|
Microsoft » Windows Server 2008 : Security Vulnerabilities (CVSS score between 8 and 8.99)
# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2022-26829 |
362 |
|
Exec Code |
2022-04-15 |
2022-04-18 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826. |
2 |
CVE-2022-26822 |
362 |
|
Exec Code |
2022-04-15 |
2022-04-18 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. |
3 |
CVE-2022-26821 |
362 |
|
Exec Code |
2022-04-15 |
2022-04-18 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. |
4 |
CVE-2022-26820 |
362 |
|
Exec Code |
2022-04-15 |
2022-04-18 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. |
5 |
CVE-2022-26819 |
362 |
|
Exec Code |
2022-04-15 |
2022-04-18 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. |
6 |
CVE-2022-24533 |
|
|
Exec Code |
2022-04-15 |
2022-04-19 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
Remote Desktop Protocol Remote Code Execution Vulnerability. |
7 |
CVE-2022-22037 |
269 |
|
|
2022-07-12 |
2022-07-16 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30202, CVE-2022-30224. |
8 |
CVE-2022-21893 |
|
|
Exec Code |
2022-01-11 |
2022-05-23 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
Remote Desktop Protocol Remote Code Execution Vulnerability. |
9 |
CVE-2020-0655 |
20 |
|
Exec Code |
2020-02-11 |
2021-07-21 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop Services Remote Code Execution Vulnerability'. |
10 |
CVE-2019-1043 |
|
|
Exec Code |
2019-06-12 |
2020-08-24 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory, aka 'Comctl32 Remote Code Execution Vulnerability'. |
11 |
CVE-2019-0887 |
22 |
|
Exec Code Dir. Trav. |
2019-07-15 |
2020-08-24 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop Services Remote Code Execution Vulnerability'. |
12 |
CVE-2019-0603 |
|
|
Exec Code |
2019-04-08 |
2020-08-24 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with elevated permissions on a target system. To exploit the vulnerability, an attacker could create a specially crafted request, causing Windows to execute arbitrary code with elevated permissions. The security update addresses the vulnerability by correcting how Windows Deployment Services TFTP Server handles objects in memory, aka 'Windows Deployment Services TFTP Server Remote Code Execution Vulnerability'. |
13 |
CVE-2018-8308 |
404 |
|
|
2018-07-11 |
2019-10-03 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. |
14 |
CVE-2017-11885 |
20 |
|
Exec Code |
2017-12-12 |
2019-04-26 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow a remote code execution vulnerability due to the way the Routing and Remote Access service handles requests, aka "Windows RRAS Service Remote Code Execution Vulnerability". |
15 |
CVE-2017-8633 |
863 |
|
|
2017-08-08 |
2019-10-03 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
Windows Error Reporting (WER) in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability, aka "Windows Error Reporting Elevation of Privilege Vulnerability". |
16 |
CVE-2015-0008 |
284 |
|
Exec Code |
2015-02-11 |
2019-10-29 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
The UNC implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not include authentication from the server to the client, which allows remote attackers to execute arbitrary code by making crafted data available on a UNC share, as demonstrated by Group Policy data from a spoofed domain controller, aka "Group Policy Remote Code Execution Vulnerability." |
17 |
CVE-2011-3416 |
264 |
|
Bypass |
2011-12-30 |
2020-09-28 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability." |
18 |
CVE-2009-1546 |
189 |
|
DoS Exec Code Overflow |
2009-08-12 |
2018-10-30 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
Integer overflow in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows allows remote attackers to execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI file, or cause a denial of service on a Windows XP SP2 or SP3, Server 2003 SP2, Vista Gold, SP1, or SP2, or Server 2008 Gold or SP2 system via a crafted AVI file, aka "AVI Integer Overflow Vulnerability." |
19 |
CVE-2008-4269 |
399 |
|
Exec Code |
2008-12-10 |
2018-10-12 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Windows Search Parsing Vulnerability." |
20 |
CVE-2008-4268 |
399 |
|
Exec Code |
2008-12-10 |
2018-10-12 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved Search Vulnerability." |
Total number of vulnerabilities : 20
Page :
1
(This Page)
|
|