Lucene search
+L
MicrosoftWindows Server 2008sp2

66 matches found

CVE
CVE
added 2021/06/08 10:46 p.m.1224 views

CVE-2021-31956

CVE-2021-31956 is a Windows NTFS local privilege-escalation vulnerability that Microsoft and security researchers have shown can be exploited via manipulation of the Windows kernel’s WNF/NTFS interaction and pool-heap exploitation techniques to obtain SYSTEM-level access. Public materials describ...

9.3CVSS8.5AI score0.20268EPSS
In wild
CVE
CVE
added 2021/06/08 10:46 p.m.1206 views

CVE-2021-33742

CVE-2021-33742 is a memory-corruption remote code execution vulnerability in Microsoft Windows MSHTML/Internet Explorer. The IE/MSHTML bugchain included a use-after-free (user-controlled callback between two actions) and a buffer overflow in MSHTML, enabling arbitrary code execution. In-the-wild ...

8.8CVSS8.8AI score0.59139EPSS
In wild
CVE
CVE
added 2018/05/22 12:0 p.m.869 views

CVE-2018-3639

CVE-2018-3639 is a speculative execution side‑channel vulnerability (SSB) that can leak memory via speculative stores. The Connected ALMA doc notes a mitigation: SSB is disabled by the new alt-java launcher, reducing impact at the cost of performance, and it references OpenJDK 8u282 as part of th...

5.5CVSS5.9AI score0.60631EPSS
In wild
CVE
CVE
added 2009/09/08 10:0 p.m.717 views

CVE-2009-3103

CVE-2009-3103 affects SMBv2 in srv2.sys on Windows Vista (Gold, SP1, SP2), Windows Server 2008 (Gold, SP2), and Windows 7 RC. Description and NSE/script references describe an out-of-bounds/array indexing issue in the SMB Negotiation protocol handling (ProcessID High header) that can allow remote...

10CVSS9.4AI score0.90121EPSS
CVE
CVE
added 2024/12/10 5:49 p.m.517 views

CVE-2024-49138

Summary (CVE-2024-49138): A heap-based buffer overflow in the Windows Common Log File System Driver (CLFS.sys) enables local Elevation of Privilege on Windows 11/23h2 (and other supported builds). Public PoCs and exploits exist (GitHub PoC repos and exploits referenced in multiple sources), with ...

7.8CVSS7.5AI score0.25414EPSS
In wild
CVE
CVE
added 2022/05/10 8:33 p.m.431 views

CVE-2022-22012

Technical details about CVE-2022-22012 are not publicly provided in the connected documents. The materials mention updates and mitigations but do not specify affected products/versions or remediation for this CVE. Monitor for updates.

9.8CVSS9.4AI score0.03926EPSS
CVE
CVE
added 2022/05/10 8:33 p.m.375 views

CVE-2022-26937

CVE-2022-26937 is a Windows Network File System (NFS) remote code execution vulnerability. Exploitation could occur over the network via an unauthenticated, specially crafted call to an NFS service. NFSv4.1 is not affected; the patch addresses the vulnerability in NFS versions 2.0 and 3.0. In the...

9.8CVSS9.7AI score0.76766EPSS
CVE
CVE
added 2023/11/14 5:57 p.m.330 views

CVE-2023-36705

Technical details about CVE-2023-36705 (affected product/component/root cause/impact) are not provided in the connected documents. The supplied materials reference Windows updates and security advisories but do not disclose CVE-specific technical data. Monitor for updates.

7.8CVSS8.6AI score0.00677EPSS
CVE
CVE
added 2022/05/10 8:33 p.m.294 views

CVE-2022-26931

CVE-2022-26931 is a Windows Kerberos elevation-of-privilege issue tied to certificate-to-account mapping changes in Active Directory. Microsoft KBs and Citrix documents describe remediation via certificate-mapping updates (e.g., KB5014754 and related out‑of‑band mitigations) to address how certif...

7.5CVSS8.5AI score0.02434EPSS
In wild
CVE
CVE
added 2023/11/14 5:57 p.m.263 views

CVE-2023-36397

Technical details about CVE-2023-36397 are not provided in the supplied documents. No affected products, versions, root cause, impact, or remediation are specified here. Monitor for future updates from official advisories.

9.8CVSS9.7AI score0.1751EPSS
CVE
CVE
added 2023/11/14 5:57 p.m.251 views

CVE-2023-36402

Technical details about CVE-2023-36402 (affected products, root cause, impact, and fixes) are not provided in the connected documents. Please monitor for official disclosures and updates as new information becomes available.

8.8CVSS9.5AI score0.01785EPSS
CVE
CVE
added 2022/05/10 8:33 p.m.239 views

CVE-2022-22019

Technical details for CVE-2022-22019 are not provided in the connected documents. Public details (affected products, exploit info, impact, remediation) are not present here. Monitor for official updates.

8.8CVSS9.4AI score0.02493EPSS
CVE
CVE
added 2022/05/10 8:33 p.m.228 views

CVE-2022-22013

Technical details about CVE-2022-22013 are not provided in the connected documents; no affected products, root cause, or fixes are specified here. Monitor for updates.

8.8CVSS9.4AI score0.0227EPSS
CVE
CVE
added 2021/03/11 3:43 p.m.225 views

CVE-2021-26899

Technical details for CVE-2021-26899, including affected product/version, root cause, impact, and fix, are not provided in the connected documents. Monitor for updates from official sources.

7.8CVSS8.6AI score0.0086EPSS
In wild
CVE
CVE
added 2022/05/10 8:33 p.m.212 views

CVE-2022-23270

Technical details about CVE-2022-23270 are not present in the provided connected documents. Public information on affected products, root cause, and remediation is not provided here. Monitor Microsoft Security Update Guide and MSRC advisories for official details and fixes.

9.3CVSS9AI score0.73097EPSS
CVE
CVE
added 2021/06/08 10:46 p.m.209 views

CVE-2021-31962

Technical details (affected product/versions, root cause, impact, exploitability, and remediation) are not provided in the supplied documents. Monitor official disclosures and updates from the included sources for any forthcoming information.

9.8CVSS9.2AI score0.03808EPSS
CVE
CVE
added 2022/05/10 8:34 p.m.209 views

CVE-2022-29104

Technical details (affected products/components, root cause, impact, and exploit info) for CVE-2022-29104 are not provided in the connected documents. Monitor for updates; current sources here do not publish public vulnerability specifics beyond the CVE entry.

7.8CVSS8.6AI score0.1209EPSS
CVE
CVE
added 2021/03/11 3:43 p.m.203 views

CVE-2021-26897

CVE-2021-26897 is a Windows DNS Server remote code execution vulnerability. The connected sources indicate the issue is a buffer overflow caused by oversized dynamic update DNS queries with SIG records that can be written to disk, allowing code execution with Local System privileges when a domain...

10CVSS9.7AI score0.13912EPSS
CVE
CVE
added 2023/11/14 5:57 p.m.201 views

CVE-2023-36393

Technical details about CVE-2023-36393, including affected products, root cause, and fixes, are not publicly provided in the supplied documents. Monitor for updates from Microsoft and NVD.

7.8CVSS8.8AI score0.00994EPSS
CVE
CVE
added 2023/11/14 5:57 p.m.201 views

CVE-2023-36395

Technical details for CVE-2023-36395 are not publicly available in the provided documents. Monitor for updates from NVD/MSRC and related feeds.

7.5CVSS8.4AI score0.02458EPSS
CVE
CVE
added 2023/11/14 5:57 p.m.194 views

CVE-2023-36401

Technical details (affected product, root cause, impact, or patch) are not provided in the connected documents. Please monitor for updates from Microsoft or CVE references to get concrete details and remediation when they become available.

7.2CVSS8.3AI score0.01938EPSS
CVE
CVE
added 2021/11/10 12:47 a.m.188 views

CVE-2021-42282

Technical details for CVE-2021-42282 are not publicly provided in the connected documents. No specifics on affected product versions, root cause, or remediation are present. Monitor for updates.

8.8CVSS8AI score0.03293EPSS
CVE
CVE
added 2022/05/10 8:34 p.m.187 views

CVE-2022-29112

Technical details for CVE-2022-29112 are not provided in the supplied documents. OpenVAS references the CVE among others, but no product/impact/fix specifics are given here. Monitor for updates.

6.5CVSS7.6AI score0.03036EPSS
CVE
CVE
added 2022/05/10 8:33 p.m.186 views

CVE-2022-26934

CVE-2022-26934 is a Windows Graphics Component information disclosure vulnerability. Affects Windows graphics handling (Windows Graphics Component) and is disclosed as a network-exposed information disclosure with a base CVSSv3.1 score of 6.5 (vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)...

6.5CVSS7.6AI score0.02722EPSS
CVE
CVE
added 2022/05/10 8:33 p.m.185 views

CVE-2022-22014

Technical details about CVE-2022-22014 are not provided in the supplied connected documents. The initial description notes a Windows LDAP RCE vulnerability, but there are no concrete details on affected products, versions, root cause, impact, or fixes within the provided materials. Monitor for up...

8.8CVSS9.4AI score0.0227EPSS
CVE
CVE
added 2022/05/10 8:33 p.m.182 views

CVE-2022-26926

Public technical details for CVE-2022-26926 are not provided in the supplied documents. Monitor for updates.

7.8CVSS8.8AI score0.02573EPSS
CVE
CVE
added 2023/11/14 5:57 p.m.181 views

CVE-2023-36403

CVE-2023-36403 is linked to a Windows Kernel local privilege escalation involving registry virtualization. CIRCL’s CIRCL:CVE-2023-36403 entry explicitly notes “Windows Kernel bad locking in registry virtualization leads to race conditions,” indicating the root cause is locking/race-condition issu...

7CVSS8.1AI score0.00532EPSS
CVE
CVE
added 2022/05/10 8:33 p.m.180 views

CVE-2022-26935

Technical details about CVE-2022-26935 are not provided in the connected documents. The Initial document offers a basic description and CVSS info, but no specifics on affected products/versions, root cause, remediation, or exploit status. Monitor for updates.

6.5CVSS7.6AI score0.00987EPSS
CVE
CVE
added 2021/06/08 10:46 p.m.177 views

CVE-2021-31958

Technical details for CVE-2021-31958 are not publicly provided in the supplied documents; monitor for updates.

8.8CVSS8.3AI score0.0266EPSS
CVE
CVE
added 2013/11/12 1:0 a.m.171 views

CVE-2013-3918

CVE-2013-3918 is an out-of-bounds write vulnerability in the InformationCardSigninHelper Class ActiveX control (icardie.dll) used by Internet Explorer. The flaw exists when the ActiveX control is instantiated via a crafted webpage, enabling remote code execution with the current user’s privileges...

9.3CVSS7.5AI score0.73872EPSS
In wild
CVE
CVE
added 2022/05/10 8:33 p.m.171 views

CVE-2022-22011

Technical details (affected components, root cause, impact, and fixes) for CVE-2022-22011 are not provided in the supplied documents. No public details are included here. Monitor official advisories for updates.

5.5CVSS7AI score0.00786EPSS
CVE
CVE
added 2021/06/08 10:46 p.m.161 views

CVE-2021-31971

CVE-2021-31971 is a Windows security vulnerability described as a Windows HTML Platforms Security Feature Bypass. Connected sources confirm it is a remote, network-exploitable vulnerability in the HTML platforms component of Internet Explorer/Windows HTML Platform. Exploitation details in the Nes...

8.8CVSS7.7AI score0.02091EPSS
CVE
CVE
added 2022/04/15 7:5 p.m.160 views

CVE-2022-26829

CVE-2022-26829 is a Windows DNS Server Remote Code Execution vulnerability. The provided initial document lists CVSS v2 base score 8.5 (HIGH) with network access and user interaction not required, and CVSS v3.1 base score 6.6 (MEDIUM) with network access, high attack complexity, privileges requir...

8.5CVSS6.9AI score0.01841EPSS
CVE
CVE
added 2022/05/10 8:34 p.m.159 views

CVE-2022-29121

Technical details about CVE-2022-29121 are not provided in the supplied documents. No information on affected products/versions or fixes is available here. Monitor for updates from Microsoft/MSRC and vendor advisories.

6.5CVSS7.8AI score0.00884EPSS
CVE
CVE
added 2021/10/13 12:27 a.m.158 views

CVE-2021-40465

CVE-2021-40465, Windows Text Shaping Remote Code Execution Vulnerability, is documented with CVSS 3.1 base score 7.8 (HIGH) and CVSS2 base 6.8 (MEDIUM) by NVD/Microsoft, indicating LOCAL exploitability with LOW attack complexity and user interaction required. The available sources in the provided...

7.8CVSS8.2AI score0.02334EPSS
CVE
CVE
added 2022/05/10 8:34 p.m.158 views

CVE-2022-29115

Technical details about CVE-2022-29115 are not publicly provided in the supplied documents. No affected product/version or remediation is specified here. Monitor for updates.

7.8CVSS8.8AI score0.02207EPSS
CVE
CVE
added 2022/05/10 8:33 p.m.153 views

CVE-2022-26936

Technical details about CVE-2022-26936 are not provided in the Connected documents; only general security update KB articles are present. Monitor Microsoft advisories (KB5013941/3942/3943, etc.) for vulnerability-specific information and fixes.

6.5CVSS7.6AI score0.02714EPSS
CVE
CVE
added 2021/06/08 10:46 p.m.151 views

CVE-2021-31968

CVE-2021-31968 is a Windows Remote Desktop Services Denial of Service vulnerability. The vulnerability affects Microsoft Windows systems exposing Remote Desktop Services and can impact availability (per CVSS v3.1: HIGH, AV:N/AC:L/PR:N/UI:N/S:U/A:H). Connected sources confirm it as a remotely trig...

7.5CVSS8.4AI score0.03179EPSS
CVE
CVE
added 2021/06/08 10:46 p.m.145 views

CVE-2021-31973

CVE-2021-31973 is a Windows GPSVC Elevation of Privilege vulnerability. Affected component: GPSVC. Root cause not explicitly stated in the provided documents. CVSS v3.1 base score 7.8 (HIGH): Local attack, low privileges required, no user interaction, with high impact to confidentiality, integrit...

7.8CVSS8.4AI score0.0055EPSS
CVE
CVE
added 2022/01/11 8:22 p.m.142 views

CVE-2022-21880

CVE-2022-21880 is a Windows GDI+ Information Disclosure vulnerability. The NVD entry describes impact as a confidentiality breach with no integrity or availability impact. CVSS v2: base score 7.8 (NETWORK, LOW attack complexity, NONE auth, C:C/I:N/A:N). CVSS v3.1: base score 7.5 (AV:N/AC:L/PR:N/U...

7.8CVSS8.1AI score0.03883EPSS
CVE
CVE
added 2021/03/11 3:43 p.m.141 views

CVE-2021-26894

Technical details for CVE-2021-26894 are not provided in the connected documents. The NVD entry notes a Windows DNS Server RCE with CRITICAL severity (CVSS v3.1 9.8) but no specifics on affected versions or fixes are given here. Monitor for updates.

10CVSS9.6AI score0.06769EPSS
CVE
CVE
added 2018/09/13 12:0 a.m.138 views

CVE-2018-8392

CVE-2018-8392 is a heap-based buffer overflow in the Microsoft Jet Database Engine. The issue arises from improper handling of in-memory objects, enabling a remote, unauthenticated attacker to exploit by enticing a user to open a specially crafted Excel file, potentially leading to remote code ex...

9.3CVSS8AI score0.22757EPSS
CVE
CVE
added 2021/03/11 3:43 p.m.129 views

CVE-2021-26895

Technical details about CVE-2021-26895 are not available in the provided connected documents. The materials include general references to Windows DNS Server RCE and related advisories, but no product/version/impact/remediation specifics are given here. Monitor for updates.

10CVSS9.6AI score0.06769EPSS
CVE
CVE
added 2022/05/10 8:34 p.m.126 views

CVE-2022-29103

Technical details for CVE-2022-29103 are not publicly provided in the supplied documents. The connected items discuss Windows update KB entries and security issues, but none specify affected products/versions or remediation for this CVE.

7.8CVSS8.6AI score0.00606EPSS
CVE
CVE
added 2018/09/13 12:0 a.m.122 views

CVE-2018-8393

The connected advisory CPAI-2018-0959 confirms CVE-2018-8393: a remote code execution vulnerability in the Microsoft JET Database Engine (Jet) caused by a buffer overflow. An attacker could trigger it by convincing a user to open a specially crafted Excel file, enabling arbitrary code execution o...

9.3CVSS8AI score0.2248EPSS
CVE
CVE
added 2018/09/13 12:0 a.m.122 views

CVE-2018-8424

CVE-2018-8424 describes an information-disclosure vulnerability in the Windows GDI component where memory contents may be leaked. Affected products include Windows 7, Windows Server 2008 R2, Windows Server 2012, Windows 8.1, Windows 10 and their Server counterparts (e.g., Windows Server 2008, 201...

6.5CVSS6.3AI score0.12985EPSS
CVE
CVE
added 2022/05/10 8:34 p.m.121 views

CVE-2022-29105

No technical details about CVE-2022-29105 are present in the provided connected documents; monitor for updates.

7.8CVSS8.8AI score0.0266EPSS
CVE
CVE
added 2021/04/13 7:33 p.m.120 views

CVE-2021-28350

Technical details about CVE-2021-28350, including affected components, root cause, impact specifics, and patch information, are not provided in the connected documents. Please monitor official advisories and updates for substantive, fact-grounded details.

7.8CVSS8.3AI score0.00792EPSS
CVE
CVE
added 2018/09/13 12:0 a.m.119 views

CVE-2018-8434

CVE-2018-8434 is a Windows Hyper-V information disclosure vulnerability. It occurs when a host OS fails to properly validate input from an authenticated user on a guest OS, allowing potential disclosure of memory information. Affected platforms include Windows 7, Windows Server 2008/2012 families...

5.4CVSS5.5AI score0.03494EPSS
CVE
CVE
added 2021/04/13 7:33 p.m.118 views

CVE-2021-28437

Technical details for CVE-2021-28437 are not provided in the supplied documents. No concrete information on affected product versions, root cause, or fixes is present; monitor for updates as new disclosures or patches emerge.

5.5CVSS6.7AI score0.0076EPSS
Total number of security vulnerabilities66