CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Microsoft » Windows Server 2008 » SP2 * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:*:*
CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-26829 362 Exec Code 2022-04-15 2022-04-18
8.5
 None Remote Medium ??? Complete Complete Complete
Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826.
2 CVE-2021-40465 Exec Code 2021-10-13 2021-11-17
6.8
 None Remote Medium Not required Partial Partial Partial
Windows Text Shaping Remote Code Execution Vulnerability
3 CVE-2021-33742 Exec Code 2021-06-08 2021-06-14
6.8
 None Remote Medium Not required Partial Partial Partial
Windows MSHTML Platform Remote Code Execution Vulnerability
4 CVE-2021-31973 2021-06-08 2022-05-03
4.6
 None Local Low Not required Partial Partial Partial
Windows GPSVC Elevation of Privilege Vulnerability
5 CVE-2021-31971 Bypass 2021-06-08 2021-06-11
6.8
 None Remote Medium Not required Partial Partial Partial
Windows HTML Platform Security Feature Bypass Vulnerability
6 CVE-2021-31968 DoS 2021-06-08 2021-06-11
5.0
 None Remote Low Not required None None Partial
Windows Remote Desktop Services Denial of Service Vulnerability
7 CVE-2021-31962 Bypass 2021-06-08 2021-06-17
7.5
 None Remote Low Not required Partial Partial Partial
Kerberos AppContainer Security Feature Bypass Vulnerability
8 CVE-2021-31958 294 2021-06-08 2022-05-03
6.8
 None Remote Medium Not required Partial Partial Partial
Windows NTLM Elevation of Privilege Vulnerability
9 CVE-2021-31956 2021-06-08 2022-05-03
9.3
 None Remote Medium Not required Complete Complete Complete
Windows NTFS Elevation of Privilege Vulnerability
10 CVE-2021-28437 2021-04-13 2021-04-19
2.1
 None Local Low Not required Partial None None
Windows Installer Information Disclosure Vulnerability
11 CVE-2021-28350 Exec Code 2021-04-13 2021-04-20
4.6
 None Local Low Not required Partial Partial Partial
Windows GDI+ Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28348, CVE-2021-28349.
12 CVE-2021-28349 Exec Code 2021-04-13 2021-04-20
4.6
 None Local Low Not required Partial Partial Partial
Windows GDI+ Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28348, CVE-2021-28350.
13 CVE-2021-28348 Exec Code 2021-04-13 2021-04-20
4.6
 None Local Low Not required Partial Partial Partial
Windows GDI+ Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28349, CVE-2021-28350.
14 CVE-2021-28328 2021-04-13 2021-04-20
4.0
 None Remote Low ??? Partial None None
Windows DNS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-28323.
15 CVE-2021-27063 DoS 2021-03-11 2021-09-13
5.0
 None Remote Low Not required None None Partial
Windows DNS Server Denial of Service Vulnerability This CVE ID is unique from CVE-2021-26896.
16 CVE-2021-26901 2021-03-11 2022-05-03
7.2
 None Local Low Not required Complete Complete Complete
Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26872, CVE-2021-26898.
17 CVE-2021-26899 2021-03-11 2022-05-03
7.2
 None Local Low Not required Complete Complete Complete
Windows UPnP Device Host Elevation of Privilege Vulnerability
18 CVE-2021-26898 2021-03-11 2022-05-03
7.2
 None Local Low Not required Complete Complete Complete
Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26872, CVE-2021-26901.
19 CVE-2021-26897 Exec Code 2021-03-11 2021-09-13
10.0
 None Remote Low Not required Complete Complete Complete
Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26877, CVE-2021-26893, CVE-2021-26894, CVE-2021-26895.
20 CVE-2021-26894 Exec Code 2021-03-11 2021-09-13
10.0
 None Remote Low Not required Complete Complete Complete
Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26877, CVE-2021-26893, CVE-2021-26895, CVE-2021-26897.
21 CVE-2021-26872 2021-03-11 2022-05-03
4.6
 None Local Low Not required Partial Partial Partial
Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26898, CVE-2021-26901.
22 CVE-2021-26413 2021-04-13 2021-04-20
2.1
 None Local Low Not required None Partial None
Windows Installer Spoofing Vulnerability
23 CVE-2018-8434 200 +Info 2018-09-13 2021-09-13
5.2
 None Local Network Medium ??? Complete None None
An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
24 CVE-2018-8424 200 +Info 2018-09-13 2018-12-13
4.3
 None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8422.
25 CVE-2018-8393 Exec Code Overflow 2018-09-13 2020-08-24
9.3
 None Remote Medium Not required Complete Complete Complete
A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8392.
26 CVE-2018-8392 Exec Code Overflow 2018-09-13 2020-08-24
9.3
 None Remote Medium Not required Complete Complete Complete
A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8393.
27 CVE-2018-3639 203 Bypass 2018-05-22 2021-08-13
2.1
 None Local Low Not required Partial None None
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
28 CVE-2013-3918 119 DoS Exec Code Overflow 2013-11-12 2019-05-14
9.3
 None Remote Medium Not required Complete Complete Complete
The InformationCardSigninHelper Class ActiveX control in icardie.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted web page that is accessed by Internet Explorer, as exploited in the wild in November 2013, aka "InformationCardSigninHelper Vulnerability."
Total number of vulnerabilities : 28   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.