Lucene search
+L
MicrosoftWindows Server 2008*

686 matches found

CVE
CVE
added 2011/11/08 9:0 p.m.174 views

CVE-2011-2014

The CVE-2011-2014 entry concerns LDAPS in Active Directory, ADAM, and AD LDS where the LDAPS implementation does not check Certificate Revocation Lists (CRLs). Affected products include Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2/R2/R2 SP1, and Windows ...

9CVSS6.2AI score0.10965EPSS
CVE
CVE
added 2022/04/15 7:4 p.m.174 views

CVE-2022-26810

Technical details about CVE-2022-26810 are not provided in the supplied connected documents. No explicit affected products/versions, root cause, or fixes are described here. Monitor for updates from official sources.

7.8CVSS8.6AI score0.0057EPSS
CVE
CVE
added 2022/04/15 7:4 p.m.173 views

CVE-2022-26796

Technical details about CVE-2022-26796 are not provided in the connected documents; no product/version/root-cause/fix information is available here. Monitor for updates.

7.8CVSS8.6AI score0.0078EPSS
CVE
CVE
added 2012/01/10 9:0 p.m.169 views

CVE-2012-0013

CVE-2012-0013 is a remote-code-execution vulnerability in the Windows PackagerClickOnce handling: ClickOnce file types are not included in the Windows Packager unsafe file type list, allowing an attacker to execute arbitrary code via a crafted Office document. Affected OSes include Windows XP SP2...

9.3CVSS7.4AI score0.73753EPSS
CVE
CVE
added 2010/04/14 3:44 p.m.168 views

CVE-2010-0476

CVE-2010-0476 is a remote code-execution vulnerability in the Microsoft SMB client. The issue occurs when the SMB client implementation on Windows platforms (including Windows Server 2003 SP2, Windows Vista SP1/SP2, and Windows Server 2008 SP2) improperly parses or handles certain crafted SMB res...

10CVSS7.7AI score0.3433EPSS
CVE
CVE
added 2013/06/12 1:0 a.m.168 views

CVE-2013-3138

CVE-2013-3138 is a denial-of-service vulnerability arising from an integer overflow in the TCP/IP kernel-mode driver. The affected software set includes Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8; Windows Server 2012; Windows RT. An attacker can cause a system...

7.1CVSS6.7AI score0.5937EPSS
CVE
CVE
added 2012/11/14 12:0 a.m.167 views

CVE-2012-1527

CVE-2012-1527 corresponds to Windows Shell Briefcase Integer Underflow. The vulnerability arises from an integer underflow in the Briefcase feature of Windows Shell, enabling local privilege escalation for affected Windows editions (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Wind...

9.3CVSS6.4AI score0.18163EPSS
CVE
CVE
added 2018/02/15 2:0 a.m.167 views

CVE-2018-0742

Technical details (affected product/versions/root cause/fix) are not publicly available in the provided documents. Monitor for updates from trusted sources.

7.8CVSS5.5AI score0.01266EPSS
CVE
CVE
added 2012/01/10 9:0 p.m.166 views

CVE-2012-0004

CVE-2012-0004 affects Microsoft Windows via the DirectShow/DirectX stack (Quartz.dll, Qdvd.dll, Line21 DirectShow filter) and related components. The vulnerability allows remote attackers to execute arbitrary code by delivering a crafted media file, due to improper handling within DirectShow filt...

9.3CVSS8AI score0.22547EPSS
CVE
CVE
added 2013/09/11 10:0 a.m.166 views

CVE-2013-3868

CVE-2013-3868 affects Microsoft Active Directory Lightweight Directory Service (AD LDS) and Active Directory Services across Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8, and Server 2012. The vulnerability allows remote attackers to trigger a denial of service (LDAP...

5CVSS6.5AI score0.38293EPSS
CVE
CVE
added 2013/01/09 6:0 p.m.165 views

CVE-2013-0013

The CVE-2013-0013 issue affects the Windows SSL/TLS stack: multiple Windows versions (Vista SP2, Server 2008 SP2/R2 and SP1, Windows 7, 8, Server 2012, Windows RT) have a flaw in the SSL provider that mishandles encrypted packets, enabling a man-in-the-middle to downgrade SSLv2 and intercept hand...

5.8CVSS6.3AI score0.06351EPSS
CVE
CVE
added 2017/07/11 9:0 p.m.163 views

CVE-2017-0170

CVE-2017-0170 is an information-disclosure flaw in Windows Performance Monitor Console where XML input is parsed unsafely, allowing an XML external entity (XXE) to read arbitrary files. Affected are Windows versions listed in the CVE description (Windows 7/8.1/10, Windows Server variants, and Win...

6.5CVSS6.1AI score0.06666EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.162 views

CVE-2009-2500

This CVE corresponds to MS09-062: GDI+ WMF Integer Overflow Vulnerability. Affected are Microsoft GDI+ image-processing paths used by WMF, PNG, TIFF, BMP handling across Windows components and Office/Viewer products (e.g., IE6, Office suites, Visio, Project, SQL/Report Viewer, Forefront Client Se...

9.3CVSS7.9AI score0.23647EPSS
CVE
CVE
added 2022/04/15 7:3 p.m.161 views

CVE-2022-24494

CVE-2022-24494 refers to a Windows vulnerability in the Windows Ancillary Function Driver for WinSock that allows Elevation of Privilege. The issue is a Local attack requiring Low privileges with no user interaction, and is described as affecting Confidentiality, Integrity, and Availability (per ...

7.8CVSS8.6AI score0.01843EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.160 views

CVE-2009-2526

The CVE-2009-2526 family affects Windows Vista (Gold, SP1, SP2) and Windows Server 2008 (Gold/SP2) SMBv2 by failing to validate fields in SMBv2 packets, causing a denial of service (infinite loop) via crafted packets to the Server service. Related CVEs (CVE-2009-2532 and CVE-2009-3103) cover SMBv...

7.8CVSS6.3AI score0.81891EPSS
CVE
CVE
added 2009/04/15 3:49 a.m.159 views

CVE-2009-0086

CVE-2009-0086 describes an integer underflow in Windows HTTP Services (WinHTTP) that allows remote code execution when a remote server sends crafted values in a response. The vulnerability affects multiple Windows versions, including Windows 2000 SP4, XP SP2/SP3, Server 2003 SP1/SP2, Vista (Gold/...

10CVSS7.5AI score0.1415EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.158 views

CVE-2009-2528

CVE-2009-2528 is a memory corruption vulnerability in GDI+ used by Microsoft Office XP/2000 when parsing Office Art Property Tables. A crafted Office document can trigger remote code execution. Microsoft Security Bulletin MS09-062 (KB957488) provides patches; apply the MS09-062 updates to remedia...

9.3CVSS7.2AI score0.20452EPSS
CVE
CVE
added 2011/10/12 1:0 a.m.158 views

CVE-2011-2003

CVE-2011-2003 : A buffer overflow in win32k.sys used by kernel-mode drivers across multiple Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows 7 RTM/SP1) can be triggered by a crafted .fon file. The vulnerability arises from an input validation error when the ke...

9.3CVSS7.6AI score0.27772EPSS
CVE
CVE
added 2017/05/12 2:0 p.m.157 views

CVE-2017-0277

CVE-2017-0277 describes a remote code execution vulnerability in the Microsoft Windows SMBv1 server. The SMBv1 service on affected Windows versions (Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold/R2, Windows RT 8.1, Windows 10 1511/1607/1703, Windows Server 2...

7CVSS7.7AI score0.1085EPSS
CVE
CVE
added 2013/02/13 11:0 a.m.156 views

CVE-2013-0077

The CVE-2013-0077 issue concerns Quartz.dll in DirectShow on Windows platforms (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2). A remote attacker can trigger arbitrary code execution by processing crafted media content (media file, media stream, or an Office document). The vulnerability...

9.3CVSS7.5AI score0.24242EPSS
CVE
CVE
added 2016/11/10 6:16 a.m.155 views

CVE-2016-7212

CVE-2016-7212 affects multiple Windows versions (Vista SP2, Server 2008 SP2/R2 SP1, 7 SP1, 8.1, 2012 Gold/R2, RT 8.1, 10 up to 1607, and Server 2016) where a crafted image file can lead to remote code execution. Root cause: improper handling in the Windows image load feature. Impact is remote cod...

9.3CVSS8AI score0.69829EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.154 views

CVE-2009-3126

CVE-2009-3126 corresponds to the GDI+ PNG Integer Overflow vulnerability described in MS09-062. The issue arises from an integer overflow in GDI+ when processing PNG images, which could allow remote code execution if a user opens a specially crafted image. The vulnerability affects a wide range o...

9.3CVSS9.7AI score0.23461EPSS
CVE
CVE
added 2010/02/10 6:0 p.m.154 views

CVE-2010-0231

CVE-2010-0231 involves the SMB server’s NTLM authentication on Windows 2000/XP/2003/Vista/Server 2008/7 where insufficient entropy in server-generated challenges (duplicate NTLM nonces) allows remote attackers to access files and SMB resources after many authentication requests. Root cause: weak ...

10CVSS9AI score0.41262EPSS
CVE
CVE
added 2011/12/30 1:0 a.m.154 views

CVE-2011-3414

CVE-2011-3414 concerns a denial-of-service in the Microsoft .NET Framework ASP.NET HashTable mapping. The vulnerability arises from the CaseInsensitiveHashProvider.getHashCode function used by the HashTable implementation across .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, which can ...

7.8CVSS6.4AI score0.58895EPSS
CVE
CVE
added 2012/07/10 9:0 p.m.152 views

CVE-2012-0175

CVE-2012-0175 corresponds to a Windows Shell remote code execution vulnerability caused by how Windows handles specially crafted file or directory names. The issue affects multiple Windows editions, including Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2/...

9.3CVSS7.8AI score0.2621EPSS
CVE
CVE
added 2017/04/12 2:0 p.m.152 views

CVE-2017-0158

CVE-2017-0158 is a Windows scripting engine memory corruption vulnerability. The issue arises from improper handling/sanitization of in-memory handles in the Scripting Engine, enabling remote code execution when a user visits a malicious site or opens a crafted document. Affected platforms includ...

7.6CVSS7.5AI score0.12558EPSS
CVE
CVE
added 2017/10/13 1:0 p.m.152 views

CVE-2017-11780

CVE-2017-11780 is a remote code execution vulnerability in the Microsoft Windows Server Message Block 1.0 (SMBv1) server. The issue occurs when SMBv1 fails to handle certain requests, allowing an unauthenticated attacker to execute code on the target server over the network. Affected products inc...

7CVSS8.4AI score0.09961EPSS
CVE
CVE
added 2013/08/14 10:0 a.m.150 views

CVE-2013-3183

Microsoft Windows ICMPv6 Packet Denial of Service (CVE-2013-3183) affects multiple Windows platforms (Vista SP2, 2008 SP2/R2 SP1, 7 SP1, 8, 2012, RT) where the TCP/IP stack improperly allocates memory for inbound ICMPv6 packets, causing remote denial of service (system hang) via crafted packets. ...

7.8CVSS6.5AI score0.80473EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.150 views

CVE-2017-0161

CVE-2017-0161 is a Windows NetBT Session Services vulnerability described as a race condition when NetBT fails to maintain certain sequencing requirements, enabling a remote code execution in affected Windows releases. The CVE is present in Windows 7/8.1/10 and server SKUs listed in the initial d...

8.1CVSS7.7AI score0.11229EPSS
CVE
CVE
added 2015/03/11 10:0 a.m.149 views

CVE-2015-0005

CVE-2015-0005 (NETLOGON Spoofing Vulnerability) affects Windows as a domain controller feature: the NETLOGON service on Windows Server 2003 SP2, 2008 SP2 and R2 SP1, and Windows Server 2012 Gold/R2, when configured as a Domain Controller, can be abused by remote attackers to spoof the computer na...

4.3CVSS6.3AI score0.18171EPSS
CVE
CVE
added 2009/09/08 10:0 p.m.148 views

CVE-2009-1926

CVE-2009-1926 describes a TCP/IP processing vulnerability in Microsoft Windows that can cause a denial of service by flooding a host with specially crafted TCP packets featuring a small or zero receive window. The issue occurs when connections remain in FIN-WAIT-1 or FIN-WAIT-2 and the sender doe...

7.8CVSS6.4AI score0.35042EPSS
Web
CVE
CVE
added 2010/02/10 6:0 p.m.148 views

CVE-2010-0020

CVE-2010-0020 concerns a flaw in the SMB server implementation of Windows: the Server service fails to validate request fields, enabling a remote authenticated user to execute arbitrary code via a malformed SMB request. Affected platforms include Windows 2000 SP4, XP SP2/SP3, Server 2003 SP2, Vis...

9CVSS7.1AI score0.32032EPSS
CVE
CVE
added 2012/12/12 12:0 a.m.148 views

CVE-2012-4774

CVE-2012-4774 is a Windows File Handling Component vulnerability. A crafted file or subfolder name can trigger use of unallocated memory as the destination of a copy operation, enabling remote code execution on affected Windows XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, and Windo...

9.3CVSS7.5AI score0.20766EPSS
CVE
CVE
added 2009/01/14 10:0 p.m.147 views

CVE-2008-4834

CVE-2008-4834 corresponds to a buffer overflow in the Server service of Microsoft Windows SMB handling. Affected products include Windows 2000 SP4, XP SP2/SP3, and Windows Server 2003 SP1/SP2. The root cause is improper validation of SMB NT Trans request data, allowing remote attackers to craft m...

10CVSS8.4AI score0.45756EPSS
CVE
CVE
added 2009/08/12 5:0 p.m.147 views

CVE-2009-1930

The CVE-2009-1930 entry describes a Telnet Credential Reflection vulnerability in Windows Telnet service. A remote attacker could trigger arbitrary code execution by replaying NTLM credentials from a client to the Telnet server. Affected products include Windows 2000 (SP4), XP (SP2/SP3), Server 2...

10CVSS7.5AI score0.41388EPSS
CVE
CVE
added 2017/02/20 4:0 p.m.145 views

CVE-2017-0038

The connected material describes a Windows IO Manager bug class (two-step: kernel-mode Initiator sets INPC and IFAC without OFAC; Receiver uses RequestorMode) that can bypass security checks and enable privilege escalation. It clarifies that INPC disables MemAC and SecAC, while OFAC can re-enable...

5.5CVSS4.7AI score0.821EPSS
CVE
CVE
added 2012/02/14 10:0 p.m.144 views

CVE-2012-0150

CVE-2012-0150 describes a buffer overflow in the C runtime library (msvcrt.dll) used by multiple Windows versions (Vista SP2, Server 2008 SP2/R2, Windows 7/7 SP1). The vulnerability arises when parsing a crafted media file, copying a version string into a fixed-length stack buffer, allowing remot...

9.3CVSS7.8AI score0.24272EPSS
CVE
CVE
added 2017/07/11 9:0 p.m.144 views

CVE-2017-8565

CVE-2017-8565 is a Windows PowerShell remote code execution vulnerability triggered when PSObject wraps a CIM Instance. Connected sources describe in detail that deserialization via PSObject, LosFormatter, ObjectStateFormatter (and related gadget chains) can enable remote code execution in PowerS...

9.3CVSS7.3AI score0.17522EPSS
CVE
CVE
added 2009/01/14 10:0 p.m.142 views

CVE-2008-4835

CVE-2008-4835 affects Microsoft Windows SMB Server service across Windows 2000 SP4, XP SP2/SP3, Server 2003 SP1/SP2, Vista SP1/Gold, and Server 2008. The root cause is insufficient validation of buffer size for malformed values inside NT Trans2 SMB requests, enabling remote code execution. The vu...

10CVSS8.2AI score0.44925EPSS
CVE
CVE
added 2010/08/11 6:0 p.m.141 views

CVE-2010-2550

CVE-2010-2550 affects the SMB Server in multiple Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 SP2/R2, Windows 7). The root cause is improper validation of fields in an SMB request, allowing remote code execution via a crafted SMB packet (aka “SMB Pool Overflow Vulnera...

10CVSS9.3AI score0.7572EPSS
CVE
CVE
added 2016/11/10 6:16 a.m.141 views

CVE-2016-0026

Technical details about CVE-2016-0026 are not publicly provided in the supplied documents; no specific affected products or fixes are described. Monitor for updates.

9.3CVSS7.5AI score0.06767EPSS
CVE
CVE
added 2010/12/16 7:0 p.m.140 views

CVE-2010-3956

CVE-2010-3956 concerns the OpenType Font (OTF) driver in multiple Windows platforms (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2/R2, and Windows 7). The vulnerability arises from an error in indexing an array when parsing OpenType fonts, enabling a local privilege escalation....

9.3CVSS6.3AI score0.08274EPSS
CVE
CVE
added 2011/12/30 7:0 p.m.140 views

CVE-2011-5046

CVE-2011-5046 affects the Windows kernel component win32k.sys (GDI) across multiple OS versions (XP SP2/3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows 7 Gold/SP1). The issue arises from improper validation of user-mode input in GDI, enabling remote attackers to execute arbitrary code ...

9.3CVSS7.7AI score0.45457EPSS
CVE
CVE
added 2018/05/09 7:0 p.m.140 views

CVE-2018-8167

CVE-2018-8167 is a Windows CLFS driver elevation of privilege vulnerability. The issue arises when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. Affected products/versions include Windows 7, Windows Server 2008/2008 R2/2012/2012 R2, Windows 8.1, Windows 10...

7CVSS7.3AI score0.01074EPSS
CVE
CVE
added 2022/04/15 7:3 p.m.140 views

CVE-2022-24485

Technical details about CVE-2022-24485 are not provided in the connected documents. No affected product/version information or exploit specifics are available here. Monitor for official updates and vendor advisories.

7.5CVSS8.7AI score0.01604EPSS
CVE
CVE
added 2013/01/09 6:0 p.m.139 views

CVE-2013-0006

CVE-2013-0006 is associated with OSIsoft PI Interface for OPC XML-DA (ICS advisory ICSA-20-315-01) and Microsoft MSXML/MS13-002 context. Connected documents identify the affected product as PI Interface for OPC XML-DA versions prior to 1.7.3.x, where the vulnerability stems from numeric errors/st...

9.3CVSS7.5AI score0.28084EPSS
CVE
CVE
added 2022/04/15 7:4 p.m.139 views

CVE-2022-26802

CVE-2022-26802 refers to a Windows Print Spooler elevation-of-privilege vulnerability. The provided documents identify the affected component as Windows Print Spooler and classify the exploit as a local, privilege-escalation issue (local attack vector; no user interaction required). CVSS data in ...

7.8CVSS8.6AI score0.0078EPSS
CVE
CVE
added 2012/11/14 12:0 a.m.138 views

CVE-2012-1528

CVE-2012-1528 is a Windows Shell vulnerability originating from an integer overflow in the Briefcase feature. The flaw affects multiple Windows client/server platforms (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008/R2 SP, Windows 7 SP1, Windows 8, Server 2012) and can let local users gain p...

9.3CVSS6.6AI score0.18163EPSS
CVE
CVE
added 2012/10/09 9:0 p.m.138 views

CVE-2012-2551

CVE-2012-2551 is a Kerberos denial-of-service vulnerability affecting Microsoft Windows 7 (including SP1) and Windows Server 2008 R2 (including R2 SP1). The issue is described as a remote denial of service via a crafted Kerberos session request that triggers a NULL pointer dereference, potentiall...

5CVSS6.4AI score0.27476EPSS
CVE
CVE
added 2017/05/12 2:0 p.m.137 views

CVE-2017-0269

CVE-2017-0269 is a Windows SMBv1 denial-of-service vulnerability: the SMBv1 server may stop responding when it receives specially crafted requests. The issue is tied to handling of SMBv1 traffic (no explicit exploit details in the provided docs). Affected context is Windows SMBv1 processing; pote...

5.9CVSS6.2AI score0.06465EPSS
Total number of security vulnerabilities686