|
|
Microsoft » Windows Server 2008 : Security Vulnerabilities (CVSS score between 3 and 3.99)
| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2019-0986 |
264 |
|
|
2019-06-12 |
2019-06-13 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'. |
|
2 |
CVE-2018-0976 |
|
|
DoS |
2018-04-11 |
2019-10-02 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
|
A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka "Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. |
|
3 |
CVE-2017-11815 |
200 |
|
+Info |
2017-10-13 |
2019-05-16 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
The Microsoft Server Block Message (SMB) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability in the way that it handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". |
|
4 |
CVE-2017-8581 |
281 |
|
|
2017-07-11 |
2019-10-02 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8578, CVE-2017-8580, CVE-2017-8577, and CVE-2017-8467. |
|
5 |
CVE-2017-0191 |
|
|
DoS |
2017-04-12 |
2019-10-02 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
|
A denial of service vulnerability exists in the way that Windows 7, Windows 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding, aka "Windows Denial of Service Vulnerability." |
|
6 |
CVE-2016-3372 |
264 |
|
DoS |
2016-09-14 |
2018-10-12 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
The kernel API in Microsoft Windows Vista SP2 and Windows Server 2008 SP2 does not properly enforce permissions, which allows local users to spoof processes, spoof inter-process communication, or cause a denial of service via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability." |
|
7 |
CVE-2015-2374 |
200 |
|
+Info |
2015-07-14 |
2019-05-08 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
The Netlogon service in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2 does not properly implement domain-controller communication, which allows remote attackers to discover credentials by leveraging certain PDC access and spoofing the BDC role in a PDC communication channel, aka "Elevation of Privilege Vulnerability in Netlogon." |
|
8 |
CVE-2015-0009 |
254 |
|
Bypass |
2015-02-10 |
2019-05-15 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
Partial |
None |
|
The Group Policy Security Configuration policy implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows man-in-the-middle attackers to disable a signing requirement and trigger a revert-to-default action by spoofing domain-controller responses, aka "Group Policy Security Feature Bypass Vulnerability." |
|
9 |
CVE-2011-4434 |
264 |
|
Bypass |
2011-11-11 |
2018-10-30 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags. |
|
10 |
CVE-2009-0093 |
20 |
|
|
2009-03-11 |
2018-10-12 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and conduct man-in-the-middle attacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka "DNS Server Vulnerability in WPAD Registration Vulnerability," a related issue to CVE-2007-1692. |
Total number of vulnerabilities : 10
Page :
1
(This Page)
|
|
