Windows Server 2016
by Microsoft
CVEs (3,555)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-59287 | 0.21 | — | 1.00 | KEV | Oct 14, 2025 | Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network. | ||
| CVE-2024-38193 | 0.21 | — | 0.28 | KEV | Aug 13, 2024 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | ||
| CVE-2024-26169 | 0.21 | — | 0.04 | KEV | Mar 12, 2024 | Windows Error Reporting Service Elevation of Privilege Vulnerability | ||
| CVE-2022-38022 | Low | 0.21 | 3.3 | 0.01 | Oct 11, 2022 | Windows Kernel Elevation of Privilege Vulnerability | ||
| CVE-2018-8482 | Low | 0.21 | 3.1 | 0.05 | Oct 10, 2018 | An information disclosure vulnerability exists when Windows Media Player improperly discloses file information, aka "Windows Media Player Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server… | ||
| CVE-2018-8481 | Low | 0.21 | 3.1 | 0.05 | Oct 10, 2018 | An information disclosure vulnerability exists when Windows Media Player improperly discloses file information, aka "Windows Media Player Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server… | ||
| CVE-2025-33073 | 0.19 | — | 0.65 | KEV | Jun 10, 2025 | Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2025-33053 | 0.19 | — | 0.82 | KEV | Jun 10, 2025 | External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network. | ||
| CVE-2024-43451 | 0.19 | — | 0.82 | KEV | Nov 12, 2024 | NTLM Hash Disclosure Spoofing Vulnerability | ||
| CVE-2024-38112 | 0.19 | — | 0.84 | KEV | Jul 9, 2024 | Windows MSHTML Platform Spoofing Vulnerability | ||
| CVE-2024-35250 | 0.19 | — | 0.25 | KEV | Jun 11, 2024 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | ||
| CVE-2025-29824 | 0.18 | — | 0.18 | KEV | Apr 8, 2025 | Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-30397 | 0.17 | — | 0.22 | KEV | May 13, 2025 | Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network. | ||
| CVE-2024-38213 | 0.17 | — | 0.13 | KEV | Aug 13, 2024 | Windows Mark of the Web Security Feature Bypass Vulnerability | ||
| CVE-2017-0096 | Low | 0.17 | 2.6 | 0.02 | Mar 17, 2017 | Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users to obtain sensitive information from host OS memory via a crafted… | ||
| CVE-2025-24054 | 0.16 | — | 0.59 | KEV | Mar 11, 2025 | External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network. | ||
| CVE-2024-43572 | 0.16 | — | 0.61 | KEV | Oct 8, 2024 | Microsoft Management Console Remote Code Execution Vulnerability | ||
| CVE-2017-11850 | Low | 0.16 | 2.5 | 0.03 | Nov 15, 2017 | Microsoft Graphics Component in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to log on to an affected system and run a specially crafted application due to… | ||
| CVE-2026-21513 | 0.14 | — | 0.15 | KEV | Feb 10, 2026 | Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network. | ||
| CVE-2026-21533 | 0.14 | — | 0.04 | KEV | Feb 10, 2026 | Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally. |
- risk 0.21cvss —epss 1.00
Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
- risk 0.21cvss —epss 0.28
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
- risk 0.21cvss —epss 0.04
Windows Error Reporting Service Elevation of Privilege Vulnerability
- risk 0.21cvss 3.3epss 0.01
Windows Kernel Elevation of Privilege Vulnerability
- risk 0.21cvss 3.1epss 0.05
An information disclosure vulnerability exists when Windows Media Player improperly discloses file information, aka "Windows Media Player Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server…
- risk 0.21cvss 3.1epss 0.05
An information disclosure vulnerability exists when Windows Media Player improperly discloses file information, aka "Windows Media Player Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server…
- risk 0.19cvss —epss 0.65
Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.
- risk 0.19cvss —epss 0.82
External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network.
- risk 0.19cvss —epss 0.82
NTLM Hash Disclosure Spoofing Vulnerability
- risk 0.19cvss —epss 0.84
Windows MSHTML Platform Spoofing Vulnerability
- risk 0.19cvss —epss 0.25
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
- risk 0.18cvss —epss 0.18
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
- risk 0.17cvss —epss 0.22
Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.
- risk 0.17cvss —epss 0.13
Windows Mark of the Web Security Feature Bypass Vulnerability
- risk 0.17cvss 2.6epss 0.02
Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users to obtain sensitive information from host OS memory via a crafted…
- risk 0.16cvss —epss 0.59
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
- risk 0.16cvss —epss 0.61
Microsoft Management Console Remote Code Execution Vulnerability
- risk 0.16cvss 2.5epss 0.03
Microsoft Graphics Component in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to log on to an affected system and run a specially crafted application due to…
- risk 0.14cvss —epss 0.15
Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.
- risk 0.14cvss —epss 0.04
Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
Page 121 of 178