 is a Win32 Stream Enumeration Remote Code Execution vulnerability. The connected sources show an in-scope CVE with a network attack vector and high impact: CVSSv3.1 base score 7.5 (HIGH), with no authentication (NONE) and user interaction required (REQUIRED); confidentiality, integ...

7.5CVSS8.7AI score0.01936EPSS
CVE
CVE
added 2022/04/15 7:5 p.m.213 views

CVE-2022-26831

CVE-2022-26831 : Windows LDAP Denial of Service vulnerability. The vulnerability is described as a Windows LDAP DoS issue with a Network attack vector (no user interaction) and a high-impact on availability (per CVSS v3.1: 7.5, HIGH; CVSS v2: 5.0, MEDIUM). Connected sources confirm the Windows LD...

7.5CVSS8.4AI score0.02973EPSS
CVE
CVE
added 2009/07/29 5:0 p.m.210 views

CVE-2009-2493

CVE-2009-2493 : Microsoft’s ATL vulnerability enables remote code execution when a user loads a specially crafted component/control hosted on a malicious page. The issue is described in MS09-037 (ATL vulnerabilities) and is addressed by Microsoft security bulletin updates; affected products inclu...

9.3CVSS7.2AI score0.43389EPSS
CVE
CVE
added 2010/04/14 3:44 p.m.210 views

CVE-2010-0480

CVE-2010-0480 is a remote code execution vulnerability in Microsoft MPEG Layer-3 codecs. The issue arises from multiple stack-based buffer overflows in the MPEG Layer-3 audio decoders (l3codecx.ax and related ACM codecs) when processing crafted AVI files, affecting Windows 2000 SP4, XP SP2/SP3, S...

9.3CVSS7.5AI score0.67888EPSS
Web
CVE
CVE
added 2022/04/15 7:3 p.m.204 views

CVE-2022-24492

CVE-2022-24492 is a Remote Code Execution vulnerability in Windows RPC Runtime. The connected Akamai blog notes that Windows RPC-related RCE vulnerabilities were patched in Microsoft’s April 2022 Patch Tuesday, including CVE-2022-24492, with patches issued as part of the Windows security updates....

9.3CVSS9.4AI score0.02916EPSS
CVE
CVE
added 2017/07/11 9:0 p.m.201 views

CVE-2017-8582

CVE-2017-8582 affects the HTTP.sys server component in multiple Windows editions. The vulnerability arises from the component’s improper handling of in-memory objects, enabling a remote, unauthenticated attacker to obtain information and potentially facilitate further compromise. The impact is an...

5.9CVSS5.7AI score0.08294EPSS
CVE
CVE
added 2022/04/15 7:3 p.m.195 views

CVE-2022-24530

CVE-2022-24530 is a Windows Installer Elevation of Privilege vulnerability. The NVD entry lists a CVSSv3.1 base score of 7.8 (LOCAL, LOW privileges required, UI NONE, S C changed, impact: HIGH on confidentiality, integrity, and availability). It reflects a local privilege escalation in the Window...

7.8CVSS8.6AI score0.00518EPSS
CVE
CVE
added 2022/04/15 7:4 p.m.194 views

CVE-2022-26801

CVE-2022-26801 is a Windows Print Spooler Elevation of Privilege vulnerability (Local, Low attack complexity; no user interaction required per description). The connected documents show confirmed details on the vulnerability’s existence and CVSS metrics (CVSS 3.1 base score 7.8; confidentiality/i...

7.8CVSS8.6AI score0.0078EPSS
CVE
CVE
added 2017/08/08 9:0 p.m.192 views

CVE-2017-0174

CVE-2017-0174 is a Windows NetBIOS Denial of Service vulnerability. Exploitation involves sending malformed NetBIOS packets to affected Windows versions (Windows 7/8.1/10, Windows Server 2008-2016 and related). The underlying cause is improper handling within the Windows NetBIOS/network stack, al...

6.5CVSS6.9AI score0.0258EPSS
CVE
CVE
added 2017/05/12 2:0 p.m.192 views

CVE-2017-0272

CVE-2017-0272 affects the Microsoft Windows SMBv1 server on Windows clients/servers (Windows 7/8.1, Windows Server 2008 SP2/R2 SP1, 2012, 2016, 10 versions etc.). Root cause: the SMBv1 server mishandles certain requests, enabling remote code execution by a remote attacker. Impact is high (remote ...

9.3CVSS7.7AI score0.17121EPSS
CVE
CVE
added 2010/04/14 3:44 p.m.191 views

CVE-2010-0270

The CVE-2010-0270 entry describes a remote code execution/memory corruption vulnerability in the SMB client of Windows 7 and Windows Server 2008 R2. The SMB client fails to properly validate fields in SMB responses (SMB transaction responses), for both SMBv1 and SMBv2, allowing remote SMB servers...

10CVSS7.7AI score0.48188EPSS
CVE
CVE
added 2022/04/15 7:3 p.m.189 views

CVE-2022-24474

Technical details about CVE-2022-24474 are not publicly available in the provided documents; no affected products, versions, or fixes are specified here. Monitor for updates.

7.8CVSS8.6AI score0.06701EPSS
CVE
CVE
added 2022/04/15 7:3 p.m.189 views

CVE-2022-24499

Technical details about CVE-2022-24499 are not provided in the connected documents; public specifics (affected products, root cause, exploit info, or remediation) are not available here. Monitor for updates.

7.8CVSS8.6AI score0.00963EPSS
CVE
CVE
added 2008/09/16 11:0 p.m.188 views

CVE-2008-4114

The CVE-2008-4114 issue affects the Windows SMB SRV.SYS driver (WriteAndX handling) across multiple Windows platforms (Windows 2000 SP4, XP SP2/SP3, Server 2003 SP1/SP2, Vista Gold/SP1, Server 2008). The vulnerability arises from insufficient validation of the SMB WRITE_ANDX DataOffset, which can...

7.1CVSS7.4AI score0.49275EPSS
CVE
CVE
added 2016/02/10 11:0 a.m.187 views

CVE-2016-0051

CVE-2016-0051 is a local privilege-escalation vulnerability in the Windows WebDAV client. The issue stems from the WebDAV client’s handling of crafted input, allowing a local attacker to gain SYSTEM-level privileges on affected Vista/7/8.1/2012/RT/10 variants with the WebDAV component (WebDAV cli...

7.8CVSS7.5AI score0.23383EPSS
CVE
CVE
added 2013/01/09 6:0 p.m.185 views

CVE-2013-0007

CVE-2013-0007 impacts Microsoft XML Core Services (MSXML) versions 4.0–6.0. A parsing fault in MSXML can allow remote code execution when a user visits a crafted web page (MSXML XSLT vulnerability). Affected components include MSXML DLLs; root cause is improper XML content parsing. Mitigation is ...

9.3CVSS7.5AI score0.31574EPSS
CVE
CVE
added 2012/03/13 9:0 p.m.183 views

CVE-2012-0006

CVE-2012-0006 affects Microsoft Windows DNS Server (Server 2003 SP2, 2008 SP2, R2, R2 SP1). The vulnerability arises from improper handling of in-memory objects during resource-record lookups, which can be triggered by a crafted DNS query, enabling a remote attacker to cause a denial-of-service c...

5CVSS6.3AI score0.31083EPSS
CVE
CVE
added 2012/08/15 1:0 a.m.182 views

CVE-2012-1851

CVE-2012-1851 is a format string vulnerability in the Windows Print Spooler service that allows remote code execution. Affected: Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, and Windows 7 SP1. Root cause: Print Spooler mishandles crafted response...

10CVSS7.5AI score0.65637EPSS
CVE
CVE
added 2010/09/15 6:0 p.m.180 views

CVE-2010-2729

CVE-2010-2729 is a remote code execution vulnerability in the Windows Print Spooler service. It stems from insufficient validation of spooler access permissions, allowing a remote attacker to create files in a system directory and execute arbitrary code by sending a crafted print request over RPC...

9.3CVSS9.2AI score0.75636EPSS
Web
CVE
CVE
added 2012/05/09 12:0 a.m.177 views

CVE-2012-0159

CVE-2012-0159 is a kernel-level remote code execution vulnerability in Microsoft Windows related to TrueType font parsing. The root cause is a sign extension error in the kernel’s handling of TrueType compound glyphs within win32k.sys, which can be triggered by a crafted TTF file. Affected produc...

9.3CVSS7.4AI score0.26816EPSS
CVE
CVE
added 2012/12/12 12:0 a.m.174 views

CVE-2012-4786

CVE-2012-4786 affects Windows kernel-mode drivers handling TrueType/OpenType font parsing. The advisory set shows remote code execution via crafted TTF/OTF files affecting Windows XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, Windows 8, Server 2012, and RT. Root cause...

10CVSS7.4AI score0.24213EPSS
Total number of security vulnerabilities686