Windows Server 2016
by Microsoft
CVEs (3,555)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-49761 | 0.00 | — | 0.00 | Aug 12, 2025 | Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-49757 | 0.00 | — | 0.01 | Aug 12, 2025 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | |||
| CVE-2025-49743 | 0.00 | — | 0.00 | Aug 12, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-49751 | 0.00 | — | 0.00 | Aug 12, 2025 | Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network. | |||
| CVE-2025-49742 | 0.00 | — | 0.00 | Jul 8, 2025 | Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to execute code locally. | |||
| CVE-2025-49740 | 0.00 | — | 0.01 | Jul 8, 2025 | Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network. | |||
| CVE-2025-47999 | 0.00 | — | 0.00 | Jul 8, 2025 | Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network. | |||
| CVE-2025-49732 | 0.00 | — | 0.00 | Jul 8, 2025 | Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-49729 | 0.00 | — | 0.01 | Jul 8, 2025 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | |||
| CVE-2025-49727 | 0.00 | — | 0.00 | Jul 8, 2025 | Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-49725 | 0.00 | — | 0.00 | Jul 8, 2025 | Use after free in Windows Notification allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-49722 | 0.00 | — | 0.00 | Jul 8, 2025 | Uncontrolled resource consumption in Windows Print Spooler Components allows an authorized attacker to deny service over an adjacent network. | |||
| CVE-2025-49684 | 0.00 | — | 0.00 | Jul 8, 2025 | Buffer over-read in Storage Port Driver allows an authorized attacker to disclose information locally. | |||
| CVE-2025-49681 | 0.00 | — | 0.01 | Jul 8, 2025 | Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | |||
| CVE-2025-49680 | 0.00 | — | 0.00 | Jul 8, 2025 | Improper link resolution before file access ('link following') in Windows Performance Recorder allows an authorized attacker to deny service locally. | |||
| CVE-2025-49679 | 0.00 | — | 0.00 | Jul 8, 2025 | Numeric truncation error in Windows Shell allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-49678 | 0.00 | — | 0.00 | Jul 8, 2025 | Null pointer dereference in Windows NTFS allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-49675 | 0.00 | — | 0.00 | Jul 8, 2025 | Use after free in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-49673 | 0.00 | — | 0.01 | Jul 8, 2025 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | |||
| CVE-2025-49669 | 0.00 | — | 0.01 | Jul 8, 2025 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. |
- CVE-2025-49761Aug 12, 2025risk 0.00cvss —epss 0.00
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
- CVE-2025-49757Aug 12, 2025risk 0.00cvss —epss 0.01
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
- CVE-2025-49743Aug 12, 2025risk 0.00cvss —epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
- CVE-2025-49751Aug 12, 2025risk 0.00cvss —epss 0.00
Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network.
- CVE-2025-49742Jul 8, 2025risk 0.00cvss —epss 0.00
Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to execute code locally.
- CVE-2025-49740Jul 8, 2025risk 0.00cvss —epss 0.01
Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network.
- CVE-2025-47999Jul 8, 2025risk 0.00cvss —epss 0.00
Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network.
- CVE-2025-49732Jul 8, 2025risk 0.00cvss —epss 0.00
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
- CVE-2025-49729Jul 8, 2025risk 0.00cvss —epss 0.01
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
- CVE-2025-49727Jul 8, 2025risk 0.00cvss —epss 0.00
Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
- CVE-2025-49725Jul 8, 2025risk 0.00cvss —epss 0.00
Use after free in Windows Notification allows an authorized attacker to elevate privileges locally.
- CVE-2025-49722Jul 8, 2025risk 0.00cvss —epss 0.00
Uncontrolled resource consumption in Windows Print Spooler Components allows an authorized attacker to deny service over an adjacent network.
- CVE-2025-49684Jul 8, 2025risk 0.00cvss —epss 0.00
Buffer over-read in Storage Port Driver allows an authorized attacker to disclose information locally.
- CVE-2025-49681Jul 8, 2025risk 0.00cvss —epss 0.01
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
- CVE-2025-49680Jul 8, 2025risk 0.00cvss —epss 0.00
Improper link resolution before file access ('link following') in Windows Performance Recorder allows an authorized attacker to deny service locally.
- CVE-2025-49679Jul 8, 2025risk 0.00cvss —epss 0.00
Numeric truncation error in Windows Shell allows an authorized attacker to elevate privileges locally.
- CVE-2025-49678Jul 8, 2025risk 0.00cvss —epss 0.00
Null pointer dereference in Windows NTFS allows an authorized attacker to elevate privileges locally.
- CVE-2025-49675Jul 8, 2025risk 0.00cvss —epss 0.00
Use after free in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.
- CVE-2025-49673Jul 8, 2025risk 0.00cvss —epss 0.01
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
- CVE-2025-49669Jul 8, 2025risk 0.00cvss —epss 0.01
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Page 144 of 178