Windows Server 2016
by Microsoft
CVEs (3,555)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-30203 | Hig | 0.48 | 7.4 | 0.01 | Jul 12, 2022 | Windows Boot Manager Security Feature Bypass Vulnerability | ||
| CVE-2022-22040 | Hig | 0.48 | 7.3 | 0.01 | Jul 12, 2022 | Internet Information Services Dynamic Compression Module Denial of Service Vulnerability | ||
| CVE-2022-21881 | Hig | 0.48 | 7.0 | 0.25 | Jan 11, 2022 | Windows Kernel Elevation of Privilege Vulnerability | ||
| CVE-2021-31186 | Hig | 0.48 | 7.4 | 0.03 | May 11, 2021 | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | ||
| CVE-2021-1706 | Hig | 0.48 | 7.3 | 0.02 | Jan 12, 2021 | Windows LUAFV Elevation of Privilege Vulnerability | ||
| CVE-2021-1704 | Hig | 0.48 | 7.3 | 0.01 | Jan 12, 2021 | Windows Hyper-V Elevation of Privilege Vulnerability | ||
| CVE-2021-1685 | Hig | 0.48 | 7.3 | 0.01 | Jan 12, 2021 | Windows AppX Deployment Extensions Elevation of Privilege Vulnerability | ||
| CVE-2020-17103 | Hig | 0.48 | 7.0 | 0.27 | Dec 10, 2020 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | ||
| CVE-2020-1471 | Hig | 0.48 | 7.3 | 0.01 | Sep 11, 2020 | An elevation of privilege vulnerability exists when Microsoft Windows CloudExperienceHost fails to check COM objects. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. To exploit the vulnerability, an attacker… | ||
| CVE-2020-1319 | Hig | 0.48 | 7.3 | 0.05 | Sep 11, 2020 | A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change,… | ||
| CVE-2020-1557 | Hig | 0.48 | 7.3 | 0.04 | Aug 17, 2020 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by… | ||
| CVE-2017-8494 | Hig | 0.48 | 7.3 | 0.02 | Jun 15, 2017 | Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a locally-authenticated attacker to run a specially crafted application on a targeted system when Windows Secure Kernel Mode fails to properly handle objects in memory, aka "Windows Elevation of… | ||
| CVE-2017-8460 | Hig | 0.48 | 7.3 | 0.03 | Jun 15, 2017 | Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows information disclosure when a user opens a specially crafted PDF file, aka "Windows PDF Information Disclosure Vulnerability". | ||
| CVE-2017-0298 | Hig | 0.48 | 7.3 | 0.02 | Jun 15, 2017 | A DCOM object in Helppane.exe in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016, when configured to run as the interactive user, allows an… | ||
| CVE-2017-0063 | Med | 0.48 | 6.5 | 0.35 | Mar 17, 2017 | The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2; Windows Server 2008 SP2 and R2; and Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote… | ||
| CVE-2026-32202 | Med | 0.47 | 4.3 | 0.64 | KEV | Apr 14, 2026 | Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network. | |
| CVE-2026-32149 | Hig | 0.47 | 7.3 | 0.00 | Apr 14, 2026 | Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally. | ||
| CVE-2024-21320 | Med | 0.47 | 6.5 | 0.23 | Jan 9, 2024 | Windows Themes Spoofing Vulnerability | ||
| CVE-2023-36401 | Hig | 0.47 | 7.2 | 0.02 | Nov 14, 2023 | Microsoft Remote Registry Service Remote Code Execution Vulnerability | ||
| CVE-2023-36584 | Med | 0.47 | 5.4 | 0.03 | KEV | Oct 10, 2023 | Windows Mark of the Web Security Feature Bypass Vulnerability |
- risk 0.48cvss 7.4epss 0.01
Windows Boot Manager Security Feature Bypass Vulnerability
- risk 0.48cvss 7.3epss 0.01
Internet Information Services Dynamic Compression Module Denial of Service Vulnerability
- risk 0.48cvss 7.0epss 0.25
Windows Kernel Elevation of Privilege Vulnerability
- risk 0.48cvss 7.4epss 0.03
Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
- risk 0.48cvss 7.3epss 0.02
Windows LUAFV Elevation of Privilege Vulnerability
- risk 0.48cvss 7.3epss 0.01
Windows Hyper-V Elevation of Privilege Vulnerability
- risk 0.48cvss 7.3epss 0.01
Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
- risk 0.48cvss 7.0epss 0.27
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
- risk 0.48cvss 7.3epss 0.01
An elevation of privilege vulnerability exists when Microsoft Windows CloudExperienceHost fails to check COM objects. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. To exploit the vulnerability, an attacker…
- risk 0.48cvss 7.3epss 0.05
A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change,…
- risk 0.48cvss 7.3epss 0.04
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by…
- risk 0.48cvss 7.3epss 0.02
Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a locally-authenticated attacker to run a specially crafted application on a targeted system when Windows Secure Kernel Mode fails to properly handle objects in memory, aka "Windows Elevation of…
- risk 0.48cvss 7.3epss 0.03
Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows information disclosure when a user opens a specially crafted PDF file, aka "Windows PDF Information Disclosure Vulnerability".
- risk 0.48cvss 7.3epss 0.02
A DCOM object in Helppane.exe in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016, when configured to run as the interactive user, allows an…
- risk 0.48cvss 6.5epss 0.35
The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2; Windows Server 2008 SP2 and R2; and Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote…
- risk 0.47cvss 4.3epss 0.64
Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network.
- risk 0.47cvss 7.3epss 0.00
Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.
- risk 0.47cvss 6.5epss 0.23
Windows Themes Spoofing Vulnerability
- risk 0.47cvss 7.2epss 0.02
Microsoft Remote Registry Service Remote Code Execution Vulnerability
- risk 0.47cvss 5.4epss 0.03
Windows Mark of the Web Security Feature Bypass Vulnerability
Page 74 of 178