Windows Server 2008@* Security Vulnerabilities and Issues — Page 35 of Windows Server 2008@* CVE List

Lucene search

MicrosoftWindows Server 2008*

2508 matches found

CVE•added 2024/12/12 2:4 a.m.•85 views

CVE-2024-49125

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

8.8CVSS8.9AI score0.00783EPSS

CVE•added 2025/04/08 6:15 p.m.•85 views

CVE-2025-21221

Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.

8.8CVSS8AI score0.00083EPSS

CVE•added 2025/03/11 5:16 p.m.•85 views

CVE-2025-21247

Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.

4.3CVSS4.7AI score0.00167EPSS

CVE•added 2025/01/14 6:15 p.m.•85 views

CVE-2025-21319

Windows Kernel Memory Information Disclosure Vulnerability

5.5CVSS5.3AI score0.00092EPSS

CVE•added 2025/03/11 5:16 p.m.•85 views

CVE-2025-24992

Buffer over-read in Windows NTFS allows an unauthorized attacker to disclose information locally.

5.5CVSS6.5AI score0.00104EPSS

CVE•added 2025/04/08 6:15 p.m.•85 views

CVE-2025-26672

Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

6.5CVSS6.8AI score0.00074EPSS

CVE•added 2025/04/08 6:15 p.m.•85 views

CVE-2025-27471

Sensitive data storage in improperly locked memory in Microsoft Streaming Service allows an unauthorized attacker to deny service over a network.

5.9CVSS6.9AI score0.00056EPSS

CVE•added 2025/04/08 6:15 p.m.•85 views

CVE-2025-27473

Uncontrolled resource consumption in Windows HTTP.sys allows an unauthorized attacker to deny service over a network.

7.5CVSS7AI score0.12218EPSS

CVE•added 2025/04/08 6:16 p.m.•85 views

CVE-2025-27732

Sensitive data storage in improperly locked memory in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

7CVSS7.1AI score0.00036EPSS

CVE•added 2025/06/10 5:21 p.m.•85 views

CVE-2025-32710

Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.

8.1CVSS8.5AI score0.0013EPSS

CVE•added 2008/07/08 11:41 p.m.•84 views

CVE-2008-1454

Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 allows remote attackers to conduct cache poisoning attacks via unknown vectors related to accepting "records from a response that is outside the remote server's authority," aka "DNS Cache Poison...

9.4CVSS6.2AI score0.88803EPSS

CVE•added 2010/04/14 4:0 p.m.•84 views

CVE-2010-0269

The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows remote SMB servers and man-in-the-middle attackers ...

10CVSS7.5AI score0.61275EPSS

CVE•added 2017/08/08 9:29 p.m.•84 views

CVE-2017-0250

Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to buffer overflow, aka "Microsoft JET Databa...

9.3CVSS8.4AI score0.30172EPSS

CVE•added 2020/02/11 10:15 p.m.•84 views

CVE-2020-0675

An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addre...

5.5CVSS5.2AI score0.00996EPSS

CVE•added 2020/03/12 4:15 p.m.•84 views

CVE-2020-0773

An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows ActiveX Installer Service Elevation of Privilege Vulnerability'. This ...

7.8CVSS8.2AI score0.00656EPSS

CVE•added 2020/03/12 4:15 p.m.•84 views

CVE-2020-0778

An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0802, CVE-2020-0803, CVE-2020-0804, CVE-2020-0845.

7.8CVSS8.1AI score0.00549EPSS

CVE•added 2020/03/12 4:15 p.m.•84 views

CVE-2020-0845

7.8CVSS8.1AI score0.00549EPSS

CVE•added 2020/07/14 11:15 p.m.•84 views

CVE-2020-1359

An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory, aka 'Windows CNG Key Isolation Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1384.

7.8CVSS8.5AI score0.00513EPSS

CVE•added 2021/12/15 3:15 p.m.•84 views

CVE-2021-43229

Windows NTFS Elevation of Privilege Vulnerability

7.8CVSS8.6AI score0.11247EPSS

CVE•added 2022/10/11 7:15 p.m.•84 views

CVE-2022-33645

Windows TCP/IP Driver Denial of Service Vulnerability

7.5CVSS7.9AI score0.04678EPSS

CVE•added 2022/09/13 7:15 p.m.•84 views

CVE-2022-37964

Windows Kernel Elevation of Privilege Vulnerability

7.8CVSS8.1AI score0.00286EPSS

CVE•added 2023/02/14 8:15 p.m.•84 views

CVE-2023-21702

Windows iSCSI Service Denial of Service Vulnerability

7.5CVSS7.5AI score0.03441EPSS

CVE•added 2023/07/11 6:15 p.m.•84 views

CVE-2023-32043

Windows Remote Desktop Security Feature Bypass Vulnerability

6.8CVSS8AI score0.00065EPSS

CVE•added 2023/07/11 6:15 p.m.•84 views

CVE-2023-35314

Remote Procedure Call Runtime Denial of Service Vulnerability

6.5CVSS7.8AI score0.03672EPSS

CVE•added 2023/07/11 6:15 p.m.•84 views

CVE-2023-35341

Microsoft DirectMusic Information Disclosure Vulnerability

6.2CVSS6.9AI score0.00243EPSS

CVE•added 2024/07/09 5:15 p.m.•84 views

CVE-2024-38048

Windows Network Driver Interface Specification (NDIS) Denial of Service Vulnerability

6.5CVSS7.8AI score0.00418EPSS

CVE•added 2024/09/10 5:15 p.m.•84 views

CVE-2024-38236

DHCP Server Service Denial of Service Vulnerability

7.5CVSS8.4AI score0.21089EPSS

CVE•added 2024/09/10 5:15 p.m.•84 views

CVE-2024-38258

Windows Remote Desktop Licensing Service Information Disclosure Vulnerability

7.5CVSS7.6AI score0.01264EPSS

CVE•added 2025/01/14 6:15 p.m.•84 views

CVE-2025-21233

Windows Telephony Service Remote Code Execution Vulnerability

8.8CVSS9AI score0.00461EPSS

CVE•added 2025/01/14 6:15 p.m.•84 views

CVE-2025-21338

GDI+ Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.00266EPSS

CVE•added 2025/02/11 6:15 p.m.•84 views

CVE-2025-21371

Windows Telephony Service Remote Code Execution Vulnerability

8.8CVSS8.8AI score0.00675EPSS

CVE•added 2009/10/14 10:30 a.m.•83 views

CVE-2009-0091

Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Fr...

9.3CVSS7.2AI score0.3731EPSS

CVE•added 2009/10/14 10:30 a.m.•83 views

CVE-2009-2503

GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Of...

9.3CVSS9.6AI score0.41156EPSS

CVE•added 2010/04/14 4:0 p.m.•83 views

CVE-2010-0477

The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted packet that causes the client to read the entirety of the respo...

10CVSS7.3AI score0.81687EPSS

CVE•added 2016/11/10 6:59 a.m.•83 views

CVE-2016-7218

Bowser.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive information via a cr...

4.7CVSS5AI score0.01428EPSS

CVE•added 2016/12/20 6:59 a.m.•83 views

CVE-2016-7219

The Crypto driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, a...

5.5CVSS5.4AI score0.01469EPSS

CVE•added 2017/03/17 12:59 a.m.•83 views

CVE-2017-0083

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2...

9.3CVSS7.4AI score0.67088EPSS

CVE•added 2017/03/17 12:59 a.m.•83 views

CVE-2017-0113

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-...

4.3CVSS4.5AI score0.13744EPSS

CVE•added 2017/05/12 2:29 p.m.•83 views

CVE-2017-0246

The Graphics Component in the kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application or in Window...

7CVSS7.2AI score0.16582EPSS

CVE•added 2017/06/15 1:29 a.m.•83 views

CVE-2017-0300

The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Window...

5CVSS4.8AI score0.15731EPSS

CVE•added 2017/07/11 9:29 p.m.•83 views

CVE-2017-8587

Windows Explorer in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511 allows a denial of service vulnerability when it attempts to open a non-existent file, aka "Windows Explorer Denial of Service Vulnerability".

6.5CVSS6.2AI score0.16489EPSS

CVE•added 2017/09/13 1:29 a.m.•83 views

CVE-2017-8677

The Windows GDI+ component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly discloses kernel ...

5.5CVSS5.3AI score0.26895EPSS

CVE•added 2020/02/11 10:15 p.m.•83 views

CVE-2020-0680

An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory, aka 'Windows Function Discovery Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0679, CVE-2020-0682.

7.8CVSS8.1AI score0.00511EPSS

CVE•added 2020/03/12 4:15 p.m.•83 views

CVE-2020-0781

An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0783.

7.8CVSS8.5AI score0.00538EPSS

CVE•added 2020/05/21 11:15 p.m.•83 views

CVE-2020-0909

A denial of service vulnerability exists when Hyper-V on a Windows Server fails to properly handle specially crafted network packets.To exploit the vulnerability, an attacker would send specially crafted network packets to the Hyper-V Server.The security update addresses the vulnerability by resolv...

7.5CVSS8.1AI score0.12525EPSS

CVE•added 2020/04/15 3:15 p.m.•83 views

CVE-2020-0993

A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries, aka 'Windows DNS Denial of Service Vulnerability'.

6.8CVSS6.9AI score0.12348EPSS

CVE•added 2020/04/15 3:15 p.m.•83 views

CVE-2020-1005

An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0982, CVE-2020-0987.

5.5CVSS6.2AI score0.0176EPSS

CVE•added 2020/04/15 3:15 p.m.•83 views

CVE-2020-1014

An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges, aka 'Microsoft Windows Update Client Elevation of Privilege Vulnerability'.

7.8CVSS8AI score0.0047EPSS

CVE•added 2020/05/21 11:15 p.m.•83 views

CVE-2020-1116

An information disclosure vulnerability exists when the Windows Client Server Run-Time Subsystem (CSRSS) fails to properly handle objects in memory, aka 'Windows CSRSS Information Disclosure Vulnerability'.

5.5CVSS6.5AI score0.00505EPSS

CVE•added 2020/07/14 11:15 p.m.•83 views

CVE-2020-1397

An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory, aka 'Windows Imaging Component Information Disclosure Vulnerability'.

6.5CVSS7.1AI score0.2819EPSS

Total number of security vulnerabilities2508