Windows Server 2016
by Microsoft
CVEs (3,555)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-16996 | Med | 0.42 | 6.5 | 0.03 | Dec 10, 2020 | Kerberos Security Feature Bypass Vulnerability | ||
| CVE-2020-17040 | Med | 0.42 | 6.5 | 0.03 | Nov 11, 2020 | Windows Hyper-V Security Feature Bypass Vulnerability | ||
| CVE-2020-0904 | Med | 0.42 | 6.5 | 0.01 | Sep 11, 2020 | A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest… | ||
| CVE-2019-1198 | Med | 0.42 | 6.5 | 0.02 | Aug 14, 2019 | An elevation of privilege exists in SyncController.dll. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the… | ||
| CVE-2019-1043 | Med | 0.42 | 6.4 | 0.03 | Jun 12, 2019 | A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the… | ||
| CVE-2017-0174 | Med | 0.42 | 6.5 | 0.03 | Aug 8, 2017 | Windows NetBIOS in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a denial of service vulnerability when it improperly handles NetBIOS packets, aka… | ||
| CVE-2022-21928 | Med | 0.41 | 6.3 | 0.01 | Jan 11, 2022 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | ||
| CVE-2021-34500 | Med | 0.41 | 6.3 | 0.02 | Jul 14, 2021 | Windows Kernel Memory Information Disclosure Vulnerability | ||
| CVE-2020-16910 | Med | 0.41 | 6.2 | 0.03 | Oct 16, 2020 | A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to create files in a protected Unified Extensible Firmware Interface (UEFI) location. To exploit this vulnerability, an… | ||
| CVE-2019-1053 | Med | 0.41 | 6.3 | 0.01 | Jun 12, 2019 | An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts. An attacker who successfully exploited the vulnerability could elevate privileges by escaping a sandbox. To exploit this vulnerability, an attacker would require… | ||
| CVE-2019-0986 | Med | 0.41 | 6.3 | 0.02 | Jun 12, 2019 | An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. To exploit this vulnerability, an attacker… | ||
| CVE-2017-0055 | Med | 0.41 | 6.1 | 0.16 | Mar 17, 2017 | Microsoft Internet Information Server (IIS) in Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to perform cross-site… | ||
| CVE-2026-40380 | Med | 0.40 | 6.2 | 0.00 | May 12, 2026 | Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack. | ||
| CVE-2026-32072 | Med | 0.40 | 6.2 | 0.00 | Apr 14, 2026 | Improper authentication in Windows Active Directory allows an unauthorized attacker to perform spoofing locally. | ||
| CVE-2026-26169 | Med | 0.40 | 6.1 | 0.02 | Apr 14, 2026 | Buffer over-read in Windows Kernel Memory allows an authorized attacker to disclose information locally. | ||
| CVE-2024-21316 | Med | 0.40 | 6.1 | 0.01 | Jan 9, 2024 | Windows Server Key Distribution Service Security Feature Bypass | ||
| CVE-2023-35341 | Med | 0.40 | 6.2 | 0.01 | Jul 11, 2023 | Microsoft DirectMusic Information Disclosure Vulnerability | ||
| CVE-2023-28269 | Med | 0.40 | 6.2 | 0.01 | Apr 11, 2023 | Windows Boot Manager Security Feature Bypass Vulnerability | ||
| CVE-2023-28249 | Med | 0.40 | 6.2 | 0.01 | Apr 11, 2023 | Windows Boot Manager Security Feature Bypass Vulnerability | ||
| CVE-2023-21697 | Med | 0.40 | 6.2 | 0.01 | Feb 14, 2023 | Windows Internet Storage Name Service (iSNS) Server Information Disclosure Vulnerability |
- risk 0.42cvss 6.5epss 0.03
Kerberos Security Feature Bypass Vulnerability
- risk 0.42cvss 6.5epss 0.03
Windows Hyper-V Security Feature Bypass Vulnerability
- risk 0.42cvss 6.5epss 0.01
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest…
- risk 0.42cvss 6.5epss 0.02
An elevation of privilege exists in SyncController.dll. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the…
- risk 0.42cvss 6.4epss 0.03
A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the…
- risk 0.42cvss 6.5epss 0.03
Windows NetBIOS in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a denial of service vulnerability when it improperly handles NetBIOS packets, aka…
- risk 0.41cvss 6.3epss 0.01
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
- risk 0.41cvss 6.3epss 0.02
Windows Kernel Memory Information Disclosure Vulnerability
- risk 0.41cvss 6.2epss 0.03
A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to create files in a protected Unified Extensible Firmware Interface (UEFI) location. To exploit this vulnerability, an…
- risk 0.41cvss 6.3epss 0.01
An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts. An attacker who successfully exploited the vulnerability could elevate privileges by escaping a sandbox. To exploit this vulnerability, an attacker would require…
- risk 0.41cvss 6.3epss 0.02
An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. To exploit this vulnerability, an attacker…
- risk 0.41cvss 6.1epss 0.16
Microsoft Internet Information Server (IIS) in Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to perform cross-site…
- risk 0.40cvss 6.2epss 0.00
Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack.
- risk 0.40cvss 6.2epss 0.00
Improper authentication in Windows Active Directory allows an unauthorized attacker to perform spoofing locally.
- risk 0.40cvss 6.1epss 0.02
Buffer over-read in Windows Kernel Memory allows an authorized attacker to disclose information locally.
- risk 0.40cvss 6.1epss 0.01
Windows Server Key Distribution Service Security Feature Bypass
- risk 0.40cvss 6.2epss 0.01
Microsoft DirectMusic Information Disclosure Vulnerability
- risk 0.40cvss 6.2epss 0.01
Windows Boot Manager Security Feature Bypass Vulnerability
- risk 0.40cvss 6.2epss 0.01
Windows Boot Manager Security Feature Bypass Vulnerability
- risk 0.40cvss 6.2epss 0.01
Windows Internet Storage Name Service (iSNS) Server Information Disclosure Vulnerability
Page 96 of 178