Windows Server 2012 Security Vulnerabilities and Issues — Page 56 of Windows Server 2012 CVE List

6.5CVSS6.7AI score0.00103EPSS

CVE-2025-21197

Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the attacker doesn't have permission to list content.

CVE•added 2025/01/14 6:15 p.m.•82 views

CVE-2025-21244

Windows Telephony Service Remote Code Execution Vulnerability

8.8CVSS9AI score0.0076EPSS

CVE•added 2025/03/11 5:16 p.m.•82 views

CVE-2025-24051

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

8.8CVSS7.8AI score0.00321EPSS

6.8CVSS6.9AI score0.00098EPSS

CVE-2025-26637

Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

8.1CVSS7.9AI score0.0007EPSS

CVE-2025-26663

Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network.

7CVSS7.1AI score0.00023EPSS

CVE-2025-26665

Sensitive data storage in improperly locked memory in Windows upnphost.dll allows an authorized attacker to elevate privileges locally.

CVE•added 2025/04/08 6:16 p.m.•82 views

CVE-2025-27738

Improper access control in Windows Resilient File System (ReFS) allows an authorized attacker to disclose information over a network.

6.5CVSS6.7AI score0.00103EPSS

CVE•added 2025/05/13 5:15 p.m.•82 views

CVE-2025-29966

Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network.

8.8CVSS8.1AI score0.0017EPSS

CVE•added 2025/06/10 5:22 p.m.•82 views

CVE-2025-33070

Use of uninitialized resource in Windows Netlogon allows an unauthorized attacker to elevate privileges over a network.

8.1CVSS8AI score0.00212EPSS

CVE•added 2014/12/11 12:59 a.m.•81 views

CVE-2014-6355

The Graphics Component in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly process JPEG images, which makes it easier for remote attackers t...

5CVSS6.2AI score0.13294EPSS

CVE•added 2015/11/11 11:59 a.m.•81 views

CVE-2015-2478

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application that triggers a Winsock call referencing an i...

7.2CVSS6.5AI score0.02965EPSS

CVE•added 2016/10/14 2:59 a.m.•81 views

CVE-2016-0073

The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Pr...

5CVSS5.1AI score0.05869EPSS

CVE•added 2016/07/13 1:59 a.m.•81 views

CVE-2016-3238

The Print Spooler service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows man-in-the-middle attackers to execute arbitrary code by providing a crafted print driver du...

9.3CVSS8.1AI score0.15154EPSS

CVE•added 2016/11/10 6:59 a.m.•81 views

CVE-2016-7210

atmfd.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a craft...

6.5CVSS6.5AI score0.35475EPSS

CVE•added 2016/12/20 6:59 a.m.•81 views

CVE-2016-7292

The Installer in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles library loading, which allows local users to gain privileges via a craft...

7.8CVSS7.5AI score0.00849EPSS

5CVSS5.1AI score0.24455EPSS

CVE-2017-0287

Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Graphics Uniscribe Information Disclosure Vulnerability". This ...

CVE•added 2017/10/13 1:29 p.m.•81 views

CVE-2017-11816

The Microsoft Windows Graphics Device Interface (GDI) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability in the wa...

5.5CVSS6.6AI score0.00619EPSS

CVE•added 2017/11/15 3:29 a.m.•81 views

CVE-2017-11831

Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log on to an affected system, and run a specially crafted app...

4.7CVSS5.2AI score0.0122EPSS

Web

5CVSS4.8AI score0.14765EPSS

CVE-2017-8479

The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Window...

5CVSS4.8AI score0.14765EPSS

CVE-2017-8481

5CVSS4.8AI score0.14765EPSS

CVE-2017-8490

CVE•added 2019/06/12 2:29 p.m.•81 views

CVE-2019-1015

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.There are multiple ways an attacker could exploit ...

6.5CVSS5.6AI score0.07622EPSS

CVE•added 2020/02/11 10:15 p.m.•81 views

CVE-2020-0745

An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0715, CVE-2020-0792.

7.8CVSS8.1AI score0.00549EPSS

CVE•added 2020/03/12 4:15 p.m.•81 views

CVE-2020-0783

An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0781.

7.8CVSS8.5AI score0.00538EPSS

CVE•added 2020/04/15 3:15 p.m.•81 views

CVE-2020-0821

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1007.

5.5CVSS6.1AI score0.00409EPSS

CVE•added 2020/09/11 5:15 p.m.•81 views

CVE-2020-0875

An information disclosure vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system (low-integrity to medium-integrity).This vulnerability by itself does not allow arbitr...

5.5CVSS7.4AI score0.22378EPSS

CVE•added 2020/05/21 11:15 p.m.•81 views

CVE-2020-1010

An elevation of privilege vulnerability exists in Windows Block Level Backup Engine Service (wbengine) that allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. T...

7.8CVSS8.5AI score0.00397EPSS

CVE•added 2020/05/21 11:15 p.m.•81 views

CVE-2020-1154

An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'.

7.8CVSS8.5AI score0.00274EPSS

CVE•added 2020/09/11 5:15 p.m.•81 views

CVE-2020-1250

An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.To exploit this vulnerability, an attacker would have to log on ...

5.5CVSS6.3AI score0.0112EPSS

CVE•added 2020/09/11 5:15 p.m.•81 views

CVE-2020-1252

A remote code execution vulnerability exists when Windows improperly handles objects in memory. To exploit the vulnerability an attacker would have to convince a user to run a specially crafted application.An attacker who successfully exploited this vulnerability could execute arbitrary code and ta...

7.8CVSS8.4AI score0.1157EPSS

7.8CVSS8.6AI score0.00827EPSS

CVE-2020-1354

An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows UPnP Device Host Elevation of Privilege Vulnerability'. This CVE ID is unique f...

7.8CVSS8.5AI score0.00278EPSS

CVE-2020-1356

An elevation of privilege vulnerability exists when the Windows iSCSI Target Service improperly handles file operations, aka 'Windows iSCSI Target Service Elevation of Privilege Vulnerability'.

7.5CVSS8.7AI score0.09496EPSS

CVE-2020-1374

A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'.