Windows Server 2008@* Security Vulnerabilities and Issues — Page 48 of Windows Server 2008@* CVE List

Lucene search

MicrosoftWindows Server 2008*

2508 matches found

CVE•added 2011/04/13 8:26 p.m.•49 views

CVE-2011-1225

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer deref...

7.2CVSS6.4AI score0.00827EPSS

CVE•added 2011/07/13 11:55 p.m.•49 views

CVE-2011-1283

The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 does not ensure that an unspecified array index has a non-negative value before performing read and w...

7.2CVSS6.5AI score0.00773EPSS

CVE•added 2012/11/14 12:55 a.m.•49 views

CVE-2012-2553

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerabilit...

7.2CVSS6.4AI score0.01488EPSS

CVE•added 2013/02/13 12:4 p.m.•49 views

CVE-2013-1264

Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel ...

4.9CVSS6.3AI score0.00434EPSS

CVE•added 2013/09/11 2:3 p.m.•49 views

CVE-2013-1342

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k Multi...

7.8CVSS6.2AI score0.01084EPSS

CVE•added 2013/09/11 2:3 p.m.•49 views

CVE-2013-1343

7.2CVSS6.2AI score0.01084EPSS

CVE•added 2013/09/11 2:3 p.m.•49 views

CVE-2013-3866

7.2CVSS6.5AI score0.0059EPSS

CVE•added 2016/03/09 11:59 a.m.•49 views

CVE-2016-0092

OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file, aka "Windows OLE Memory Remote Code Execution Vulne...

9.3CVSS8AI score0.47205EPSS

CVE•added 2025/06/10 5:22 p.m.•49 views

CVE-2025-32724

Uncontrolled resource consumption in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.

7.5CVSS7.4AI score0.11772EPSS

CVE•added 2025/06/10 5:22 p.m.•49 views

CVE-2025-33064

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.

8.8CVSS9.1AI score0.00089EPSS

CVE•added 2009/08/12 5:30 p.m.•48 views

CVE-2009-1546

Integer overflow in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows allows remote attackers to execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI file, or cause a denial of service on a Windows XP SP2 or SP3, Server 2003 SP2, Vista Gold, SP1, or...

8.5CVSS7.9AI score0.63266EPSS

CVE•added 2009/11/11 7:30 p.m.•48 views

CVE-2009-1928

Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2; Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2; and Active Directory Lightweight Directory Service (AD LDS) o...

7.8CVSS6.4AI score0.68083EPSS

CVE•added 2011/04/13 6:55 p.m.•48 views

CVE-2011-0660

The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Respon...

9.3CVSS7.5AI score0.4891EPSS

CVE•added 2011/04/13 8:26 p.m.•48 views

CVE-2011-1234

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application th...

7.2CVSS6.4AI score0.00639EPSS

CVE•added 2011/04/13 8:26 p.m.•48 views

CVE-2011-1239

7.2CVSS6.4AI score0.00623EPSS

CVE•added 2011/07/13 11:55 p.m.•48 views

CVE-2011-1883

7.2CVSS6.5AI score0.0061EPSS

CVE•added 2013/02/13 12:4 p.m.•48 views

CVE-2013-1250

4.9CVSS6.4AI score0.00434EPSS

CVE•added 2013/02/13 12:4 p.m.•48 views

CVE-2013-1251

4.9CVSS6.4AI score0.00434EPSS

CVE•added 2013/02/13 12:4 p.m.•48 views

CVE-2013-1256

4.9CVSS6.4AI score0.00434EPSS

CVE•added 2013/02/13 12:4 p.m.•48 views

CVE-2013-1257

4.9CVSS6.4AI score0.00589EPSS

CVE•added 2013/02/13 12:4 p.m.•48 views

CVE-2013-1262

4.9CVSS6.3AI score0.00434EPSS

CVE•added 2013/04/09 10:55 p.m.•48 views

CVE-2013-1291

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 Gold and SP1, and Windows 8 allows local users to cause a denial of service (reboot) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerabilit...

7.1CVSS6.1AI score0.17931EPSS

CVE•added 2013/12/11 12:55 a.m.•48 views

CVE-2013-3907

portcls.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Port-Class Driver Double Fetch Vulnerability."

7.2CVSS6.4AI score0.01105EPSS

CVE•added 2016/03/09 11:59 a.m.•48 views

CVE-2016-0091

7.8CVSS8AI score0.47205EPSS

CVE•added 2025/05/13 5:15 p.m.•48 views

CVE-2025-29960

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

6.5CVSS6.3AI score0.00074EPSS

CVE•added 2025/05/13 5:15 p.m.•48 views

CVE-2025-29961

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

6.5CVSS6.3AI score0.00074EPSS

CVE•added 2025/06/10 5:21 p.m.•48 views

CVE-2025-32713

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

7.8CVSS7.8AI score0.00057EPSS

CVE•added 2008/12/10 2:0 p.m.•47 views

CVE-2008-4269

The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Windows Search Parsing Vulnerability."

8.5CVSS7AI score0.57772EPSS

CVE•added 2009/11/11 7:30 p.m.•47 views

CVE-2009-1127

win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not correctly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application that triggers ...

7.2CVSS6.1AI score0.012EPSS

CVE•added 2009/12/09 6:30 p.m.•47 views

CVE-2009-2508

The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previou...

6.9CVSS6.1AI score0.00766EPSS

CVE•added 2011/02/09 1:0 a.m.•47 views

CVE-2011-0086

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka ...

7.2CVSS6.4AI score0.01164EPSS

CVE•added 2011/04/13 8:26 p.m.•47 views

CVE-2011-1235

7.2CVSS6.5AI score0.00623EPSS

CVE•added 2011/04/13 8:26 p.m.•47 views

CVE-2011-1241

7.2CVSS6.4AI score0.0061EPSS

CVE•added 2012/03/13 9:55 p.m.•47 views

CVE-2012-0157

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted application...

8.4CVSS6.3AI score0.01588EPSS

CVE•added 2012/06/12 10:55 p.m.•47 views

CVE-2012-1867

Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted TrueType font file that triggers incorre...

8.4CVSS6.7AI score0.01124EPSS

CVE•added 2012/08/15 1:55 a.m.•47 views

CVE-2012-2527

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use...

7.2CVSS6.4AI score0.01046EPSS

CVE•added 2013/02/13 12:4 p.m.•47 views

CVE-2013-1252

4.9CVSS6.4AI score0.00434EPSS

CVE•added 2013/02/13 12:4 p.m.•47 views

CVE-2013-1253

7CVSS6.4AI score0.003EPSS

CVE•added 2013/02/13 12:4 p.m.•47 views

CVE-2013-1258

4.9CVSS6.3AI score0.00434EPSS

CVE•added 2013/02/13 12:4 p.m.•47 views

CVE-2013-1266

4.9CVSS6.3AI score0.00434EPSS

CVE•added 2013/02/13 12:4 p.m.•47 views

CVE-2013-1267

4.9CVSS6.3AI score0.00434EPSS

CVE•added 2013/02/13 12:4 p.m.•47 views

CVE-2013-1272

4.9CVSS6.4AI score0.00434EPSS

CVE•added 2013/02/13 12:4 p.m.•47 views

CVE-2013-1274

4.9CVSS6.4AI score0.00434EPSS

CVE•added 2013/07/10 3:46 a.m.•47 views

CVE-2013-3154

The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname, which allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory, aka "Microsoft Windows 7 Defender Improper P...

6.9CVSS6.4AI score0.0232EPSS

CVE•added 2013/08/14 11:10 a.m.•47 views

CVE-2013-3196

The NT Virtual DOS Machine (NTVDM) subsystem in the kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly validate kernel-memory addresses, which allows local users to gain privileg...

7.2CVSS6.2AI score0.01283EPSS

CVE•added 2013/08/14 11:10 a.m.•47 views

CVE-2013-3197

7.2CVSS6.2AI score0.01283EPSS

CVE•added 2025/05/13 5:16 p.m.•47 views

CVE-2025-30385

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

7.8CVSS7.5AI score0.00066EPSS

CVE•added 2025/06/10 5:22 p.m.•47 views

CVE-2025-33057

Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to deny service over a network.

6.5CVSS6.3AI score0.00187EPSS

CVE•added 2009/10/14 10:30 a.m.•46 views

CVE-2009-2529

Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not properly handle argument validation for unspecified variables, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Component Handling Vulnerability."

9.3CVSS7.2AI score0.26343EPSS

CVE•added 2009/12/09 6:30 p.m.•46 views

CVE-2009-3673

Microsoft Internet Explorer 7 and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."

9.3CVSS7.4AI score0.57317EPSS

Total number of security vulnerabilities2508