Windows Server 2008
by Microsoft
CVEs (2,628)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-4269 | 0.02 | — | 0.21 | Dec 10, 2008 | The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Windows Search… | |||
| CVE-2008-4268 | 0.02 | — | 0.21 | Dec 10, 2008 | The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved… | |||
| CVE-2008-2249 | 0.02 | — | 0.31 | Dec 10, 2008 | Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer… | |||
| CVE-2008-1435 | 0.02 | — | 0.29 | Jul 8, 2008 | Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted saved-search (.search-ms) files that are not properly handled when saving, aka "Windows Saved Search Vulnerability." | |||
| CVE-2008-1441 | 0.02 | — | 0.20 | Jun 12, 2008 | Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the "PGM Malformed… | |||
| CVE-2007-3091 | 0.02 | — | 0.28 | Jun 6, 2007 | Race condition in Microsoft Internet Explorer 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code or perform other actions upon a page transition, with… | |||
| CVE-2025-53143 | 0.01 | — | 0.01 | Aug 12, 2025 | Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network. | |||
| CVE-2025-47984 | 0.01 | — | 0.14 | Jul 8, 2025 | Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network. | |||
| CVE-2025-33057 | 0.01 | — | 0.01 | Jun 10, 2025 | Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to deny service over a network. | |||
| CVE-2025-29968 | 0.01 | — | 0.02 | May 13, 2025 | Improper input validation in Active Directory Certificate Services (AD CS) allows an authorized attacker to deny service over a network. | |||
| CVE-2025-27469 | 0.01 | — | 0.02 | Apr 8, 2025 | Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network. | |||
| CVE-2025-26673 | 0.01 | — | 0.02 | Apr 8, 2025 | Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network. | |||
| CVE-2025-26641 | 0.01 | — | 0.02 | Apr 8, 2025 | Uncontrolled resource consumption in Windows Cryptographic Services allows an unauthorized attacker to deny service over a network. | |||
| CVE-2025-21181 | 0.01 | — | 0.03 | Feb 11, 2025 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | |||
| CVE-2025-21409 | 0.01 | — | 0.01 | Jan 14, 2025 | Windows Telephony Service Remote Code Execution Vulnerability | |||
| CVE-2025-21417 | 0.01 | — | 0.01 | Jan 14, 2025 | Windows Telephony Service Remote Code Execution Vulnerability | |||
| CVE-2025-21339 | 0.01 | — | 0.01 | Jan 14, 2025 | Windows Telephony Service Remote Code Execution Vulnerability | |||
| CVE-2025-21307 | 0.01 | — | 0.02 | Jan 14, 2025 | Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability | |||
| CVE-2025-21276 | 0.01 | — | 0.02 | Jan 14, 2025 | Windows MapUrlToZone Denial of Service Vulnerability | |||
| CVE-2025-21413 | 0.01 | — | 0.01 | Jan 14, 2025 | Windows Telephony Service Remote Code Execution Vulnerability |
- CVE-2008-4269Dec 10, 2008risk 0.02cvss —epss 0.21
The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Windows Search…
- CVE-2008-4268Dec 10, 2008risk 0.02cvss —epss 0.21
The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved…
- CVE-2008-2249Dec 10, 2008risk 0.02cvss —epss 0.31
Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer…
- CVE-2008-1435Jul 8, 2008risk 0.02cvss —epss 0.29
Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted saved-search (.search-ms) files that are not properly handled when saving, aka "Windows Saved Search Vulnerability."
- CVE-2008-1441Jun 12, 2008risk 0.02cvss —epss 0.20
Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the "PGM Malformed…
- CVE-2007-3091Jun 6, 2007risk 0.02cvss —epss 0.28
Race condition in Microsoft Internet Explorer 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code or perform other actions upon a page transition, with…
- CVE-2025-53143Aug 12, 2025risk 0.01cvss —epss 0.01
Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network.
- CVE-2025-47984Jul 8, 2025risk 0.01cvss —epss 0.14
Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network.
- CVE-2025-33057Jun 10, 2025risk 0.01cvss —epss 0.01
Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to deny service over a network.
- CVE-2025-29968May 13, 2025risk 0.01cvss —epss 0.02
Improper input validation in Active Directory Certificate Services (AD CS) allows an authorized attacker to deny service over a network.
- CVE-2025-27469Apr 8, 2025risk 0.01cvss —epss 0.02
Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.
- CVE-2025-26673Apr 8, 2025risk 0.01cvss —epss 0.02
Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.
- CVE-2025-26641Apr 8, 2025risk 0.01cvss —epss 0.02
Uncontrolled resource consumption in Windows Cryptographic Services allows an unauthorized attacker to deny service over a network.
- CVE-2025-21181Feb 11, 2025risk 0.01cvss —epss 0.03
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
- CVE-2025-21409Jan 14, 2025risk 0.01cvss —epss 0.01
Windows Telephony Service Remote Code Execution Vulnerability
- CVE-2025-21417Jan 14, 2025risk 0.01cvss —epss 0.01
Windows Telephony Service Remote Code Execution Vulnerability
- CVE-2025-21339Jan 14, 2025risk 0.01cvss —epss 0.01
Windows Telephony Service Remote Code Execution Vulnerability
- CVE-2025-21307Jan 14, 2025risk 0.01cvss —epss 0.02
Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability
- CVE-2025-21276Jan 14, 2025risk 0.01cvss —epss 0.02
Windows MapUrlToZone Denial of Service Vulnerability
- CVE-2025-21413Jan 14, 2025risk 0.01cvss —epss 0.01
Windows Telephony Service Remote Code Execution Vulnerability
Page 86 of 132