Windows Server 2016 Security Vulnerabilities and Issues — Windows Server 2016 CVE List

A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.

4.7CVSS6.6AI score0.00633EPSS

CVE•added 2022/01/11 9:15 p.m.•355 views

CVE-2022-21894

Secure Boot Security Feature Bypass Vulnerability

4.9CVSS6.2AI score0.45082EPSS

In wild

CVE•added 2025/01/14 6:15 p.m.•319 views

CVE-2025-21189

MapUrlToZone Security Feature Bypass Vulnerability

4.3CVSS4.6AI score0.00174EPSS

CVE•added 2022/03/09 5:15 p.m.•268 views

CVE-2022-21977

Media Foundation Information Disclosure Vulnerability

4.3CVSS5.7AI score0.01033EPSS

CVE•added 2025/03/11 5:16 p.m.•240 views

CVE-2025-24984

Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack.

4.6CVSS6.1AI score0.17667EPSS

In wild

CVE•added 2024/04/09 5:15 p.m.•232 views

CVE-2024-29056

Windows Authentication Elevation of Privilege Vulnerability

4.3CVSS6.3AI score0.01412EPSS

CVE•added 2022/10/11 7:15 p.m.•211 views

CVE-2022-37981

Windows Event Logging Service Denial of Service Vulnerability

4.3CVSS6.3AI score0.05031EPSS

CVE•added 2022/07/12 11:15 p.m.•205 views

CVE-2022-21845

Windows Kernel Information Disclosure Vulnerability

4.7CVSS6.1AI score0.00875EPSS

CVE•added 2022/03/09 5:15 p.m.•204 views

CVE-2022-21975

Windows Hyper-V Denial of Service Vulnerability

4.7CVSS6.2AI score0.00137EPSS

CVE•added 2022/08/09 8:15 p.m.•198 views

CVE-2022-34704

Windows Defender Credential Guard Information Disclosure Vulnerability

4.7CVSS6.5AI score0.0173EPSS

CVE•added 2023/06/14 12:15 a.m.•191 views

CVE-2023-32019

Windows Kernel Information Disclosure Vulnerability

4.7CVSS6.5AI score0.03184EPSS

CVE•added 2024/01/09 6:15 p.m.•179 views

CVE-2024-20691

Windows Themes Information Disclosure Vulnerability

4.7CVSS5.3AI score0.00095EPSS

CVE•added 2018/11/14 1:29 a.m.•165 views

CVE-2018-8566

A security feature bypass vulnerability exists when Windows improperly suspends BitLocker Device Encryption, aka "BitLocker Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers.

4.6CVSS4.9AI score0.00217EPSS

CVE•added 2018/01/04 2:29 p.m.•164 views

CVE-2018-0746

The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Information Disclosure ...

4.7CVSS4.6AI score0.06726EPSS

CVE•added 2024/01/09 6:15 p.m.•159 views

CVE-2024-20662

Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability

4.9CVSS5.6AI score0.00817EPSS

CVE•added 2022/05/10 9:15 p.m.•153 views

CVE-2022-29127

BitLocker Security Feature Bypass Vulnerability

4.2CVSS6.5AI score0.00193EPSS

CVE•added 2024/04/09 5:15 p.m.•152 views

CVE-2024-28922

Secure Boot Security Feature Bypass Vulnerability

4.1CVSS6.1AI score0.0015EPSS

CVE•added 2018/01/04 2:29 p.m.•151 views

CVE-2018-0747

The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresse...

4.7CVSS4.6AI score0.06726EPSS

CVE•added 2019/03/06 12:0 a.m.•147 views

CVE-2019-0601

An information disclosure vulnerability exists when the Human Interface Devices (HID) component improperly handles objects in memory, aka 'HID Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0600.

4.7CVSS6.2AI score0.00549EPSS

CVE•added 2021/11/10 1:18 a.m.•136 views

CVE-2021-38631

Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability

4.4CVSS6.3AI score0.00352EPSS

CVE•added 2018/02/15 2:29 a.m.•132 views

CVE-2018-0829

4.7CVSS4.9AI score0.11699EPSS

CVE•added 2023/03/14 5:15 p.m.•131 views

CVE-2023-24911

Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability

4.3CVSS4.6AI score0.01968EPSS

CVE•added 2018/09/13 12:29 a.m.•129 views

CVE-2018-8468

An elevation of privilege vulnerability exists when Windows, allowing a sandbox escape, aka "Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008...

4.7CVSS5.8AI score0.06939EPSS

CVE•added 2019/04/09 9:29 p.m.•129 views

CVE-2019-0839

An information disclosure vulnerability exists when the Terminal Services component improperly discloses the contents of its memory, aka 'Windows Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0838.

4.4CVSS5.7AI score0.00695EPSS

CVE•added 2022/01/11 9:15 p.m.•128 views

CVE-2022-21900

Windows Hyper-V Security Feature Bypass Vulnerability

4.6CVSS6.7AI score0.00274EPSS

CVE•added 2021/11/10 1:19 a.m.•127 views

CVE-2021-41371

Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability

4.4CVSS6.3AI score0.00432EPSS

CVE•added 2018/01/04 2:29 p.m.•126 views

CVE-2018-0745

The Windows kernel in Windows 10 version 1703. Windows 10 version 1709, and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0746 and CVE-...

4.7CVSS4.6AI score0.06726EPSS

CVE•added 2018/08/15 5:29 p.m.•125 views

CVE-2018-8348

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Serv...

4.7CVSS5.6AI score0.01216EPSS

CVE•added 2019/04/09 3:29 a.m.•124 views

CVE-2019-0775

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0702, CVE-2019-0755, CVE-2019-0767, CVE-2019-0782.

4.7CVSS5.6AI score0.00908EPSS

CVE•added 2025/01/14 6:15 p.m.•123 views

CVE-2025-21329

MapUrlToZone Security Feature Bypass Vulnerability

4.3CVSS4.6AI score0.00111EPSS

CVE•added 2017/03/17 12:59 a.m.•122 views

CVE-2017-0073

The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a ...

4.3CVSS4.3AI score0.14618EPSS

CVE•added 2025/01/14 6:15 p.m.•122 views

CVE-2025-21213

Secure Boot Security Feature Bypass Vulnerability

4.6CVSS4.7AI score0.00143EPSS

CVE•added 2019/03/06 12:0 a.m.•121 views

CVE-2019-0600

4.7CVSS6.2AI score0.00549EPSS

CVE•added 2018/02/15 2:29 a.m.•119 views

CVE-2018-0832

The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how objects in memory are handled, aka "Windows Information Disclosure Vulnera...

4.7CVSS4.9AI score0.11699EPSS

CVE•added 2018/08/15 5:29 p.m.•118 views

CVE-2018-8341

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Serv...

4.7CVSS5.6AI score0.01216EPSS

CVE•added 2022/07/12 11:15 p.m.•117 views

CVE-2022-30212

Windows Connected Devices Platform Service Information Disclosure Vulnerability

4.7CVSS6.1AI score0.00312EPSS

CVE•added 2018/03/14 5:29 p.m.•116 views

CVE-2018-0898

The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memo...

4.7CVSS4.7AI score0.11699EPSS

CVE•added 2021/10/13 1:15 a.m.•115 views

CVE-2021-41337

Active Directory Security Feature Bypass Vulnerability

4.9CVSS6.2AI score0.00524EPSS

CVE•added 2018/02/15 2:29 a.m.•114 views

CVE-2018-0830

4.7CVSS4.9AI score0.11699EPSS

CVE•added 2018/02/15 2:29 a.m.•113 views

CVE-2018-0757

4.7CVSS5AI score0.02056EPSS

CVE•added 2022/05/10 9:15 p.m.•110 views

CVE-2022-24466

Windows Hyper-V Security Feature Bypass Vulnerability

4.1CVSS6.5AI score0.01318EPSS

CVE•added 2018/03/14 5:29 p.m.•109 views

CVE-2018-0897

4.7CVSS4.7AI score0.11699EPSS

CVE•added 2020/08/17 7:15 p.m.•108 views

CVE-2020-1578

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a ker...

4.7CVSS5.7AI score0.00378EPSS

CVE•added 2023/01/10 10:15 p.m.•108 views

CVE-2023-21766

Windows Overlay Filter Information Disclosure Vulnerability

4.7CVSS4.8AI score0.03918EPSS

CVE•added 2018/06/14 12:29 p.m.•107 views

CVE-2018-8207

4.7CVSS5.3AI score0.01934EPSS

CVE•added 2018/10/10 1:29 p.m.•106 views

CVE-2018-8320

A security feature bypass vulnerability exists in DNS Global Blocklist feature, aka "Windows DNS Security Feature Bypass Vulnerability." This affects Windows Server 2012 R2, Windows Server 2008, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windo...

4.3CVSS5.6AI score0.01939EPSS

CVE•added 2018/03/14 5:29 p.m.•105 views

CVE-2018-0896

4.7CVSS4.7AI score0.11699EPSS

Total number of security vulnerabilities112