Windows Server 2008@- Security Vulnerabilities and Issues — Page 50 of Windows Server 2008@- CVE List

CVE•added 2015/03/11 10:59 a.m.•48 views

CVE-2015-0087

Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to obtain sensitive information from kernel memory, and possibly...

5CVSS5.7AI score0.19489EPSS

CVE•added 2015/05/13 10:59 a.m.•48 views

CVE-2015-1698

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability,...

9.3CVSS7.8AI score0.33094EPSS

CVE•added 2025/05/13 5:15 p.m.•48 views

CVE-2025-29960

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

6.5CVSS6.3AI score0.00074EPSS

CVE•added 2025/05/13 5:15 p.m.•48 views

CVE-2025-29961

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

6.5CVSS6.3AI score0.00074EPSS

CVE•added 2025/06/10 5:21 p.m.•48 views

CVE-2025-32713

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

7.8CVSS7.8AI score0.00057EPSS

CVE•added 2009/11/11 7:30 p.m.•47 views

CVE-2009-1127

win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not correctly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application that triggers ...

7.2CVSS6.1AI score0.012EPSS

CVE•added 2011/02/09 1:0 a.m.•47 views

CVE-2011-0086

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka ...

7.2CVSS6.4AI score0.01164EPSS

CVE•added 2011/04/13 8:26 p.m.•47 views

CVE-2011-1235

CVE•added 2011/04/13 8:26 p.m.•47 views

CVE-2011-1241

7.2CVSS6.4AI score0.0061EPSS

CVE•added 2012/03/13 9:55 p.m.•47 views

CVE-2012-0157

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted application...

8.4CVSS6.3AI score0.01588EPSS

CVE•added 2012/06/12 10:55 p.m.•47 views

CVE-2012-1867

Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted TrueType font file that triggers incorre...

8.4CVSS6.7AI score0.01124EPSS

CVE•added 2025/05/13 5:16 p.m.•47 views

CVE-2025-30385

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

7.8CVSS7.5AI score0.00066EPSS

CVE•added 2025/06/10 5:22 p.m.•47 views

CVE-2025-33057

Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to deny service over a network.

6.5CVSS6.3AI score0.00187EPSS

CVE•added 2009/10/14 10:30 a.m.•46 views

CVE-2009-2529

Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not properly handle argument validation for unspecified variables, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Component Handling Vulnerability."

9.3CVSS7.2AI score0.26343EPSS

CVE•added 2011/02/09 1:0 a.m.•46 views

CVE-2011-0088

7.2CVSS6.3AI score0.00584EPSS

CVE-2011-1226

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer deref...

CVE-2011-1228

7.8CVSS6.5AI score0.01027EPSS

CVE-2011-1236

7.2CVSS6.4AI score0.01624EPSS

CVE-2011-1237

CVE•added 2011/07/13 11:55 p.m.•46 views

CVE-2011-1878

CVE•added 2011/07/13 11:55 p.m.•46 views

CVE-2011-1879

CVE•added 2025/05/13 5:15 p.m.•46 views

CVE-2025-29832

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

6.5CVSS6.5AI score0.00074EPSS

CVE•added 2025/05/13 5:15 p.m.•46 views

CVE-2025-29957

Uncontrolled resource consumption in Windows Deployment Services allows an unauthorized attacker to deny service locally.

6.2CVSS7AI score0.0043EPSS

CVE•added 2025/05/13 5:15 p.m.•46 views

CVE-2025-29968

Improper input validation in Active Directory Certificate Services (AD CS) allows an authorized attacker to deny service over a network.

6.5CVSS6.6AI score0.00231EPSS

CVE•added 2025/06/10 5:21 p.m.•46 views

CVE-2025-32716

Out-of-bounds read in Windows Media allows an authorized attacker to elevate privileges locally.

7.8CVSS7.5AI score0.00057EPSS

CVE•added 2009/09/08 10:30 p.m.•45 views

CVE-2009-1132

Heap-based buffer overflow in the Wireless LAN AutoConfig Service (aka Wlansvc) in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed wireless frame, aka "Wireless Frame Parsing Remote Code Execution Vulnerabilit...

9.3CVSS8.5AI score0.45545EPSS

CVE•added 2011/04/13 8:26 p.m.•45 views

CVE-2011-0675

CVE•added 2011/07/13 11:55 p.m.•45 views

CVE-2011-1884

CVE•added 2025/05/13 5:15 p.m.•45 views

CVE-2025-29830

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

6.5CVSS6.9AI score0.00223EPSS

CVE•added 2025/05/13 5:15 p.m.•45 views

CVE-2025-29956

Buffer over-read in Windows SMB allows an authorized attacker to disclose information over a network.

5.4CVSS6.7AI score0.00079EPSS

CVE•added 2025/05/13 5:15 p.m.•45 views

CVE-2025-29958

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

6.5CVSS6.6AI score0.00229EPSS

CVE•added 2025/06/10 5:21 p.m.•45 views

CVE-2025-32714

Improper access control in Windows Installer allows an authorized attacker to elevate privileges locally.

7.8CVSS7.6AI score0.00052EPSS

CVE•added 2009/10/14 10:30 a.m.•44 views

CVE-2009-2515

Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application that triggers an incorrect truncation of a 64-bit integer to a 32-bit integer, aka "...

7.2CVSS6.1AI score0.01635EPSS

CVE•added 2010/04/14 4:0 p.m.•44 views

CVE-2010-0810

The kernel in Microsoft Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, does not properly handle unspecified exceptions, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."

4.7CVSS6AI score0.0128EPSS

CVE•added 2011/04/13 6:55 p.m.•44 views

CVE-2011-0665

CVE•added 2011/04/13 8:26 p.m.•44 views

CVE-2011-1233

CVE•added 2011/06/16 8:55 p.m.•44 views

CVE-2011-1873

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate pointers during the parsing of OpenType (aka OTF) fonts, wh...

9.3CVSS7.6AI score0.33768EPSS

CVE•added 2008/10/15 12:12 a.m.•43 views

CVE-2008-2252

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Corruptio...

7.2CVSS6AI score0.01037EPSS

CVE•added 2011/04/13 8:26 p.m.•43 views

CVE-2011-0674

CVE•added 2011/04/13 8:26 p.m.•43 views

CVE-2011-1232

CVE•added 2009/08/12 5:30 p.m.•42 views

CVE-2009-1545

Unspecified vulnerability in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed header in a crafted AVI...

9.3CVSS7.5AI score0.57802EPSS

CVE•added 2010/02/26 7:30 p.m.•42 views

CVE-2010-0719

An unspecified API in Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not validate arguments, which allows local users to cause a denial of service (system crash) via a crafted application.

4.7CVSS6.4AI score0.00416EPSS

CVE•added 2010/08/11 6:47 p.m.•42 views

CVE-2010-2555

The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the length of strings in the registry, which allows local users to gain privileges or cause a denial of service (memory corruption) via vectors i...

6.8CVSS6.6AI score0.00765EPSS

CVE•added 2011/04/13 6:55 p.m.•42 views

CVE-2011-0666