Windows Server 2012
by Microsoft
CVEs (3,338)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-7237 | Med | 0.50 | 6.5 | 0.65 | Nov 10, 2016 | Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote… | ||
| CVE-2016-3375 | Hig | 0.50 | 7.5 | 0.17 | Sep 14, 2016 | The OLE Automation mechanism and VBScript scripting engine in Microsoft Internet Explorer 9 through 11, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow… | ||
| CVE-2016-0044 | Hig | 0.50 | 7.5 | 0.14 | Feb 10, 2016 | Sync Framework in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 allows remote attackers to cause a denial of service (SyncShareSvc service outage) via crafted "change batch" data, aka "Windows DLL Loading Denial of Service Vulnerability." | ||
| CVE-2026-44801 | Hig | 0.49 | 7.5 | 0.00 | Jun 9, 2026 | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-42909 | Hig | 0.49 | 7.5 | 0.00 | Jun 9, 2026 | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-40406 | Hig | 0.49 | 7.5 | 0.01 | May 12, 2026 | Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2026-35424 | Hig | 0.49 | 7.5 | 0.01 | May 12, 2026 | Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network. | ||
| CVE-2026-33096 | Hig | 0.49 | 7.5 | 0.01 | Apr 14, 2026 | Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to deny service over a network. | ||
| CVE-2026-32071 | Hig | 0.49 | 7.5 | 0.01 | Apr 14, 2026 | Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network. | ||
| CVE-2026-26154 | Hig | 0.49 | 7.5 | 0.01 | Apr 14, 2026 | Improper input validation in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network. | ||
| CVE-2026-20921 | Hig | 0.49 | 7.5 | 0.01 | Jan 13, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2025-49716 | Hig | 0.49 | 7.5 | 0.01 | Jul 8, 2025 | Uncontrolled resource consumption in Windows Netlogon allows an unauthorized attacker to deny service over a network. | ||
| CVE-2025-48814 | Hig | 0.49 | 7.5 | 0.01 | Jul 8, 2025 | Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an unauthorized attacker to bypass a security feature over a network. | ||
| CVE-2025-33068 | Hig | 0.49 | 7.5 | 0.01 | Jun 10, 2025 | Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. | ||
| CVE-2025-33056 | Hig | 0.49 | 7.5 | 0.01 | Jun 10, 2025 | Improper access control in Microsoft Local Security Authority Server (lsasrv) allows an unauthorized attacker to deny service over a network. | ||
| CVE-2025-32724 | Hig | 0.49 | 7.5 | 0.02 | Jun 10, 2025 | Uncontrolled resource consumption in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network. | ||
| CVE-2025-29969 | Hig | 0.49 | 7.5 | 0.01 | May 13, 2025 | Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a network. | ||
| CVE-2025-29831 | Hig | 0.49 | 7.5 | 0.01 | May 13, 2025 | Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-29810 | Hig | 0.49 | 7.5 | 0.02 | Apr 8, 2025 | Improper access control in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2025-27486 | Hig | 0.49 | 7.5 | 0.02 | Apr 8, 2025 | Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. |
- risk 0.50cvss 6.5epss 0.65
Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote…
- risk 0.50cvss 7.5epss 0.17
The OLE Automation mechanism and VBScript scripting engine in Microsoft Internet Explorer 9 through 11, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow…
- risk 0.50cvss 7.5epss 0.14
Sync Framework in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 allows remote attackers to cause a denial of service (SyncShareSvc service outage) via crafted "change batch" data, aka "Windows DLL Loading Denial of Service Vulnerability."
- risk 0.49cvss 7.5epss 0.00
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
- risk 0.49cvss 7.5epss 0.00
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
- risk 0.49cvss 7.5epss 0.01
Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.
- risk 0.49cvss 7.5epss 0.01
Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network.
- risk 0.49cvss 7.5epss 0.01
Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to deny service over a network.
- risk 0.49cvss 7.5epss 0.01
Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.
- risk 0.49cvss 7.5epss 0.01
Improper input validation in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network.
- risk 0.49cvss 7.5epss 0.01
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.
- risk 0.49cvss 7.5epss 0.01
Uncontrolled resource consumption in Windows Netlogon allows an unauthorized attacker to deny service over a network.
- risk 0.49cvss 7.5epss 0.01
Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an unauthorized attacker to bypass a security feature over a network.
- risk 0.49cvss 7.5epss 0.01
Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.
- risk 0.49cvss 7.5epss 0.01
Improper access control in Microsoft Local Security Authority Server (lsasrv) allows an unauthorized attacker to deny service over a network.
- risk 0.49cvss 7.5epss 0.02
Uncontrolled resource consumption in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.
- risk 0.49cvss 7.5epss 0.01
Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a network.
- risk 0.49cvss 7.5epss 0.01
Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.
- risk 0.49cvss 7.5epss 0.02
Improper access control in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network.
- risk 0.49cvss 7.5epss 0.02
Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.
Page 78 of 167