Windows Server 2016 Security Vulnerabilities and Issues — Windows Server 2016 CVE List

A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.

4.7CVSS6.6AI score0.0065EPSS

CVE•added 2025/01/14 6:15 p.m.•318 views

CVE-2025-21189

MapUrlToZone Security Feature Bypass Vulnerability

4.3CVSS4.6AI score0.00162EPSS

CVE•added 2022/01/11 9:15 p.m.•317 views

CVE-2022-21894

Secure Boot Security Feature Bypass Vulnerability

4.9CVSS6.2AI score0.45082EPSS

CVE•added 2022/03/09 5:15 p.m.•267 views

CVE-2022-21977

Media Foundation Information Disclosure Vulnerability

4.3CVSS5.7AI score0.01025EPSS

CVE•added 2024/04/09 5:15 p.m.•230 views

CVE-2024-29056

Windows Authentication Elevation of Privilege Vulnerability

4.3CVSS6.3AI score0.01044EPSS

CVE•added 2022/10/11 7:15 p.m.•210 views

CVE-2022-37981

Windows Event Logging Service Denial of Service Vulnerability

4.3CVSS6.3AI score0.04734EPSS

CVE•added 2025/03/11 5:16 p.m.•209 views

CVE-2025-24984

Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack.

4.6CVSS6.1AI score0.19409EPSS

CVE•added 2022/03/09 5:15 p.m.•203 views

CVE-2022-21975

Windows Hyper-V Denial of Service Vulnerability

4.7CVSS6.2AI score0.00137EPSS

CVE•added 2022/07/12 11:15 p.m.•202 views

CVE-2022-21845

Windows Kernel Information Disclosure Vulnerability

4.7CVSS6.1AI score0.00891EPSS

CVE•added 2022/08/09 8:15 p.m.•196 views

CVE-2022-34704

Windows Defender Credential Guard Information Disclosure Vulnerability

4.7CVSS6.5AI score0.0173EPSS

CVE•added 2023/06/14 12:15 a.m.•190 views

CVE-2023-32019

Windows Kernel Information Disclosure Vulnerability

4.7CVSS6.5AI score0.02317EPSS

CVE•added 2024/01/09 6:15 p.m.•178 views

CVE-2024-20691

Windows Themes Information Disclosure Vulnerability

4.7CVSS5.3AI score0.00095EPSS

CVE•added 2018/01/04 2:29 p.m.•163 views

CVE-2018-0746

The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Information Disclosure ...

4.7CVSS4.6AI score0.06726EPSS

CVE•added 2018/11/14 1:29 a.m.•160 views

CVE-2018-8566

A security feature bypass vulnerability exists when Windows improperly suspends BitLocker Device Encryption, aka "BitLocker Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers.

4.6CVSS4.9AI score0.00217EPSS

CVE•added 2024/01/09 6:15 p.m.•158 views

CVE-2024-20662

Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability

4.9CVSS5.6AI score0.00817EPSS

CVE•added 2022/05/10 9:15 p.m.•152 views

CVE-2022-29127

BitLocker Security Feature Bypass Vulnerability

4.2CVSS6.5AI score0.00193EPSS

CVE•added 2024/04/09 5:15 p.m.•151 views

CVE-2024-28922

Secure Boot Security Feature Bypass Vulnerability

4.1CVSS6.1AI score0.00165EPSS

CVE•added 2018/01/04 2:29 p.m.•150 views

CVE-2018-0747

The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresse...

4.7CVSS4.6AI score0.06726EPSS

CVE•added 2019/03/06 12:0 a.m.•146 views

CVE-2019-0601

An information disclosure vulnerability exists when the Human Interface Devices (HID) component improperly handles objects in memory, aka 'HID Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0600.

4.7CVSS6.2AI score0.00549EPSS

CVE•added 2021/11/10 1:18 a.m.•134 views

CVE-2021-38631

Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability

4.4CVSS6.3AI score0.00332EPSS

CVE•added 2018/02/15 2:29 a.m.•131 views

CVE-2018-0829

4.7CVSS4.9AI score0.11699EPSS

CVE•added 2023/03/14 5:15 p.m.•130 views

CVE-2023-24911

Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability

4.3CVSS4.6AI score0.01968EPSS

CVE•added 2018/09/13 12:29 a.m.•128 views

CVE-2018-8468

An elevation of privilege vulnerability exists when Windows, allowing a sandbox escape, aka "Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008...

4.7CVSS5.8AI score0.05739EPSS

CVE•added 2019/04/09 9:29 p.m.•128 views

CVE-2019-0839

An information disclosure vulnerability exists when the Terminal Services component improperly discloses the contents of its memory, aka 'Windows Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0838.

4.4CVSS5.7AI score0.00695EPSS

CVE•added 2022/01/11 9:15 p.m.•127 views

CVE-2022-21900

Windows Hyper-V Security Feature Bypass Vulnerability

4.6CVSS6.7AI score0.00274EPSS

CVE•added 2021/11/10 1:19 a.m.•126 views

CVE-2021-41371

Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability

4.4CVSS6.3AI score0.00408EPSS

CVE•added 2018/01/04 2:29 p.m.•124 views

CVE-2018-0745

The Windows kernel in Windows 10 version 1703. Windows 10 version 1709, and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0746 and CVE-...

4.7CVSS4.6AI score0.06726EPSS

CVE•added 2018/08/15 5:29 p.m.•123 views

CVE-2018-8348

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Serv...

4.7CVSS5.6AI score0.01452EPSS

CVE•added 2019/04/09 3:29 a.m.•123 views

CVE-2019-0775

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0702, CVE-2019-0755, CVE-2019-0767, CVE-2019-0782.

4.7CVSS5.6AI score0.00908EPSS

CVE•added 2025/01/14 6:15 p.m.•122 views

CVE-2025-21329

MapUrlToZone Security Feature Bypass Vulnerability

4.3CVSS4.6AI score0.00103EPSS

CVE•added 2017/03/17 12:59 a.m.•121 views

CVE-2017-0073

The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a ...

4.3CVSS4.3AI score0.14618EPSS

CVE•added 2025/01/14 6:15 p.m.•121 views

CVE-2025-21213

Secure Boot Security Feature Bypass Vulnerability

4.6CVSS4.7AI score0.00126EPSS

CVE•added 2019/03/06 12:0 a.m.•120 views

CVE-2019-0600

4.7CVSS6.2AI score0.00549EPSS

CVE•added 2018/02/15 2:29 a.m.•117 views

CVE-2018-0832

The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how objects in memory are handled, aka "Windows Information Disclosure Vulnera...

4.7CVSS4.9AI score0.11699EPSS

CVE•added 2018/08/15 5:29 p.m.•117 views

CVE-2018-8341

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Serv...

4.7CVSS5.6AI score0.01452EPSS

CVE•added 2022/07/12 11:15 p.m.•116 views

CVE-2022-30212

Windows Connected Devices Platform Service Information Disclosure Vulnerability

4.7CVSS6.1AI score0.00105EPSS

CVE•added 2018/03/14 5:29 p.m.•115 views

CVE-2018-0898

The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memo...

4.7CVSS4.7AI score0.06807EPSS

CVE•added 2021/10/13 1:15 a.m.•114 views

CVE-2021-41337

Active Directory Security Feature Bypass Vulnerability

4.9CVSS6.2AI score0.00527EPSS

CVE•added 2018/02/15 2:29 a.m.•113 views

CVE-2018-0830

4.7CVSS4.9AI score0.11699EPSS

CVE•added 2018/02/15 2:29 a.m.•111 views

CVE-2018-0757

4.7CVSS5AI score0.01776EPSS

CVE•added 2022/05/10 9:15 p.m.•109 views

CVE-2022-24466

Windows Hyper-V Security Feature Bypass Vulnerability

4.1CVSS6.5AI score0.01318EPSS

CVE•added 2018/03/14 5:29 p.m.•107 views

CVE-2018-0897

4.7CVSS4.7AI score0.06807EPSS

CVE•added 2020/08/17 7:15 p.m.•106 views

CVE-2020-1578

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a ker...

4.7CVSS5.7AI score0.00378EPSS

CVE•added 2018/06/14 12:29 p.m.•105 views

CVE-2018-8207

4.7CVSS5.3AI score0.01934EPSS

CVE•added 2018/10/10 1:29 p.m.•105 views

CVE-2018-8320

A security feature bypass vulnerability exists in DNS Global Blocklist feature, aka "Windows DNS Security Feature Bypass Vulnerability." This affects Windows Server 2012 R2, Windows Server 2008, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windo...

4.3CVSS5.6AI score0.01976EPSS

CVE•added 2023/01/10 10:15 p.m.•105 views

CVE-2023-21766

Windows Overlay Filter Information Disclosure Vulnerability

4.7CVSS4.8AI score0.03918EPSS

CVE•added 2018/03/14 5:29 p.m.•104 views

CVE-2018-0896

4.7CVSS4.7AI score0.06807EPSS

Total number of security vulnerabilities112