Lucene search
+L
MicrosoftWindows Server 2008*

686 matches found

CVE
CVE
added 2016/08/09 9:0 p.m.137 views

CVE-2016-3304

CVE-2016-3304 is the Windows Graphics Component remote code‑execution vulnerability where the Windows font library improperly handles crafted embedded fonts, affecting Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Office 2007 SP3/2010 SP2, Word Viewer, Skype for Business 2016,...

9.3CVSS7.8AI score0.50506EPSS
CVE
CVE
added 2017/05/12 2:0 p.m.137 views

CVE-2017-0269

CVE-2017-0269 is a Windows SMBv1 denial-of-service vulnerability: the SMBv1 server may stop responding when it receives specially crafted requests. The issue is tied to handling of SMBv1 traffic (no explicit exploit details in the provided docs). Affected context is Windows SMBv1 processing; pote...

5.9CVSS6.2AI score0.06465EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.137 views

CVE-2017-8676

CVE-2017-8676 is an information disclosure vulnerability in the Windows GDI+ component. The NVD entry describes that an authenticated attacker can retrieve information from the targeted system by presenting a specially crafted application, affecting a wide range of Windows versions (Windows clien...

3.3CVSS4.9AI score0.1404EPSS
CVE
CVE
added 2022/04/15 7:4 p.m.137 views

CVE-2022-26798

Technical details about CVE-2022-26798 are not publicly available in the provided connected documents. The initial description notes a Windows Print Spooler Elevation of Privilege vulnerability, but there are no specific vendor/product/version/root-cause/fix details in the supplied materials. Mon...

7.8CVSS8.6AI score0.00835EPSS
CVE
CVE
added 2018/02/15 2:0 a.m.136 views

CVE-2018-0825

CVE-2018-0825 corresponds to a Microsoft StructuredQuery remote code execution vulnerability. According to the CNVD entry, it exists in Microsoft Windows’ StructuredQuery component and stems from improper handling of objects in memory, enabling a remote attacker to execute arbitrary code when a s...

7.6CVSS7.3AI score0.16778EPSS
CVE
CVE
added 2025/04/08 5:24 p.m.136 views

CVE-2025-29810

CVE-2025-29810 corresponds to an improper access control in Active Directory Domain Services that can allow an authenticated attacker to elevate privileges over the network. The NCSC advisory groups CVE-2025-29810 under Windows Active Directory Domain Services with an impact described as ‘Obtain ...

7.5CVSS7.1AI score0.02415EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.134 views

CVE-2009-0090

CVE-2009-0090 corresponds to a high-severity remote code execution vulnerability in Microsoft .NET Framework. The issue arises because .NET Framework versions 1.0 SP3, 1.1 SP1 and 2.0 SP1 do not properly validate verifiable code, enabling a remote attacker to execute arbitrary code and read stack...

9.3CVSS9.4AI score0.20982EPSS
CVE
CVE
added 2017/04/12 2:0 p.m.134 views

CVE-2017-0181

CVE-2017-0181 affects the Windows Hyper-V Network Switch on Windows 10/Windows Server 2016 hosts. The vulnerability is a remote code execution caused by improper validation of input from the guest OS, requiring an authenticated user on the guest. Connected sources confirm Hyper-V input validation...

7.6CVSS7.8AI score0.03147EPSS
CVE
CVE
added 2022/04/15 7:4 p.m.134 views

CVE-2022-26790

Technical details for CVE-2022-26790 are not publicly provided in the supplied documents. Monitor for updates.

7.8CVSS8.6AI score0.00693EPSS
CVE
CVE
added 2016/06/16 1:0 a.m.133 views

CVE-2016-3223

CVE-2016-3223 relates to a Group Policy Elevation of Privilege vulnerability in Windows where LDAP authentication is mishandled, enabling a MiTM attacker to modify domain controller–to–client Group Policy update data and potentially escalate privileges. The issue affects multiple Windows editions...

9.3CVSS7.9AI score0.21091EPSS
CVE
CVE
added 2016/08/09 9:0 p.m.133 views

CVE-2016-3301

CVE-2016-3301 affects the Windows Graphics Component in the Windows font library, enabling remote code execution via a crafted embedded font. Affected products include Windows Vista SP2; Windows Server 2008 SP2/R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; W...

9.3CVSS7.8AI score0.44492EPSS
CVE
CVE
added 2016/11/10 6:16 a.m.133 views

CVE-2016-7237

CVE-2016-7237 affects Local Security Authority Subsystem Service (LSASS) in Windows between Vista SP2 and Windows Server 2016. The vulnerability allows remote authenticated users to cause a denial of service (system hang) by sending a crafted request, via the LSASS handling path (notably connecte...

6.8CVSS6.2AI score0.65059EPSS
CVE
CVE
added 2018/05/09 7:0 p.m.133 views

CVE-2018-8136

CVE-2018-8136 is described as a remote code execution vulnerability in how Windows handles objects in memory, affecting Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008/2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10 and Windows 10 servers. The con...

9.3CVSS8.4AI score0.23243EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.132 views

CVE-2009-2532

CVE-2009-2532 refers to a remote-code-execution vulnerability in the SMBv2 implementation of Windows SMB Server. The issue arises from how SMBv2 handles the command value in SMB Multi-Protocol Negotiate packets, allowing an unauthenticated attacker to execute arbitrary code on affected systems. A...

10CVSS7.5AI score0.62171EPSS
CVE
CVE
added 2017/03/17 12:0 a.m.132 views

CVE-2017-0114

CVE-2017-0114 is a Windows Uniscribe (usp10.dll) information-disclosure vulnerability affecting Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, and Windows 7 SP1. The issue arises in Uniscribe when processing Unicode text via DrawText paths triggered by user32/lpk, allowing a remote attacker t...

4.3CVSS4.5AI score0.22471EPSS
CVE
CVE
added 2016/02/10 11:0 a.m.131 views

CVE-2016-0042

CVE-2016-0042 corresponds to a Windows DLL loading Remote Code Execution vulnerability. Affected products include Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012, Windows RT 8.1, and Windows 10 (including 1511). The flaw arises from mishandling D...

7.8CVSS7.8AI score0.05651EPSS
CVE
CVE
added 2017/03/17 12:0 a.m.131 views

CVE-2017-0062

CVE-2017-0062 affects the Graphics Device Interface (GDI) in multiple Windows versions (Vista SP2 through Windows 10/1607). It enables local attackers to disclose sensitive process-memory information via a crafted web site; impact is information disclosure. Connected CIRCL entries indicate the vu...

4.7CVSS4.3AI score0.17832EPSS
CVE
CVE
added 2017/10/13 1:0 p.m.131 views

CVE-2017-11771

CVE-2017-11771 is a remote code execution vulnerability in the Microsoft Windows Search component. The issue arises from improper handling of DNS responses by the Windows Search service, allowing an unauthenticated, remote attacker to execute code on affected systems. The CVE is referenced alongs...

10CVSS9.6AI score0.64132EPSS
CVE
CVE
added 2018/02/15 2:0 a.m.131 views

CVE-2018-0846

The connected documents confirm CVE-2018-0846 affects the Windows Common Log File System (CLFS) driver and describes an elevation-of-privilege flaw caused by improper handling of objects in memory. Affected products include various Windows client/server builds (Windows 7 SP1, Windows 8.1/RT 8.1, ...

7.8CVSS6.8AI score0.01239EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.130 views

CVE-2009-2501

CVE-2009-2501 describes a heap-based buffer overflow in Microsoft GDI+ when processing PNG images, enabling remote code execution via crafted PNGs. Affected software/contexts include Internet Explorer 6 SP1 on Windows XP (SP2/SP3) and various Microsoft Office components and viewers that rely on G...

9.3CVSS9.7AI score0.26824EPSS
CVE
CVE
added 2017/06/15 1:0 a.m.130 views

CVE-2017-8528

CVE-2017-8528 concerns a remote code execution vulnerability in Microsoft Windows Uniscribe (usp10.dll) where объектs in memory are mishandled. Affected platforms span Windows 7/8.1/10 and several Server SKUs with Office 2007/2010. Exploitation is possible via crafted documents or web content, pe...

9.3CVSS5.9AI score0.19889EPSS
CVE
CVE
added 2017/05/12 2:0 p.m.129 views

CVE-2017-0279

CVE-2017-0279 corresponds to a remote code execution vulnerability in the Microsoft Windows SMB v1 server. The available connected and initial documents indicate: affected component is the SMBv1 server (Server Message Block 1.0) on multiple Windows platforms (e.g., Windows 7, Windows 8.1, Windows...

7CVSS7.7AI score0.1085EPSS
CVE
CVE
added 2011/06/16 8:21 p.m.128 views

CVE-2011-1249

CVE-2011-1249 concerns the Ancillary Function Driver (afd.sys) in Windows, where local input validation flaws allow privilege escalation. Affected OSes include Windows XP SP2/SP3, Server 2003 SP2, Windows Vista SP1/SP2, Server 2008 (Gold/SP2/R2), and Windows 7 (Gold/SP1). The vulnerability stems ...

7.2CVSS6.3AI score0.08488EPSS
Web
CVE
CVE
added 2018/02/15 2:0 a.m.128 views

CVE-2018-0820

CVE-2018-0820 affects the Windows kernel on Windows 7 SP1, Windows 8.1/RT 8.1, Windows Server 2008 SP2/R2 SP1, 2012/2012 R2, Windows 10 (various builds) and Windows Server (various). The vulnerability arises from how objects are handled in memory, enabling local privilege escalation from a low-pr...

7.8CVSS5.4AI score0.01266EPSS
CVE
CVE
added 2009/09/08 10:0 p.m.127 views

CVE-2009-1925

CVE-2009-1925 is the TCP/IP Timestamps Code Execution vulnerability in Windows. A remote attacker can execute arbitrary code by sending specially crafted TCP/IP packets to a listening service; the flaw arises from the TCP/IP stack not cleaning up state information, causing a field to be misinterp...

10CVSS7.9AI score0.27402EPSS
CVE
CVE
added 2017/03/17 12:0 a.m.127 views

CVE-2017-0087

CVE-2017-0087 is a remote code execution vulnerability in Windows Uniscribe (USP10) affecting Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1. Connected data show exploits targeting USP10!MergeLigRecords, with heap memory corruption in Uniscribe’s font processing triggere...

9.3CVSS7.4AI score0.42546EPSS
CVE
CVE
added 2009/08/12 5:0 p.m.126 views

CVE-2009-1133

CVE-2009-1133 corresponds to a heap-based buffer overflow in Microsoft Remote Desktop Connection (mstsc/ mstscax.dll) affecting RDP clients (RDP 5.0–6.1 on Windows and Mac 2.0). The underlying flaw occurs during parsing of data from the RDP server, allowing a remote attacker to execute arbitrary ...

9.3CVSS8.2AI score0.30496EPSS
CVE
CVE
added 2010/02/10 6:0 p.m.126 views

CVE-2010-0022

CVE-2010-0022 is part of the SMB server NTLM vulnerabilities addressed by Microsoft MS10-012. The XP/2000/2003/Vista/2008/7 SMB server implementation fails to properly validate shared/servername fields in SMB packets, allowing remote attackers to cause a denial of service (system hang) via a craf...

7.8CVSS6.3AI score0.79499EPSS
CVE
CVE
added 2016/05/11 1:0 a.m.126 views

CVE-2016-0174

CVE-2016-0174 describes a local privilege escalation in Windows kernel-mode drivers (Win32k) affecting multiple Windows family versions (Vista SP2, Server 2008 SP2/R2, 7 SP1, 8.1, Server 2012, RT 8.1, and Windows 10 1511/Gold). The vulnerability allows a locally authenticated attacker to gain hig...

7.8CVSS7.5AI score0.02485EPSS
CVE
CVE
added 2017/03/17 12:0 a.m.126 views

CVE-2017-0099

CVE-2017-0099 pertains to Hyper-V in Microsoft Windows (lists affected: Windows Vista SP2, Server 2008 SP2/2008 R2, Windows 7 SP1, Windows 8.1, Server 2012 Gold/R2, Windows 10 Gold, 1511, 1607, Server 2016). The issue allows guest OS users, running as VMs, to cause a denial-of-service via a craft...

5.4CVSS5.2AI score0.01423EPSS
CVE
CVE
added 2022/04/15 7:4 p.m.126 views

CVE-2022-26794

Technical details for CVE-2022-26794 are not publicly provided in the supplied documents. No specifics on affected components, root cause, impact, or fixes are present here. Monitor for updates in connected sources.

7.8CVSS8.6AI score0.00693EPSS
CVE
CVE
added 2010/02/10 6:0 p.m.125 views

CVE-2010-0021

CVE-2010-0021 is part of the MS10-012 set of SMB server vulnerabilities affecting Windows Vista/Windows Server 2008/Windows 7 and related Server roles. The issue arises from race conditions in the SMB Server service during Negotiate handling (SMBv1/v2), allowing remote attackers to trigger a deni...

7.1CVSS6.4AI score0.14385EPSS
CVE
CVE
added 2012/01/17 7:0 p.m.125 views

CVE-2010-5082

CVE-2010-5082 affects the Windows Color Control Panel (colorcpl.exe) on Windows Server 2008 SP2, R2, and R2 SP1. The vulnerability stems from insecure library loading where sti.dll can be loaded from the current working directory, enabling privilege escalation when a malicious directory also cont...

9.3CVSS6.3AI score0.17939EPSS
CVE
CVE
added 2016/05/11 1:0 a.m.125 views

CVE-2016-0169

CVE-2016-0169 is a Windows Graphics Component Information Disclosure vulnerability in GDI across Windows Vista through Windows 10 (various editions). The issue arises from improper disclosure of memory contents via a crafted document, enabling remote information leakage. Public evidence includes ...

6.5CVSS5.9AI score0.43248EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.125 views

CVE-2017-8696

CVE-2017-8696 targets Microsoft Windows components (Windows Uniscribe/Graphics Component) across Windows Server 2008 SP2, R2 SP1, Windows 7 SP1, Office 2007 SP3/2010 SP2, Word Viewer, Office for Mac 2011/2016, Skype for Business, Lync, Live Meeting 2007 Add-in/Console. The vulnerability enables r...

7.6CVSS7AI score0.14264EPSS
CVE
CVE
added 2022/04/15 7:4 p.m.125 views

CVE-2022-26792

Technical details for CVE-2022-26792 are not publicly provided in the supplied documents. Monitor for updates from authoritative sources as more information becomes available.

7.8CVSS8.6AI score0.0078EPSS
CVE
CVE
added 2016/06/16 1:0 a.m.124 views

CVE-2016-3225

The CVE-2016-3225 issue affects the SMB server component in multiple Windows releases (e.g., Vista/Server 2008/7/8.1/2012/RT 8.1/10). The root cause is credential-forwarding by the Windows SMB server to an unintended service, enabling a local attacker to gain elevated privileges via a crafted app...

7.8CVSS7.6AI score0.43493EPSS
Web
CVE
CVE
added 2016/06/16 1:0 a.m.124 views

CVE-2016-3236

CVE-2016-3236 affects the WPAD proxy discovery implementation in multiple Windows editions (Vista through Windows 10). The weakness arises when WPAD proxy discovery is mishandled, which could allow a remote attacker to redirect network traffic via unspecified vectors, effectively an elevation of ...

10CVSS9.1AI score0.77658EPSS
CVE
CVE
added 2017/05/12 2:0 p.m.124 views

CVE-2017-0077

CVE-2017-0077 is a Windows kernel vulnerability described as the Win32k Information Disclosure Vulnerability. It affects multiple Windows versions (Windows 7 SP1, Windows 8.1, Windows 10 releases up to 1703 and Windows Server 2016, among others) and is exploitable by a local, authenticated attack...

7.8CVSS7.4AI score0.01537EPSS
CVE
CVE
added 2017/04/12 2:0 p.m.123 views

CVE-2017-0180

Technical details for CVE-2017-0180 are not publicly provided in the connected documents. Available sources reference Hyper-V Network Switch input validation issues but do not disclose affected versions, root cause specifics, or exploit information. Monitor for updates.

7.6CVSS7.9AI score0.03296EPSS
CVE
CVE
added 2012/06/12 10:0 p.m.122 views

CVE-2012-0173

Technical details for CVE-2012-0173 are not provided in the connected documents. The materials reference CVE-2012-0002 and MS12-020 but do not disclose specifics for CVE-2012-0173. Monitor for updates.

9.3CVSS9.4AI score0.20933EPSS
CVE
CVE
added 2016/12/20 5:54 a.m.122 views

CVE-2016-7272

CVE-2016-7272 affects the Windows Graphics component across multiple Windows versions (Vista SP2, Server 2008 SP2/R2, 7, 8.1, 2012/R2, RT 8.1, 10 Gold/1511/1607, Server 2016). The vulnerability enables remote code execution via a crafted web site, with network attack vector and no privileges requ...

9.3CVSS8.8AI score0.39261EPSS
CVE
CVE
added 2017/05/12 2:0 p.m.122 views

CVE-2017-0275

CVE-2017-0275 is an SMBv1 information-disclosure vulnerability in Microsoft Windows SMB server handling of certain requests. The initial description lists affected products as Windows platforms including Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and ...

5.9CVSS6.1AI score0.07611EPSS
CVE
CVE
added 2018/04/12 1:0 a.m.122 views

CVE-2018-1008

CVE-2018-1008 describes a local elevation-of-privilege vulnerability in Windows Adobe Type Manager Font Driver (ATMFD.dll). The flaw stems from improper handling of objects in memory, enabling an attacker to execute arbitrary code with kernel or SYSTEM privileges on vulnerable Windows editions (W...

7CVSS6.7AI score0.01152EPSS
CVE
CVE
added 2009/04/15 3:49 a.m.121 views

CVE-2009-0550

CVE-2009-0550 impacts Windows HTTP Services (WinHTTP) and WinINet used by Internet Explorer, on Windows 2000 SP4, XP SP2/SP3, Server 2003, Vista, and Server 2008; the vulnerability allows an attacker-controlled remote web server to capture NTLM credentials and replay them, and to execute arbitrar...

9.3CVSS6.9AI score0.11843EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.121 views

CVE-2009-2502

CVE-2009-2502 is a GDI+ TIFF buffer overflow vulnerability that could allow remote code execution when processing a specially crafted TIFF image. The vulnerability affects multiple Microsoft products enabled via Internet Explorer 6 SP1, various Windows and Office suites, Viewer components, and re...

9.3CVSS9.7AI score0.22025EPSS
CVE
CVE
added 2011/08/10 9:16 p.m.121 views

CVE-2011-1966

The CVE-2011-1966 issue affects Microsoft Windows DNS Server on Windows Server 2008 SP2, R2, and R2 SP1, where the DNS server mishandles NAPTR queries that trigger recursive processing. The root cause is a memory corruption vulnerability exploitable via specially crafted NAPTR queries, which can ...

10CVSS7.5AI score0.55203EPSS
CVE
CVE
added 2013/07/10 1:0 a.m.121 views

CVE-2013-3174

CVE-2013-3174 corresponds to a remote code execution in Microsoft DirectShow via specially crafted GIF files. Affected: DirectShow in Windows XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8, Server 2012. Root cause: faulty GIF image parsing leads to arbitr...

9.3CVSS7.4AI score0.31979EPSS
CVE
CVE
added 2014/07/08 10:0 p.m.121 views

CVE-2014-1767

CVE-2014-1767 is a local privilege-escalation vulnerability in the Windows Ancillary Function Driver (afd.sys) leveraged via a dangling/double-free condition in kernel-mode code (AFD). Public materials indicate Microsoft MS14-040 addressed this flaw, affecting multiple Windows versions from Windo...

7.2CVSS6.3AI score0.12694EPSS
CVE
CVE
added 2017/04/12 2:0 p.m.121 views

CVE-2017-0166

CVE-2017-0166: An LDAP elevation of privilege vulnerability in Windows occurs when LDAP request buffer lengths are improperly calculated. This enables a remote attacker to send malicious traffic to a Domain Controller to achieve elevated privileges. The initial description and connected documents...

9.3CVSS7.9AI score0.06415EPSS
Total number of security vulnerabilities686