Windows Server 2008@- Security Vulnerabilities and Issues — Page 40 of Windows Server 2008@- CVE List

Lucene search

MicrosoftWindows Server 2008-

2548 matches found

CVE•added 2017/09/13 1:29 a.m.•79 views

CVE-2017-8679

The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects...

5.5CVSS4.9AI score0.22645EPSS

CVE•added 2019/06/12 2:29 p.m.•79 views

CVE-2019-1015

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.There are multiple ways an attacker could exploit ...

6.5CVSS5.6AI score0.07622EPSS

CVE•added 2019/11/12 7:15 p.m.•79 views

CVE-2019-1439

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'.

6.5CVSS7.1AI score0.32964EPSS

CVE•added 2020/02/11 10:15 p.m.•79 views

CVE-2020-0666

An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0667, CVE-2020-0735, CVE-2020-0752.

7.8CVSS8.1AI score0.00511EPSS

CVE•added 2020/09/11 5:15 p.m.•79 views

CVE-2020-0836

A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries. An attacker who successfully exploited this vulnerability could cause the DNS service to become nonresponsive.To exploit the vulnerability, an authenticated attacker could send malicious DNS queries to...

7.5CVSS7.6AI score0.16255EPSS

CVE•added 2020/03/12 4:15 p.m.•79 views

CVE-2020-0842

An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerabi...

7.8CVSS6.5AI score0.00646EPSS

CVE•added 2020/05/21 11:15 p.m.•79 views

CVE-2020-0963

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1141, CVE-2020-1145, CVE-2020-1179.

6.5CVSS6.5AI score0.2819EPSS

CVE•added 2020/05/21 11:15 p.m.•79 views

CVE-2020-1072

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'.

5.5CVSS6.4AI score0.00881EPSS

CVE•added 2020/09/11 5:15 p.m.•79 views

CVE-2020-1252

A remote code execution vulnerability exists when Windows improperly handles objects in memory. To exploit the vulnerability an attacker would have to convince a user to run a specially crafted application.An attacker who successfully exploited this vulnerability could execute arbitrary code and ta...

7.8CVSS8.4AI score0.08862EPSS

CVE•added 2020/07/14 11:15 p.m.•79 views

CVE-2020-1437

An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory, aka 'Windows Network Location Awareness Service Elevation of Privilege Vulnerability'.

7.8CVSS8.5AI score0.003EPSS

CVE•added 2021/03/11 4:15 p.m.•79 views

CVE-2021-26862

Windows Installer Elevation of Privilege Vulnerability

7.8CVSS8.1AI score0.00469EPSS

CVE•added 2023/12/12 6:15 p.m.•79 views

CVE-2023-35629

Microsoft USBHUB 3.0 Device Driver Remote Code Execution Vulnerability

6.8CVSS7.6AI score0.00217EPSS

CVE•added 2023/12/12 6:15 p.m.•79 views

CVE-2023-35641

Internet Connection Sharing (ICS) Remote Code Execution Vulnerability

8.8CVSS8.8AI score0.04439EPSS

CVE•added 2024/06/11 5:15 p.m.•79 views

CVE-2024-30093

Windows Storage Elevation of Privilege Vulnerability

7.3CVSS8.2AI score0.00783EPSS

CVE•added 2024/07/09 5:15 p.m.•79 views

CVE-2024-35270

Windows iSCSI Service Denial of Service Vulnerability

5.3CVSS7AI score0.00421EPSS

CVE•added 2024/11/12 6:15 p.m.•79 views

CVE-2024-43643

Windows USB Video Class System Driver Elevation of Privilege Vulnerability

6.8CVSS6.7AI score0.00259EPSS

CVE•added 2025/01/14 6:15 p.m.•79 views

CVE-2025-21237

Windows Telephony Service Remote Code Execution Vulnerability

8.8CVSS9AI score0.00461EPSS

CVE•added 2025/04/08 6:15 p.m.•79 views

CVE-2025-26665

Sensitive data storage in improperly locked memory in Windows upnphost.dll allows an authorized attacker to elevate privileges locally.

7CVSS7.1AI score0.00036EPSS

CVE•added 2025/04/08 6:15 p.m.•79 views

CVE-2025-26686

Sensitive data storage in improperly locked memory in Windows TCP/IP allows an unauthorized attacker to execute code over a network.

7.5CVSS7.5AI score0.00151EPSS

CVE•added 2025/04/08 6:15 p.m.•79 views

CVE-2025-27474

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

6.5CVSS6.9AI score0.00229EPSS

CVE•added 2025/04/08 6:16 p.m.•79 views

CVE-2025-27740

Weak authentication in Windows Active Directory Certificate Services allows an authorized attacker to elevate privileges over a network.

8.8CVSS7.3AI score0.0071EPSS

CVE•added 2009/08/12 5:30 p.m.•78 views

CVE-2009-1536

ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Un...

2.6CVSS6.4AI score0.5248EPSS

CVE•added 2009/09/08 10:30 p.m.•78 views

CVE-2009-2499

Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and Microsoft Media Foundation on Windows Vista Gold, SP1, and SP2 and Server 2008; allows remote attackers to execute arbitrary code via an MP3 file with crafted metadata that triggers memory corruption, aka "Windows Media Playback Memory Co...

8.5CVSS7.5AI score0.39788EPSS

CVE•added 2011/09/15 12:26 p.m.•78 views

CVE-2011-1991

Multiple untrusted search path vulnerabilities in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow local users to gain privileges via a Trojan horse DLL in the current working directory, as demons...

9.3CVSS6.6AI score0.40461EPSS

CVE•added 2012/01/10 9:55 p.m.•78 views

CVE-2012-0003

Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerab...

9.3CVSS7.8AI score0.88426EPSS

CVE•added 2012/09/26 10:56 a.m.•78 views

CVE-2012-2897

The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly ...

10CVSS7.3AI score0.31315EPSS

CVE•added 2013/12/11 12:55 a.m.•78 views

CVE-2013-5058

Integer overflow in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows local users to gain privileges via a crafted application...

6.9CVSS6.4AI score0.03623EPSS

CVE•added 2015/07/14 10:59 p.m.•78 views

CVE-2015-2371

The Windows Installer service in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a custom action script ...

6.9CVSS6.4AI score0.00995EPSS

CVE•added 2015/08/15 12:59 a.m.•78 views

CVE-2015-2433

The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to bypass the ASLR protection mechanism via a crafted application, aka "Kernel ASLR Bypas...

2.1CVSS5.9AI score0.17325EPSS

CVE•added 2017/06/15 1:29 a.m.•78 views

CVE-2017-8475

Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32...

5CVSS4.7AI score0.15731EPSS

CVE•added 2017/06/15 1:29 a.m.•78 views

CVE-2017-8478

The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Window...

5CVSS4.8AI score0.15731EPSS

CVE•added 2017/06/15 1:29 a.m.•78 views

CVE-2017-8483

5CVSS4.8AI score0.15731EPSS

CVE•added 2019/11/12 7:15 p.m.•78 views

CVE-2019-0712

A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1309, CVE-2019-1310, CVE-20...

6.8CVSS7.1AI score0.00983EPSS

CVE•added 2019/11/12 7:15 p.m.•78 views

CVE-2019-1389

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1397, CVE-2019-1398.

8.4CVSS9.2AI score0.01157EPSS

CVE•added 2020/07/14 11:15 p.m.•78 views

CVE-2020-1267

This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request, aka 'Local Security Authority Subsystem Service Denial of Service Vulnerability'.

4.9CVSS6.7AI score0.02296EPSS

CVE•added 2020/07/14 11:15 p.m.•78 views

CVE-2020-1389

An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1367, CVE-2020-1419, CVE-2020-1426.

5.5CVSS5.9AI score0.00842EPSS

CVE•added 2020/09/11 5:15 p.m.•78 views

CVE-2020-1559

An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.To exploit the vulnerability, an attacker would first need code execution on a victim system. ...

7.8CVSS8.2AI score0.00529EPSS

CVE•added 2021/03/11 4:15 p.m.•78 views

CVE-2021-26873

Windows User Profile Service Elevation of Privilege Vulnerability

7.8CVSS8.1AI score0.00331EPSS

CVE•added 2024/07/09 5:15 p.m.•78 views

CVE-2024-38052

Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability

7.8CVSS8.6AI score0.01394EPSS

CVE•added 2024/07/09 5:15 p.m.•78 views

CVE-2024-38091

Microsoft WS-Discovery Denial of Service Vulnerability

7.5CVSS8.4AI score0.2017EPSS

CVE•added 2024/10/08 6:15 p.m.•78 views

CVE-2024-43501

Windows Common Log File System Driver Elevation of Privilege Vulnerability

7.8CVSS8.1AI score0.00709EPSS

CVE•added 2025/01/14 6:15 p.m.•78 views

CVE-2025-21252

Windows Telephony Service Remote Code Execution Vulnerability

8.8CVSS9AI score0.00626EPSS

CVE•added 2025/01/14 6:15 p.m.•78 views

CVE-2025-21282

Windows Telephony Service Remote Code Execution Vulnerability

8.8CVSS9AI score0.00626EPSS

CVE•added 2025/01/14 6:15 p.m.•78 views

CVE-2025-21294

Microsoft Digest Authentication Remote Code Execution Vulnerability

8.1CVSS8.3AI score0.00566EPSS

CVE•added 2025/04/08 6:15 p.m.•78 views

CVE-2025-27477

Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.

8.8CVSS8AI score0.00234EPSS

CVE•added 2025/04/08 6:16 p.m.•78 views

CVE-2025-27741

Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally.

7.8CVSS7AI score0.00079EPSS

CVE•added 2013/11/13 12:55 a.m.•77 views

CVE-2013-3940

Integer overflow in the Graphics Device Interface (GDI) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to...

9.3CVSS8AI score0.67618EPSS

CVE•added 2015/12/09 11:59 a.m.•77 views

CVE-2015-6174

The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory El...

7.2CVSS6.2AI score0.0345EPSS

CVE•added 2017/06/15 1:29 a.m.•77 views

CVE-2017-8532

Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Graphics Uniscribe Information Disclosure Vulnerability". This ...

6.5CVSS5.1AI score0.24455EPSS

CVE•added 2019/06/12 2:29 p.m.•77 views

CVE-2019-1048

6.5CVSS5.6AI score0.07622EPSS

Total number of security vulnerabilities2548