Windows Server 2012
by Microsoft
CVEs (3,338)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-21525 | 0.13 | — | 0.05 | KEV | Feb 10, 2026 | Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally. | ||
| CVE-2025-21418 | 0.13 | — | 0.01 | KEV | Feb 11, 2025 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | ||
| CVE-2024-43573 | 0.13 | — | 0.44 | KEV | Oct 8, 2024 | Windows MSHTML Platform Spoofing Vulnerability | ||
| CVE-2024-43461 | 0.13 | — | 0.52 | KEV | Sep 10, 2024 | Windows MSHTML Platform Spoofing Vulnerability | ||
| CVE-2024-38217 | 0.13 | — | 0.10 | KEV | Sep 10, 2024 | Windows Mark of the Web Security Feature Bypass Vulnerability | ||
| CVE-2024-38014 | 0.13 | — | 0.06 | KEV | Sep 10, 2024 | Windows Installer Elevation of Privilege Vulnerability | ||
| CVE-2026-21510 | 0.12 | — | 0.26 | KEV | Feb 10, 2026 | Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network. | ||
| CVE-2026-20805 | 0.12 | — | 0.05 | KEV | Jan 13, 2026 | Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally. | ||
| CVE-2025-59230 | 0.12 | — | 0.03 | KEV | Oct 14, 2025 | Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-24990 | 0.12 | — | 0.06 | KEV | Oct 14, 2025 | Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update. Fax… | ||
| CVE-2025-32709 | 0.12 | — | 0.02 | KEV | May 13, 2025 | Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-32706 | 0.12 | — | 0.02 | KEV | May 13, 2025 | Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-32701 | 0.12 | — | 0.01 | KEV | May 13, 2025 | Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-24993 | 0.12 | — | 0.02 | KEV | Mar 11, 2025 | Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-24991 | 0.12 | — | 0.02 | KEV | Mar 11, 2025 | Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally. | ||
| CVE-2025-24985 | 0.12 | — | 0.04 | KEV | Mar 11, 2025 | Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-24984 | 0.12 | — | 0.02 | KEV | Mar 11, 2025 | Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack. | ||
| CVE-2025-24983 | 0.12 | — | 0.01 | KEV | Mar 11, 2025 | Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally. | ||
| CVE-2024-38107 | 0.12 | — | 0.02 | KEV | Aug 13, 2024 | Windows Power Dependency Coordinator Elevation of Privilege Vulnerability | ||
| CVE-2015-6132 | 0.10 | — | 0.85 | Dec 9, 2015 | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle library loading, which allows local users to gain privileges via a crafted… |
- risk 0.13cvss —epss 0.05
Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally.
- risk 0.13cvss —epss 0.01
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
- risk 0.13cvss —epss 0.44
Windows MSHTML Platform Spoofing Vulnerability
- risk 0.13cvss —epss 0.52
Windows MSHTML Platform Spoofing Vulnerability
- risk 0.13cvss —epss 0.10
Windows Mark of the Web Security Feature Bypass Vulnerability
- risk 0.13cvss —epss 0.06
Windows Installer Elevation of Privilege Vulnerability
- risk 0.12cvss —epss 0.26
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
- risk 0.12cvss —epss 0.05
Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.
- risk 0.12cvss —epss 0.03
Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.
- risk 0.12cvss —epss 0.06
Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update. Fax…
- risk 0.12cvss —epss 0.02
Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.12cvss —epss 0.02
Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
- risk 0.12cvss —epss 0.01
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
- risk 0.12cvss —epss 0.02
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
- risk 0.12cvss —epss 0.02
Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally.
- risk 0.12cvss —epss 0.04
Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally.
- risk 0.12cvss —epss 0.02
Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack.
- risk 0.12cvss —epss 0.01
Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.
- risk 0.12cvss —epss 0.02
Windows Power Dependency Coordinator Elevation of Privilege Vulnerability
- CVE-2015-6132Dec 9, 2015risk 0.10cvss —epss 0.85
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle library loading, which allows local users to gain privileges via a crafted…
Page 111 of 167