Windows Server 2008
by Microsoft
CVEs (2,628)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-33053 | 0.19 | — | 0.82 | KEV | Jun 10, 2025 | External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network. | ||
| CVE-2024-43451 | 0.19 | — | 0.82 | KEV | Nov 12, 2024 | NTLM Hash Disclosure Spoofing Vulnerability | ||
| CVE-2024-38112 | 0.19 | — | 0.84 | KEV | Jul 9, 2024 | Windows MSHTML Platform Spoofing Vulnerability | ||
| CVE-2024-35250 | 0.19 | — | 0.25 | KEV | Jun 11, 2024 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | ||
| CVE-2025-29824 | 0.18 | — | 0.18 | KEV | Apr 8, 2025 | Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-30397 | 0.17 | — | 0.22 | KEV | May 13, 2025 | Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network. | ||
| CVE-2017-0096 | Low | 0.17 | 2.6 | 0.02 | Mar 17, 2017 | Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users to obtain sensitive information from host OS memory via a crafted… | ||
| CVE-2025-24054 | 0.16 | — | 0.59 | KEV | Mar 11, 2025 | External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network. | ||
| CVE-2024-43572 | 0.16 | — | 0.61 | KEV | Oct 8, 2024 | Microsoft Management Console Remote Code Execution Vulnerability | ||
| CVE-2025-21418 | 0.13 | — | 0.01 | KEV | Feb 11, 2025 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | ||
| CVE-2024-43461 | 0.13 | — | 0.52 | KEV | Sep 10, 2024 | Windows MSHTML Platform Spoofing Vulnerability | ||
| CVE-2024-38217 | 0.13 | — | 0.10 | KEV | Sep 10, 2024 | Windows Mark of the Web Security Feature Bypass Vulnerability | ||
| CVE-2024-38014 | 0.13 | — | 0.06 | KEV | Sep 10, 2024 | Windows Installer Elevation of Privilege Vulnerability | ||
| CVE-2025-59230 | 0.12 | — | 0.03 | KEV | Oct 14, 2025 | Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-24990 | 0.12 | — | 0.06 | KEV | Oct 14, 2025 | Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update. Fax… | ||
| CVE-2025-32709 | 0.12 | — | 0.02 | KEV | May 13, 2025 | Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-32706 | 0.12 | — | 0.02 | KEV | May 13, 2025 | Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-32701 | 0.12 | — | 0.01 | KEV | May 13, 2025 | Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-24993 | 0.12 | — | 0.02 | KEV | Mar 11, 2025 | Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-24991 | 0.12 | — | 0.02 | KEV | Mar 11, 2025 | Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally. |
- risk 0.19cvss —epss 0.82
External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network.
- risk 0.19cvss —epss 0.82
NTLM Hash Disclosure Spoofing Vulnerability
- risk 0.19cvss —epss 0.84
Windows MSHTML Platform Spoofing Vulnerability
- risk 0.19cvss —epss 0.25
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
- risk 0.18cvss —epss 0.18
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
- risk 0.17cvss —epss 0.22
Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.
- risk 0.17cvss 2.6epss 0.02
Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users to obtain sensitive information from host OS memory via a crafted…
- risk 0.16cvss —epss 0.59
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
- risk 0.16cvss —epss 0.61
Microsoft Management Console Remote Code Execution Vulnerability
- risk 0.13cvss —epss 0.01
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
- risk 0.13cvss —epss 0.52
Windows MSHTML Platform Spoofing Vulnerability
- risk 0.13cvss —epss 0.10
Windows Mark of the Web Security Feature Bypass Vulnerability
- risk 0.13cvss —epss 0.06
Windows Installer Elevation of Privilege Vulnerability
- risk 0.12cvss —epss 0.03
Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.
- risk 0.12cvss —epss 0.06
Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update. Fax…
- risk 0.12cvss —epss 0.02
Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.12cvss —epss 0.02
Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
- risk 0.12cvss —epss 0.01
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
- risk 0.12cvss —epss 0.02
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
- risk 0.12cvss —epss 0.02
Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally.
Page 73 of 132