Windows Server 2016 Security Vulnerabilities and Issues — Page 4 of Windows Server 2016 CVE List

4.3CVSS5.6AI score0.01976EPSS

CVE-2018-8320

A security feature bypass vulnerability exists in DNS Global Blocklist feature, aka "Windows DNS Security Feature Bypass Vulnerability." This affects Windows Server 2012 R2, Windows Server 2008, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windo...

5.5CVSS5.8AI score0.01075EPSS

CVE-2018-8486

An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows S...

8.4CVSS7.8AI score0.00766EPSS

CVE-2018-8489

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Wind...

8.4CVSS7.8AI score0.00766EPSS

CVE-2018-8490

CVE•added 2018/03/14 5:29 p.m.•104 views

CVE-2018-0896

The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memo...

CVE•added 2018/04/12 1:29 a.m.•104 views

CVE-2018-0966

A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka "Device Guard Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.

3.3CVSS5.8AI score0.00296EPSS

CVE•added 2018/05/09 7:29 p.m.•104 views

CVE-2018-8134

An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.

7CVSS7.5AI score0.07473EPSS

CVE•added 2018/06/14 12:29 p.m.•104 views

CVE-2018-8140

An Elevation of Privilege vulnerability exists when Cortana retrieves data from user input services without consideration for status, aka "Cortana Elevation of Privilege Vulnerability." This affects Windows 10 Servers, Windows 10.

6.8CVSS7.4AI score0.00929EPSS

CVE•added 2018/06/14 12:29 p.m.•104 views

CVE-2018-8169

An elevation of privilege vulnerability exists when the (Human Interface Device) HID Parser Library driver improperly handles objects in memory, aka "HIDParser Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server ...

7CVSS7.6AI score0.01451EPSS

CVE•added 2018/07/11 12:29 a.m.•104 views

CVE-2018-8307

A security feature bypass vulnerability exists when Microsoft WordPad improperly handles embedded OLE objects, aka "WordPad Security Feature Bypass Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2...

6.8CVSS6.5AI score0.01151EPSS

CVE•added 2018/09/13 12:29 a.m.•104 views

CVE-2018-8449

3.3CVSS5.3AI score0.01112EPSS

CVE•added 2018/03/14 5:29 p.m.•103 views

CVE-2018-0900

CVE•added 2018/11/09 9:29 p.m.•103 views

CVE-2018-17612

Sennheiser HeadSetup 7.3.4903 places Certification Authority (CA) certificates into the Trusted Root CA store of the local system, and publishes the private key in the SennComCCKey.pem file within the public software distribution, which allows remote attackers to spoof arbitrary web sites or softwa...

7.5CVSS7.4AI score0.01029EPSS

CVE•added 2018/06/14 12:29 p.m.•103 views

CVE-2018-8214

An elevation of privilege vulnerability exists in Windows when Desktop Bridge does not properly manage the virtual registry, aka "Windows Desktop Bridge Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8208.

7CVSS7.6AI score0.46044EPSS

CVE•added 2018/06/14 12:29 p.m.•103 views

CVE-2018-8226

A denial of service vulnerability exists in the HTTP 2.0 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP 2.0 requests, aka "HTTP.sys Denial of Service Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.

7.8CVSS7.6AI score0.07148EPSS

CVE•added 2018/10/10 1:29 p.m.•103 views

CVE-2018-8472

An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2...

5.5CVSS5.7AI score0.00974EPSS

CVE•added 2018/10/10 1:29 p.m.•103 views

CVE-2018-8481

An information disclosure vulnerability exists when Windows Media Player improperly discloses file information, aka "Windows Media Player Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2...

3.1CVSS4.9AI score0.02455EPSS

CVE•added 2018/10/10 1:29 p.m.•103 views

CVE-2018-8495

A remote code execution vulnerability exists when Windows Shell improperly handles URIs, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.

7.6CVSS7.8AI score0.68211EPSS

CVE•added 2018/02/15 2:29 a.m.•102 views

CVE-2018-0843

The Windows kernel in Windows 10 version 1709 and Windows Server, version 1709 allows an information disclosure vulnerability due to how objects in memory are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0742, CVE-2018-0756, CVE-2018-0809 and ...

4.7CVSS4.9AI score0.02947EPSS

CVE•added 2018/04/12 1:29 a.m.•102 views

CVE-2018-0890

A security feature bypass vulnerability exists when Active Directory incorrectly applies Network Isolation settings, aka "Active Directory Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.

5.3CVSS6.5AI score0.09956EPSS

CVE•added 2018/03/14 5:29 p.m.•102 views

CVE-2018-0895

CVE•added 2018/04/12 1:29 a.m.•102 views

CVE-2018-8116

A denial of service vulnerability exists in the way that Windows handles objects in memory, aka "Microsoft Graphics Component Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016,...

5.5CVSS6.4AI score0.00496EPSS

CVE•added 2018/12/12 12:29 a.m.•102 views

CVE-2018-8612

A Denial Of Service vulnerability exists when Connected User Experiences and Telemetry Service fails to validate certain function values, aka "Connected User Experiences and Telemetry Service Denial of Service Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Window...

5.5CVSS6.9AI score0.00352EPSS

CVE•added 2018/04/12 1:29 a.m.•101 views

CVE-2018-0964

An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability." This affects Windows 10, Windows 10 Servers. This CVE ID is uni...

6.1CVSS5.9AI score0.00534EPSS

CVE•added 2018/04/12 1:29 a.m.•101 views

CVE-2018-0973

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2...

CVE•added 2018/03/14 5:29 p.m.•101 views

CVE-2018-0977

The Windows kernel mode driver in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how objects are handled in memory, aka "Win32k Elevation of Privilege Vulnerability".

7CVSS6.9AI score0.00718EPSS

CVE•added 2018/05/09 7:29 p.m.•101 views

CVE-2018-8132

A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0854, CVE-2018-0958, CVE-2018-81...

5.3CVSS6.4AI score0.00558EPSS

CVE•added 2018/10/10 1:29 p.m.•101 views

CVE-2018-8493

An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets, aka "Windows TCP/IP Information Disclosure Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.

7.5CVSS6.8AI score0.06353EPSS

CVE•added 2018/08/15 5:29 p.m.•100 views

CVE-2018-8204

A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. T...

5.3CVSS6.7AI score0.00231EPSS

CVE•added 2018/09/13 12:29 a.m.•100 views

CVE-2018-8433

An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory, aka "Microsoft Graphics Component Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012,...

4.7CVSS5.2AI score0.01419EPSS

CVE•added 2018/10/10 1:29 p.m.•100 views

CVE-2018-8506

An Information Disclosure vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka "Microsoft Windows Codecs Library Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10, Windows Server 2019.

5.5CVSS6AI score0.18897EPSS

CVE•added 2018/03/14 5:29 p.m.•99 views

CVE-2018-0814

5.5CVSS4.8AI score0.06807EPSS

CVE•added 2018/03/14 5:29 p.m.•99 views

CVE-2018-0883

Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how file copy destinations ar...

7.6CVSS6.7AI score0.20607EPSS

CVE•added 2018/06/14 12:29 p.m.•99 views

CVE-2018-8175

An denial of service vulnerability exists when Windows NT WEBDAV Minirdr attempts to query a WEBDAV directory, aka "WEBDAV Denial of Service Vulnerability." This affects Windows 10 Servers, Windows 10.

7.1CVSS6.9AI score0.1091EPSS

CVE•added 2018/07/11 12:29 a.m.•99 views

CVE-2018-8313

7.8CVSS6.1AI score0.00563EPSS

CVE•added 2018/02/15 2:29 a.m.•98 views

CVE-2018-0844

The Windows Common Log File System (CLFS) driver in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability ...

7.8CVSS6.8AI score0.00717EPSS

CVE•added 2018/03/14 5:29 p.m.•98 views

CVE-2018-0901

CVE•added 2018/03/14 5:29 p.m.•98 views

CVE-2018-0904

The Windows kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows information disclosure vulnerability due to how memory addresses ar...

4.7CVSS5AI score0.01631EPSS

CVE•added 2018/04/12 1:29 a.m.•98 views

CVE-2018-0960

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Serv...

5.5CVSS5.2AI score0.02612EPSS

CVE•added 2018/04/12 1:29 a.m.•98 views

CVE-2018-0968

CVE•added 2018/04/12 1:29 a.m.•98 views

CVE-2018-0970

CVE•added 2018/06/14 12:29 p.m.•98 views

CVE-2018-0982

7CVSS7.6AI score0.11334EPSS

CVE•added 2018/05/21 1:29 p.m.•98 views

CVE-2018-8142

A security feature bypass exists when Windows incorrectly validates kernel driver signatures, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1035.

5.3CVSS5.4AI score0.00421EPSS

CVE•added 2018/04/12 1:29 a.m.•97 views

CVE-2018-0969

CVE•added 2018/04/19 1:29 a.m.•97 views

CVE-2018-1035

5.3CVSS5.4AI score0.00421EPSS

CVE•added 2018/06/14 12:29 p.m.•97 views

CVE-2018-8239

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.

5.5CVSS6.1AI score0.64467EPSS

CVE•added 2018/09/13 12:29 a.m.•97 views

CVE-2018-8438

A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Se...

6.8CVSS6.2AI score0.00513EPSS

CVE•added 2018/10/10 1:29 p.m.•97 views

CVE-2018-8484

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, W...

7.8CVSS7.5AI score0.00358EPSS

CVE•added 2018/10/10 1:29 p.m.•97 views

CVE-2018-8492

5.3CVSS6.2AI score0.00245EPSS

CVE•added 2018/04/12 1:29 a.m.•96 views

CVE-2018-0887

An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Win...