Windows Server 2016
by Microsoft
CVEs (3,555)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-42279 | Med | 0.27 | 4.2 | 0.02 | Nov 10, 2021 | Chakra Scripting Engine Memory Corruption Vulnerability | ||
| CVE-2021-28316 | Med | 0.27 | 4.2 | 0.01 | Apr 13, 2021 | Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability | ||
| CVE-2020-1566 | Med | 0.27 | 4.2 | 0.02 | Aug 17, 2020 | An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete… | ||
| CVE-2018-8435 | Med | 0.27 | 4.2 | 0.01 | Sep 13, 2018 | A security feature bypass vulnerability exists when Windows Hyper-V BIOS loader fails to provide a high-entropy source, aka "Windows Hyper-V Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | ||
| CVE-2026-45642 | Low | 0.25 | 3.9 | 0.00 | Jun 9, 2026 | Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack. | ||
| CVE-2025-26633 | 0.25 | — | 0.32 | KEV | Mar 11, 2025 | Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally. | ||
| CVE-2024-30088 | 0.25 | — | 0.68 | KEV | Jun 11, 2024 | Windows Kernel Elevation of Privilege Vulnerability | ||
| CVE-2018-8449 | Low | 0.25 | 3.3 | 0.03 | Sep 13, 2018 | A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka "Device Guard Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | ||
| CVE-2018-0966 | Low | 0.25 | 3.3 | 0.02 | Apr 12, 2018 | A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka "Device Guard Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | ||
| CVE-2017-0159 | Low | 0.24 | 3.7 | 0.04 | Apr 12, 2017 | A security feature bypass vulnerability exists in Windows 10 1607, Windows Server 2012 R2, and Windows 2016 when ADFS incorrectly treats requests coming from Extranet clients as Intranet requests, aka "ADFS Security Feature Bypass Vulnerability." | ||
| CVE-2024-49039 | 0.23 | — | 0.14 | KEV | Nov 12, 2024 | Windows Task Scheduler Elevation of Privilege Vulnerability | ||
| CVE-2020-24588 | Low | 0.23 | 3.5 | 0.04 | May 11, 2021 | The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is… | ||
| CVE-2017-8676 | Low | 0.23 | 3.3 | 0.14 | Sep 13, 2017 | The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for… | ||
| CVE-2017-0042 | Low | 0.23 | 3.1 | 0.30 | Mar 17, 2017 | Windows Media Player in Microsoft Windows 8.1; Windows Server 2012 R2; Windows RT 8.1; Windows 7 SP1; Windows 2008 SP2 and R2 SP1, Windows Server 2016; Windows Vista SP2; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information via a crafted… | ||
| CVE-2024-49138 | 0.22 | — | 0.25 | KEV | Dec 10, 2024 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | ||
| CVE-2024-30051 | 0.22 | — | 0.06 | KEV | May 14, 2024 | Windows DWM Core Library Elevation of Privilege Vulnerability | ||
| CVE-2022-21977 | Low | 0.22 | 3.3 | 0.02 | Mar 9, 2022 | Media Foundation Information Disclosure Vulnerability | ||
| CVE-2020-17097 | Low | 0.22 | 3.3 | 0.01 | Dec 10, 2020 | Windows Digital Media Receiver Elevation of Privilege Vulnerability | ||
| CVE-2017-0188 | Low | 0.22 | 3.3 | 0.03 | Apr 12, 2017 | A Win32k information disclosure vulnerability exists in Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, Windows 10, and Windows Server 2016 when the win32k component improperly provides kernel information. An attacker who successfully exploited the… | ||
| CVE-2016-7214 | Low | 0.22 | 3.3 | 0.04 | Nov 10, 2016 | The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to bypass the ASLR protection… |
- risk 0.27cvss 4.2epss 0.02
Chakra Scripting Engine Memory Corruption Vulnerability
- risk 0.27cvss 4.2epss 0.01
Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability
- risk 0.27cvss 4.2epss 0.02
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete…
- risk 0.27cvss 4.2epss 0.01
A security feature bypass vulnerability exists when Windows Hyper-V BIOS loader fails to provide a high-entropy source, aka "Windows Hyper-V Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
- risk 0.25cvss 3.9epss 0.00
Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.
- risk 0.25cvss —epss 0.32
Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.
- risk 0.25cvss —epss 0.68
Windows Kernel Elevation of Privilege Vulnerability
- risk 0.25cvss 3.3epss 0.03
A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka "Device Guard Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
- risk 0.25cvss 3.3epss 0.02
A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka "Device Guard Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
- risk 0.24cvss 3.7epss 0.04
A security feature bypass vulnerability exists in Windows 10 1607, Windows Server 2012 R2, and Windows 2016 when ADFS incorrectly treats requests coming from Extranet clients as Intranet requests, aka "ADFS Security Feature Bypass Vulnerability."
- risk 0.23cvss —epss 0.14
Windows Task Scheduler Elevation of Privilege Vulnerability
- risk 0.23cvss 3.5epss 0.04
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is…
- risk 0.23cvss 3.3epss 0.14
The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for…
- risk 0.23cvss 3.1epss 0.30
Windows Media Player in Microsoft Windows 8.1; Windows Server 2012 R2; Windows RT 8.1; Windows 7 SP1; Windows 2008 SP2 and R2 SP1, Windows Server 2016; Windows Vista SP2; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information via a crafted…
- risk 0.22cvss —epss 0.25
Windows Common Log File System Driver Elevation of Privilege Vulnerability
- risk 0.22cvss —epss 0.06
Windows DWM Core Library Elevation of Privilege Vulnerability
- risk 0.22cvss 3.3epss 0.02
Media Foundation Information Disclosure Vulnerability
- risk 0.22cvss 3.3epss 0.01
Windows Digital Media Receiver Elevation of Privilege Vulnerability
- risk 0.22cvss 3.3epss 0.03
A Win32k information disclosure vulnerability exists in Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, Windows 10, and Windows Server 2016 when the win32k component improperly provides kernel information. An attacker who successfully exploited the…
- risk 0.22cvss 3.3epss 0.04
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to bypass the ASLR protection…
Page 120 of 178