Windows Server 2008@- Security Vulnerabilities and Issues — Page 44 of Windows Server 2008@- CVE List

Lucene search

MicrosoftWindows Server 2008-

2587 matches found

CVE•added 2025/01/14 6:15 p.m.•72 views

CVE-2025-21306

Windows Telephony Service Remote Code Execution Vulnerability

8.8CVSS9AI score0.00706EPSS

CVE•added 2025/01/14 6:15 p.m.•72 views

CVE-2025-21339

Windows Telephony Service Remote Code Execution Vulnerability

8.8CVSS9AI score0.027EPSS

CVE•added 2010/08/11 6:47 p.m.•71 views

CVE-2010-2554

The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL Vuln...

7.8CVSS6.3AI score0.03437EPSS

CVE•added 2011/03/09 11:0 p.m.•71 views

CVE-2011-0029

Untrusted search path vulnerability in the client in Microsoft Remote Desktop Connection 5.2, 6.0, 6.1, and 7.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rdp file, aka "Remote Desktop Insecure Libra...

9.3CVSS6.3AI score0.29549EPSS

CVE•added 2014/03/12 5:15 a.m.•71 views

CVE-2014-0323

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to obtain sensitive infor...

6.6CVSS5.8AI score0.01245EPSS

CVE•added 2015/03/11 10:59 a.m.•71 views

CVE-2015-0080

Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly initialize memory for rendering of malformed PNG images, which allows remote attackers to obt...

4.3CVSS5.9AI score0.08915EPSS

CVE•added 2015/05/13 10:59 a.m.•71 views

CVE-2015-1676

The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function c...

2.1CVSS5.9AI score0.03162EPSS

CVE•added 2015/11/11 12:59 p.m.•71 views

CVE-2015-6104

The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted embedded f...

9.3CVSS7.9AI score0.56868EPSS

CVE•added 2017/05/12 2:29 p.m.•71 views

CVE-2017-0242

An information disclosure vulnerability exists in the way some ActiveX objects are instantiated, aka "Microsoft ActiveX Information Disclosure Vulnerability."

5.5CVSS5.5AI score0.07627EPSS

CVE•added 2017/05/12 2:29 p.m.•71 views

CVE-2017-0244

The kernel in Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows locally authenticated attackers to gain privileges via a crafted application, or in Windows 7 for x64-based systems, cause denial of service, aka "Windows Kernel Elevation of Privilege Vulnerability."

6.9CVSS6.8AI score0.01477EPSS

CVE•added 2017/09/13 1:29 a.m.•71 views

CVE-2017-8685

Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows information disclosure by the way it discloses kernel memory addresses, aka "Windows GDI+ Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8684 and CVE-2017-8688.

5.5CVSS5.1AI score0.26895EPSS

CVE•added 2018/07/11 12:29 a.m.•71 views

CVE-2018-8314

An elevation of privilege vulnerability exists when Windows fails a check, allowing a sandbox escape, aka "Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2008 R2, Wi...

4.7CVSS6.1AI score0.00563EPSS

CVE•added 2018/08/15 5:29 p.m.•71 views

CVE-2018-8396

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8394, CVE-2...

4.7CVSS5.7AI score0.19761EPSS

CVE•added 2018/08/15 5:29 p.m.•71 views

CVE-2018-8397

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka "GDI+ Remote Code Execution Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2.

9.3CVSS7.3AI score0.48333EPSS

CVE•added 2019/04/09 12:29 a.m.•71 views

CVE-2019-0683

An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default setting that lets an attacker in the trusting forest request delegation of a TGT for an identity from the trusted forest, aka 'Active Directory Elevation of Privilege Vulnerability'.

5.9CVSS6.4AI score0.04281EPSS

CVE•added 2019/06/12 2:29 p.m.•71 views

CVE-2019-1011

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.There are multiple ways an attacker could exploit ...

6.5CVSS5.9AI score0.07622EPSS

CVE•added 2019/06/12 2:29 p.m.•71 views

CVE-2019-1049

6.5CVSS5.6AI score0.07622EPSS

CVE•added 2020/03/12 4:15 p.m.•71 views

CVE-2020-0874

An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0774...

5.5CVSS6.1AI score0.29411EPSS

CVE•added 2024/10/08 6:15 p.m.•71 views

CVE-2024-43608

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

8.8CVSS9.1AI score0.05181EPSS

CVE•added 2025/01/14 6:15 p.m.•71 views

CVE-2025-21336

Windows Cryptographic Information Disclosure Vulnerability

5.6CVSS5.3AI score0.00078EPSS

CVE•added 2025/02/11 6:15 p.m.•71 views

CVE-2025-21350

Windows Kerberos Denial of Service Vulnerability

5.9CVSS6.9AI score0.00298EPSS

CVE•added 2025/02/11 6:15 p.m.•71 views

CVE-2025-21410

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

8.8CVSS8.8AI score0.00322EPSS

CVE•added 2010/02/10 6:30 p.m.•70 views

CVE-2010-0241

The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Route Information packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Route I...

10CVSS7.6AI score0.55484EPSS

CVE•added 2011/01/31 8:0 p.m.•70 views

CVE-2011-0096

The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote att...

6.1CVSS5.5AI score0.79917EPSS

CVE•added 2014/03/12 5:15 a.m.•70 views

CVE-2014-0300

7.2CVSS6.4AI score0.00612EPSS

CVE•added 2014/06/11 4:56 a.m.•70 views

CVE-2014-1818

GDI+ in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP1 and SP2, Live Meeting 2007 Console, Lync 2010 and 2013, Lync 2010 Attendee,...

9.3CVSS8.5AI score0.42395EPSS

CVE•added 2015/10/14 1:59 a.m.•70 views

CVE-2015-2553

The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 mishandles junctions during mountpoint creation, which makes it easier for local users to gain privileges by...

7.2CVSS6.4AI score0.11334EPSS

Web

CVE•added 2015/11/11 12:59 p.m.•70 views

CVE-2015-6095

Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles password changes, which allows physically proximate attackers to bypass authenticatio...

4.9CVSS6.6AI score0.06476EPSS

CVE•added 2015/12/09 11:59 a.m.•70 views

CVE-2015-6173

The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory El...

7.2CVSS6.2AI score0.0345EPSS

CVE•added 2017/09/13 1:29 a.m.•70 views

CVE-2017-8710

The Microsoft Common Console Document (.msc) in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1 allows an attacker to read arbitrary files via an XML external entity (XXE) declaration, due to the way that the Microsoft Common Console Document (.msc) parses XML input containing a referen...

5.5CVSS5.5AI score0.33099EPSS

Web

CVE•added 2020/03/12 4:15 p.m.•70 views

CVE-2020-0844

An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability'.

7.8CVSS8.5AI score0.0037EPSS

CVE•added 2020/03/12 4:15 p.m.•70 views

CVE-2020-0871

An information disclosure vulnerability exists when Windows Network Connections Service fails to properly handle objects in memory, aka 'Windows Network Connections Service Information Disclosure Vulnerability'.

5.5CVSS6.5AI score0.01687EPSS

CVE•added 2023/07/11 6:15 p.m.•70 views

CVE-2023-33172

Remote Procedure Call Runtime Denial of Service Vulnerability

7.5CVSS7.8AI score0.03672EPSS

CVE•added 2024/10/08 6:15 p.m.•70 views

CVE-2024-38262

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

7.5CVSS8.5AI score0.00607EPSS

CVE•added 2024/10/08 6:15 p.m.•70 views

CVE-2024-43544

Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability

7.5CVSS8.2AI score0.19035EPSS

CVE•added 2015/03/11 10:59 a.m.•69 views

CVE-2015-0088

Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file...

9.3CVSS7.8AI score0.23727EPSS

CVE•added 2015/08/15 12:59 a.m.•69 views

CVE-2015-2430

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow attackers to bypass an application sandbox protection mechanism and perform unspecified filesystem actions via a crafted applica...

9.3CVSS6.5AI score0.05306EPSS

CVE•added 2015/08/15 12:59 a.m.•69 views

CVE-2015-2459

ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted Ope...

9.3CVSS7.3AI score0.54061EPSS

CVE•added 2015/08/15 12:59 a.m.•69 views

CVE-2015-2462

ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 ...

9.3CVSS7.4AI score0.43979EPSS

CVE•added 2015/11/11 12:59 p.m.•69 views

CVE-2015-6101

The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory El...

6.9CVSS6.3AI score0.20184EPSS

CVE•added 2020/05/21 11:15 p.m.•69 views

CVE-2020-1076

A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'.

5.5CVSS6.8AI score0.00266EPSS

CVE•added 2024/10/08 6:15 p.m.•69 views

CVE-2024-38261

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

7.8CVSS8.6AI score0.01492EPSS

CVE•added 2025/05/13 5:16 p.m.•69 views

CVE-2025-32707

Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally.

7.8CVSS7.5AI score0.00139EPSS

CVE•added 2009/06/10 6:0 p.m.•68 views

CVE-2009-0229

The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability."

4.9CVSS7AI score0.03631EPSS

CVE•added 2010/06/08 10:30 p.m.•68 views

CVE-2010-0485

The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute...

7.8CVSS6.7AI score0.00965EPSS

CVE•added 2014/06/11 4:56 a.m.•68 views

CVE-2014-1817

usp10.dll in Uniscribe (aka the Unicode Script Processor) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP1 and SP2, Live Meeting ...

9.3CVSS8.6AI score0.44437EPSS

CVE•added 2015/03/11 10:59 a.m.•68 views

CVE-2015-0073

The Windows Registry Virtualization feature in the kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict changes to virtual stores, which allows local ...

7.2CVSS6.3AI score0.04632EPSS

CVE•added 2015/04/14 8:59 p.m.•68 views

CVE-2015-1643

Microsoft Windows Server 2003 R2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted appl...

7.2CVSS6.4AI score0.02327EPSS

CVE•added 2015/06/10 1:59 a.m.•68 views

CVE-2015-1756

Use-after-free vulnerability in Microsoft Common Controls in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows user-assisted remote attackers to execute arbitrary code via a cra...

9.3CVSS7.4AI score0.44309EPSS

CVE•added 2015/09/09 12:59 a.m.•68 views

CVE-2015-2507

The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Font Driver Elevat...

7.2CVSS6.3AI score0.07689EPSS

Total number of security vulnerabilities2587