Windows Server 2016 Security Vulnerabilities and Issues — Page 81 of Windows Server 2016 CVE List

Lucene search

MicrosoftWindows Server 2016

4166 matches found

CVE•added 2025/06/10 5:22 p.m.•63 views

CVE-2025-33055

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

5.5CVSS5.2AI score0.00048EPSS

CVE•added 2016/12/20 6:59 a.m.•62 views

CVE-2016-7273

The Graphics component in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Graphics Remote Code Execution Vulnerability."

9.3CVSS8.8AI score0.23064EPSS

CVE•added 2017/03/17 12:59 a.m.•62 views

CVE-2017-0080

The kernel-mode drivers in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2...

7.8CVSS6AI score0.06734EPSS

CVE•added 2017/10/13 1:29 p.m.•62 views

CVE-2017-11818

The Microsoft Windows Storage component on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass vulnerability when it fails to validate an integrity-level check, aka "Windows Storage Security F...

4.5CVSS6.5AI score0.01721EPSS

CVE•added 2017/06/15 1:29 a.m.•62 views

CVE-2017-8465

Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to run processes in an elevated context when the Windows kernel improperly handles objects in memory, aka "Win32k Elevation of Privilege Vulnerability."...

7.8CVSS5.5AI score0.06987EPSS

CVE•added 2017/06/15 1:29 a.m.•62 views

CVE-2017-8515

Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an unauthenticated attacker to send a specially crafted kernel mode request to cause a denial of service on the target system, aka "Windows VAD Cloning Denial of Service Vulnerability".

5.5CVSS5.4AI score0.00388EPSS

CVE•added 2017/09/13 1:29 a.m.•62 views

CVE-2017-8675

The Windows Kernel-Mode Drivers component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when the Win32k compo...

7CVSS7.2AI score0.01052EPSS

CVE•added 2017/09/13 1:29 a.m.•62 views

CVE-2017-8713

The Windows Hyper-V component on Microsoft Windows Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating sys...

5.3CVSS5.2AI score0.03199EPSS

CVE•added 2017/10/13 1:29 p.m.•62 views

CVE-2017-8715

The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Windows Security Feature Bypass".

5.3CVSS7AI score0.01906EPSS

CVE•added 2025/01/14 6:15 p.m.•62 views

CVE-2025-21193

Active Directory Federation Server Spoofing Vulnerability

6.5CVSS6.5AI score0.00092EPSS

CVE•added 2024/09/10 5:15 p.m.•61 views

CVE-2024-38233

Windows Networking Denial of Service Vulnerability

7.5CVSS7.5AI score0.27186EPSS

CVE•added 2024/09/10 5:15 p.m.•61 views

CVE-2024-38235

Windows Hyper-V Denial of Service Vulnerability

6.5CVSS7.8AI score0.00147EPSS

CVE•added 2025/01/14 6:15 p.m.•61 views

CVE-2025-21257

Windows WLAN AutoConfig Service Information Disclosure Vulnerability

5.5CVSS5.3AI score0.00082EPSS

CVE•added 2025/01/14 6:15 p.m.•61 views

CVE-2025-21304

Microsoft DWM Core Library Elevation of Privilege Vulnerability

7.8CVSS7.6AI score0.0017EPSS

CVE•added 2017/10/13 1:29 p.m.•60 views

CVE-2017-8693

The Microsoft Graphics Component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability in the way it handles objects in memory, aka "Microsoft Graphics Information Disclosure Vulnerability".

5.5CVSS6.6AI score0.06191EPSS

CVE•added 2024/11/12 6:15 p.m.•60 views

CVE-2024-43646

Windows Secure Kernel Mode Elevation of Privilege Vulnerability

7.8CVSS6.7AI score0.00187EPSS

CVE•added 2025/01/14 6:15 p.m.•60 views

CVE-2025-21300

Windows upnphost.dll Denial of Service Vulnerability

7.5CVSS7.5AI score0.01023EPSS

CVE•added 2025/05/13 5:15 p.m.•60 views

CVE-2025-29969

Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a network.

7.5CVSS7.6AI score0.00073EPSS

CVE•added 2025/06/10 5:22 p.m.•60 views

CVE-2025-33068

Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.

7.5CVSS7.4AI score0.11772EPSS

CVE•added 2025/06/10 5:24 p.m.•60 views

CVE-2025-47955

Improper privilege management in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.

7.8CVSS7.7AI score0.00052EPSS

CVE•added 2017/07/11 9:29 p.m.•59 views

CVE-2017-8584

Windows 10 1607 and Windows Server 2016 allow an attacker to execute code remotely via a specially crafted WiFi packet aka "HoloLens Remote Code Execution Vulnerability."

7.9CVSS7.2AI score0.02314EPSS

CVE•added 2020/07/14 11:15 p.m.•59 views

CVE-2020-1423

An elevation of privilege vulnerability exists in the way that the Windows Subsystem for Linux handles files, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'.

7.8CVSS8.6AI score0.003EPSS

CVE•added 2025/05/13 5:15 p.m.•59 views

CVE-2025-29954

Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.

5.9CVSS5.7AI score0.0059EPSS

CVE•added 2017/06/15 1:29 a.m.•58 views

CVE-2017-8494

Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a locally-authenticated attacker to run a specially crafted application on a targeted system when Windows Secure Kernel Mode fails to properly handle objects in memory, aka "Windows Elevation of Privilege Vulnerability".

7.3CVSS5.5AI score0.00591EPSS

CVE•added 2024/10/08 6:15 p.m.•58 views

CVE-2024-43534

Windows Graphics Component Information Disclosure Vulnerability

6.5CVSS7.4AI score0.00276EPSS

CVE•added 2025/05/13 5:15 p.m.•58 views

CVE-2025-24063

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

7.8CVSS7.8AI score0.00066EPSS

CVE•added 2025/05/13 5:15 p.m.•58 views

CVE-2025-29962

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.

8.8CVSS9.1AI score0.00083EPSS

CVE•added 2025/06/10 5:22 p.m.•58 views

CVE-2025-33061

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

5.5CVSS5.2AI score0.00048EPSS

CVE•added 2016/12/20 6:59 a.m.•57 views

CVE-2016-7271

The Secure Kernel Mode implementation in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows local users to bypass the virtual trust level (VTL) protection mechanism via a crafted application, aka "Secure Kernel Mode Elevation of Privilege Vulnerability."

7.8CVSS7.2AI score0.0012EPSS

CVE•added 2024/09/10 5:15 p.m.•57 views

CVE-2024-38232

Windows Networking Denial of Service Vulnerability

7.5CVSS7.5AI score0.27186EPSS

CVE•added 2024/12/12 2:4 a.m.•57 views

CVE-2024-49107

WmsRepair Service Elevation of Privilege Vulnerability

7.3CVSS7.2AI score0.00289EPSS

CVE•added 2025/02/11 6:15 p.m.•57 views

CVE-2025-21352

Internet Connection Sharing (ICS) Denial of Service Vulnerability

6.5CVSS7.3AI score0.00288EPSS

CVE•added 2025/05/13 5:15 p.m.•57 views

CVE-2025-29840

Stack-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.

8.8CVSS8AI score0.00083EPSS

CVE•added 2025/06/10 5:22 p.m.•57 views

CVE-2025-33050

Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network.

7.5CVSS7.3AI score0.0017EPSS

CVE•added 2025/06/10 5:23 p.m.•57 views

CVE-2025-33075

Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally.

7.8CVSS7.6AI score0.00064EPSS

CVE•added 2017/07/11 9:29 p.m.•56 views

CVE-2017-8574

Graphics in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Microsoft Graphics Component Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8573 and CVE-2017-8556...

7CVSS6.9AI score0.00972EPSS

CVE•added 2017/09/13 1:29 a.m.•55 views

CVE-2017-8706

The Windows Hyper-V component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability...

5.3CVSS5AI score0.03199EPSS

CVE•added 2020/05/21 11:15 p.m.•55 views

CVE-2020-1158

An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-115...

7.8CVSS7.7AI score0.12134EPSS

CVE•added 2025/06/10 5:22 p.m.•55 views

CVE-2025-33060

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

5.5CVSS5.2AI score0.00048EPSS

CVE•added 2017/07/11 9:29 p.m.•54 views

CVE-2017-8566

Microsoft Windows 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Windows Input Method Editor (IME) improperly handling parameters in a method of a DCOM class, aka "Windows IME Elevation of Privilege Vulnerability".

7CVSS6.7AI score0.00554EPSS

CVE•added 2025/01/14 6:15 p.m.•54 views

CVE-2025-21248

Windows Telephony Service Remote Code Execution Vulnerability

8.8CVSS9AI score0.00461EPSS

CVE•added 2025/01/14 6:16 p.m.•54 views

CVE-2025-21389

Windows upnphost.dll Denial of Service Vulnerability

7.5CVSS7.5AI score0.01023EPSS

CVE•added 2025/05/13 5:15 p.m.•54 views

CVE-2025-29967

Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.

8.8CVSS8.1AI score0.0017EPSS

CVE•added 2025/06/10 5:21 p.m.•54 views

CVE-2025-32712

Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

7.8CVSS8AI score0.00057EPSS

CVE•added 2025/06/10 5:22 p.m.•54 views

CVE-2025-33062

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

5.5CVSS5.2AI score0.00048EPSS

CVE•added 2016/12/20 6:59 a.m.•53 views

CVE-2016-7258

The kernel in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 mishandles page-fault system calls, which allows local users to obtain sensitive information from arbitrary processes via a crafted application, aka "Windows Kernel Memory Address Information Disclosure Vulnerability."

5.5CVSS5AI score0.00708EPSS

CVE•added 2017/08/08 9:29 p.m.•53 views

CVE-2017-8623

Windows Hyper-V in Windows 10 1607, 1703, and Windows Server 2016 allows a denial of service vulnerability when it fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability".

6.8CVSS7AI score0.01498EPSS

CVE•added 2017/09/13 1:29 a.m.•53 views

CVE-2017-8702

Windows Error Reporting (WER) in Microsoft Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows an attacker to gain greater access to sensitive information and system functionality, due to the way that WER handles and executes files, aka "Windows Elevation of Privilege Vulnerability".

7CVSS6.8AI score0.00889EPSS

CVE•added 2017/09/13 1:29 a.m.•53 views

CVE-2017-8712

The Windows Hyper-V component on Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability". This CVE ID i...

5.3CVSS4.9AI score0.03199EPSS

CVE•added 2025/05/13 5:15 p.m.•53 views

CVE-2025-29842

Acceptance of extraneous untrusted data with trusted data in UrlMon allows an unauthorized attacker to bypass a security feature over a network.

7.5CVSS7.7AI score0.00035EPSS

Total number of security vulnerabilities4166