Windows Server 2008@r2 Security Vulnerabilities and Issues — Page 51 of Windows Server 2008@r2 CVE List

6.5CVSS6.5AI score0.00194EPSS

CVE-2025-21217

Windows NTLM Spoofing Vulnerability

6.6CVSS6.5AI score0.00151EPSS

CVE-2025-21227

Windows Digital Media Elevation of Privilege Vulnerability

8.8CVSS9AI score0.00706EPSS

CVE-2025-21240

Windows Telephony Service Remote Code Execution Vulnerability

6.6CVSS6.5AI score0.00151EPSS

CVE-2025-21256

Windows Digital Media Elevation of Privilege Vulnerability

8.8CVSS9AI score0.00706EPSS

CVE-2025-21266

Windows Telephony Service Remote Code Execution Vulnerability

4.3CVSS4.6AI score0.00128EPSS

CVE-2025-21269

Windows HTML Platforms Security Feature Bypass Vulnerability

8.8CVSS9AI score0.0052EPSS

CVE-2025-21305

Windows Telephony Service Remote Code Execution Vulnerability

CVE•added 2025/03/11 5:16 p.m.•75 views

CVE-2025-24059

Incorrect conversion between numeric types in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

7.8CVSS7.6AI score0.00159EPSS

CVE•added 2025/03/11 5:16 p.m.•75 views

CVE-2025-24987

Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack.

6.8CVSS6.5AI score0.00139EPSS

CVE•added 2012/12/12 12:55 a.m.•74 views

CVE-2012-2556

The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to execute arbitrary cod...

9.3CVSS7.5AI score0.43491EPSS

CVE•added 2013/11/18 3:55 a.m.•74 views

CVE-2013-3876

DirectAccess in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly verify server X.509 certificates, which all...

7.1CVSS6.2AI score0.02855EPSS

CVE•added 2015/02/11 3:0 a.m.•74 views

CVE-2015-0003

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges or cause a denial of service (...

6.9CVSS6.5AI score0.26942EPSS

CVE•added 2015/07/14 10:59 p.m.•74 views

CVE-2015-2365

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted appli...

7.2CVSS6.5AI score0.2157EPSS

CVE•added 2015/12/09 11:59 a.m.•74 views

CVE-2015-6128

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Windows Library Loading Remote Code Execution Vulnerability."

7.2CVSS7AI score0.43967EPSS

CVE•added 2016/04/12 11:59 p.m.•74 views

CVE-2016-0153

OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 allows remote attackers to execute arbitrary code via a crafted file, aka "Windows OLE Remote Code Execution Vulnerability."

9.3CVSS7.2AI score0.33652EPSS

CVE•added 2016/05/11 1:59 a.m.•74 views

CVE-2016-0196

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vu...

7.8CVSS7.5AI score0.02289EPSS

CVE•added 2016/10/14 2:59 a.m.•74 views

CVE-2016-3262

Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync ...

5.5CVSS6AI score0.19061EPSS

CVE•added 2017/04/12 2:59 p.m.•74 views

CVE-2017-0191

A denial of service vulnerability exists in the way that Windows 7, Windows 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system t...

5.8CVSS6.1AI score0.01574EPSS

7.3CVSS5.8AI score0.00872EPSS

CVE-2017-0298

A DCOM object in Helppane.exe in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016, when configured to run as the interactive user, allows an authenticated attacker to...

CVE-2017-8462

The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Window...

CVE-2017-8485

CVE-2017-8491

CVE•added 2017/09/13 1:29 a.m.•74 views

CVE-2017-8683

Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an attacker to execute remote code by the way it handles embedded fonts, aka "Win32k ...

5.5CVSS7.2AI score0.66013EPSS

CVE•added 2017/09/13 1:29 a.m.•74 views

CVE-2017-8688

Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows information disclosure by the way it discloses kernel memory addresses, aka "Windows GDI+...

5.5CVSS6.1AI score0.26895EPSS

CVE•added 2018/03/14 5:29 p.m.•74 views

CVE-2018-0815

The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Windows 7 SP1 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows GDI Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0816, a...

7CVSS6.2AI score0.01338EPSS

CVE•added 2019/07/29 2:10 p.m.•74 views

CVE-2019-1116

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1094, CVE-2019-1095, CVE-2019-1098, CVE-2019-1099, CVE-2019-1100, CVE-2019-1101.

6.5CVSS6.1AI score0.12437EPSS

CVE•added 2019/08/14 9:15 p.m.•74 views

CVE-2019-1169

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or dele...

7.8CVSS7.7AI score0.01478EPSS

CVE•added 2019/11/12 7:15 p.m.•74 views

CVE-2019-1412

An information disclosure vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory, aka 'OpenType Font Driver Information Disclosure Vulnerability'.

5.5CVSS6.5AI score0.0064EPSS

CVE•added 2019/11/12 7:15 p.m.•74 views

CVE-2019-1415

An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerabi...

7.8CVSS8.5AI score0.0038EPSS

CVE•added 2020/02/11 10:15 p.m.•74 views

CVE-2020-0752

An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0666, CVE-2020-0667, CVE-2020-0735.

7.8CVSS8.1AI score0.00511EPSS

CVE•added 2020/03/12 4:15 p.m.•74 views

CVE-2020-0779

An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0798, CVE-2020-0814, CVE-2020-0842, CVE-2020-0843.

5.5CVSS6.4AI score0.00646EPSS

CVE•added 2023/07/11 6:15 p.m.•74 views

CVE-2023-35346

Windows DNS Server Remote Code Execution Vulnerability

6.6CVSS8.1AI score0.00226EPSS

CVE•added 2024/09/10 5:15 p.m.•74 views

CVE-2024-38247

Windows Graphics Component Elevation of Privilege Vulnerability

7.8CVSS8.6AI score0.00694EPSS

CVE•added 2024/09/10 5:15 p.m.•74 views

CVE-2024-38249

Windows Graphics Component Elevation of Privilege Vulnerability

7.8CVSS8.6AI score0.01311EPSS

CVE•added 2024/10/08 6:15 p.m.•74 views

CVE-2024-43564

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

8.8CVSS9.1AI score0.05181EPSS

CVE•added 2025/01/14 6:15 p.m.•74 views

CVE-2025-21277

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

7.5CVSS7.4AI score0.04371EPSS

CVE•added 2025/01/14 6:15 p.m.•74 views

CVE-2025-21288

Windows COM Server Information Disclosure Vulnerability

6.5CVSS6.3AI score0.00101EPSS

CVE•added 2025/01/14 6:15 p.m.•74 views

CVE-2025-21289

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

7.5CVSS7.4AI score0.01098EPSS

CVE•added 2025/04/08 6:15 p.m.•74 views

CVE-2025-26641

Uncontrolled resource consumption in Windows Cryptographic Services allows an unauthorized attacker to deny service over a network.

7.5CVSS7AI score0.10905EPSS

CVE•added 2014/07/08 10:55 p.m.•73 views

CVE-2014-1824

Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted Journal (aka .JNT) file, aka "Windows Journal Remot...

9.3CVSS8AI score0.09723EPSS

CVE•added 2014/11/11 10:55 p.m.•73 views

CVE-2014-6318

The audit logon feature in Remote Desktop Protocol (RDP) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly log unauthorized login attempts supplying valid credenti...

4.3CVSS6.7AI score0.34678EPSS

CVE•added 2015/08/15 12:59 a.m.•73 views

CVE-2015-2458

ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted Ope...

9.3CVSS7.3AI score0.54061EPSS

CVE•added 2015/12/09 11:59 a.m.•73 views

CVE-2015-6171

The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory El...

7.2CVSS6.2AI score0.0345EPSS

CVE•added 2016/11/10 6:59 a.m.•73 views

CVE-2016-3343

The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted appl...

9.3CVSS7.5AI score0.05377EPSS

CVE•added 2016/11/10 6:59 a.m.•73 views

CVE-2016-7221

Input Method Editor (IME) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles DLL loading, which allows local users to gain privileges via...

7.8CVSS7.6AI score0.01519EPSS

CVE•added 2017/04/12 2:59 p.m.•73 views

CVE-2017-0156

An elevation of privilege vulnerability exists in Windows 7, Windows 8.1, Windows RT 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 when the Microsoft Graphics Component fails to properly handle objects in memory, aka "Windows Graphics ...

7CVSS7.2AI score0.01085EPSS

CVE•added 2017/06/15 1:29 a.m.•73 views

CVE-2017-8474

The kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel...