CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Microsoft » Windows Server 2008 : Security Vulnerabilities (CVSS score between 3 and 3.99)

CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-30226 269 2022-07-12 2022-07-20
3.6
 None Local Low Not required None Partial Partial
Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22022, CVE-2022-22041, CVE-2022-30206.
2 CVE-2022-30225 269 2022-07-12 2022-07-20
3.6
 None Local Low Not required None Partial Partial
Windows Media Player Network Sharing Service Elevation of Privilege Vulnerability.
3 CVE-2022-29121 400 DoS 2022-05-10 2022-05-25
3.3
 None Local Network Low Not required None None Partial
Windows WLAN AutoConfig Service Denial of Service Vulnerability.
4 CVE-2022-26935 668 2022-05-10 2022-05-19
3.3
 None Local Network Low Not required Partial None None
Windows WLAN AutoConfig Service Information Disclosure Vulnerability.
5 CVE-2022-22022 2022-07-12 2022-07-16
3.6
 None Local Low Not required None Partial Partial
Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22041, CVE-2022-30206, CVE-2022-30226.
6 CVE-2022-21997 269 2022-02-09 2022-05-23
3.6
 None Local Low Not required None Partial Partial
Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21999, CVE-2022-22717, CVE-2022-22718.
7 CVE-2022-21900 Bypass 2022-01-11 2022-05-23
3.8
 None Local Network Medium ??? None Partial Partial
Windows Hyper-V Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-21905.
8 CVE-2021-36961 DoS 2021-09-15 2021-09-24
3.6
 None Local Low Not required None Partial Partial
Windows Installer Denial of Service Vulnerability
9 CVE-2021-1708 2021-01-12 2021-01-20
3.5
 None Remote Medium ??? Partial None None
Windows GDI+ Information Disclosure Vulnerability
10 CVE-2020-1333 269 2020-07-14 2021-07-21
3.7
 None Local High Not required Partial Partial Partial
An elevation of privilege vulnerability exists when Group Policy Services Policy Processing improperly handle reparse points, aka 'Group Policy Services Policy Processing Elevation of Privilege Vulnerability'.
11 CVE-2020-0785 269 2020-03-12 2020-03-18
3.6
 None Local Low Not required None Partial Partial
An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'.
12 CVE-2020-0730 59 2020-02-11 2020-02-14
3.6
 None Local Low Not required None Partial Partial
An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'.
13 CVE-2019-1454 269 2020-01-24 2020-01-27
3.6
 None Local Low Not required None Partial Partial
An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'.
14 CVE-2019-0986 59 2019-06-12 2020-08-24
3.6
 None Local Low Not required None Partial Partial
An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'.
15 CVE-2018-0976 DoS 2018-04-12 2019-10-03
3.5
 None Remote Medium ??? None None Partial
A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka "Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
16 CVE-2017-11815 200 +Info 2017-10-13 2019-05-16
3.5
 None Remote Medium ??? Partial None None
The Microsoft Server Block Message (SMB) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability in the way that it handles certain requests, aka "Windows SMB Information Disclosure Vulnerability".
17 CVE-2017-8581 281 2017-07-11 2019-10-03
3.7
 None Local High Not required Partial Partial Partial
Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8578, CVE-2017-8580, CVE-2017-8577, and CVE-2017-8467.
18 CVE-2017-0191 DoS 2017-04-12 2019-10-03
3.5
 None Remote Medium ??? None None Partial
A denial of service vulnerability exists in the way that Windows 7, Windows 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding, aka "Windows Denial of Service Vulnerability."
19 CVE-2016-3372 264 DoS 2016-09-14 2018-10-12
3.6
 None Local Low Not required None Partial Partial
The kernel API in Microsoft Windows Vista SP2 and Windows Server 2008 SP2 does not properly enforce permissions, which allows local users to spoof processes, spoof inter-process communication, or cause a denial of service via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability."
20 CVE-2015-2374 200 +Info 2015-07-14 2019-05-08
3.3
 None Local Network Low Not required Partial None None
The Netlogon service in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2 does not properly implement domain-controller communication, which allows remote attackers to discover credentials by leveraging certain PDC access and spoofing the BDC role in a PDC communication channel, aka "Elevation of Privilege Vulnerability in Netlogon."
21 CVE-2015-0009 254 Bypass 2015-02-11 2019-10-29
3.3
 None Local Network Low Not required None Partial None
The Group Policy Security Configuration policy implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows man-in-the-middle attackers to disable a signing requirement and trigger a revert-to-default action by spoofing domain-controller responses, aka "Group Policy Security Feature Bypass Vulnerability."
22 CVE-2011-4434 264 Bypass 2011-11-11 2020-09-28
3.6
 None Local Low Not required None Partial Partial
Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags.
23 CVE-2009-0093 20 2009-03-11 2019-02-26
3.5
 None Remote Medium ??? None Partial None
Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and conduct man-in-the-middle attacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka "DNS Server Vulnerability in WPAD Registration Vulnerability," a related issue to CVE-2007-1692.
Total number of vulnerabilities : 23   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.