Windows Server 2003
by Microsoft
Source repositories
CVEs (4,742)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2010-0485 | Hig | 0.51 | 7.8 | 0.01 | Jun 8, 2010 | The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows… | ||
| CVE-2009-0082 | Hig | 0.51 | 7.8 | 0.01 | Mar 10, 2009 | The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows… | ||
| CVE-2008-0087 | Hig | 0.51 | 7.5 | 0.31 | Apr 8, 2008 | The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses. | ||
| CVE-2026-27913 | Hig | 0.50 | 7.7 | 0.00 | Apr 14, 2026 | Improper input validation in Windows BitLocker allows an unauthorized attacker to bypass a security feature locally. | ||
| CVE-2025-59200 | Hig | 0.50 | 7.7 | 0.01 | Oct 14, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Data Sharing Service Client allows an unauthorized attacker to perform spoofing locally. | ||
| CVE-2025-53722 | Hig | 0.50 | 7.5 | 0.17 | Aug 12, 2025 | Uncontrolled resource consumption in Windows Remote Desktop Services allows an unauthorized attacker to deny service over a network. | ||
| CVE-2025-47984 | Hig | 0.50 | 7.5 | 0.14 | Jul 8, 2025 | Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2025-29833 | Hig | 0.50 | 7.7 | 0.00 | May 13, 2025 | Time-of-check time-of-use (toctou) race condition in Windows Virtual Machine Bus allows an unauthorized attacker to execute code locally. | ||
| CVE-2024-43584 | Hig | 0.50 | 7.7 | 0.01 | Oct 8, 2024 | Windows Scripting Engine Security Feature Bypass Vulnerability | ||
| CVE-2023-38162 | Hig | 0.50 | 7.5 | 0.10 | Sep 12, 2023 | DHCP Server Service Denial of Service Vulnerability | ||
| CVE-2022-37998 | Hig | 0.50 | 7.7 | 0.03 | Oct 11, 2022 | Windows Local Session Manager (LSM) Denial of Service Vulnerability | ||
| CVE-2022-37973 | Hig | 0.50 | 7.7 | 0.03 | Oct 11, 2022 | Windows Local Session Manager (LSM) Denial of Service Vulnerability | ||
| CVE-2021-40463 | Hig | 0.50 | 7.7 | 0.02 | Oct 13, 2021 | Windows Network Address Translation (NAT) Denial of Service Vulnerability | ||
| CVE-2020-17096 | Hig | 0.50 | 7.5 | 0.19 | Dec 10, 2020 | Windows NTFS Remote Code Execution Vulnerability | ||
| CVE-2020-1118 | Hig | 0.50 | 7.5 | 0.16 | May 21, 2020 | A denial of service vulnerability exists in the Windows implementation of Transport Layer Security (TLS) when it improperly handles certain key exchanges, aka 'Microsoft Windows Transport Layer Security Denial of Service Vulnerability'. | ||
| CVE-2020-0681 | Hig | 0.50 | 7.5 | 0.10 | Feb 11, 2020 | A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0734. | ||
| CVE-2018-8345 | Hig | 0.50 | 7.5 | 0.14 | Aug 15, 2018 | A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed, aka "LNK Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows… | ||
| CVE-2018-8206 | Hig | 0.50 | 7.5 | 0.11 | Jul 11, 2018 | A denial of service vulnerability exists when Windows improperly handles File Transfer Protocol (FTP) connections, aka "Windows FTP Server Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012,… | ||
| CVE-2018-8226 | Hig | 0.50 | 7.5 | 0.13 | Jun 14, 2018 | A denial of service vulnerability exists in the HTTP 2.0 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP 2.0 requests, aka "HTTP.sys Denial of Service Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | ||
| CVE-2018-0961 | Hig | 0.50 | 7.6 | 0.03 | May 9, 2018 | A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate vSMB packet data, aka "Hyper-V vSMB Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. |
- risk 0.51cvss 7.8epss 0.01
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows…
- risk 0.51cvss 7.8epss 0.01
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows…
- risk 0.51cvss 7.5epss 0.31
The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.
- risk 0.50cvss 7.7epss 0.00
Improper input validation in Windows BitLocker allows an unauthorized attacker to bypass a security feature locally.
- risk 0.50cvss 7.7epss 0.01
Concurrent execution using shared resource with improper synchronization ('race condition') in Data Sharing Service Client allows an unauthorized attacker to perform spoofing locally.
- risk 0.50cvss 7.5epss 0.17
Uncontrolled resource consumption in Windows Remote Desktop Services allows an unauthorized attacker to deny service over a network.
- risk 0.50cvss 7.5epss 0.14
Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network.
- risk 0.50cvss 7.7epss 0.00
Time-of-check time-of-use (toctou) race condition in Windows Virtual Machine Bus allows an unauthorized attacker to execute code locally.
- risk 0.50cvss 7.7epss 0.01
Windows Scripting Engine Security Feature Bypass Vulnerability
- risk 0.50cvss 7.5epss 0.10
DHCP Server Service Denial of Service Vulnerability
- risk 0.50cvss 7.7epss 0.03
Windows Local Session Manager (LSM) Denial of Service Vulnerability
- risk 0.50cvss 7.7epss 0.03
Windows Local Session Manager (LSM) Denial of Service Vulnerability
- risk 0.50cvss 7.7epss 0.02
Windows Network Address Translation (NAT) Denial of Service Vulnerability
- risk 0.50cvss 7.5epss 0.19
Windows NTFS Remote Code Execution Vulnerability
- risk 0.50cvss 7.5epss 0.16
A denial of service vulnerability exists in the Windows implementation of Transport Layer Security (TLS) when it improperly handles certain key exchanges, aka 'Microsoft Windows Transport Layer Security Denial of Service Vulnerability'.
- risk 0.50cvss 7.5epss 0.10
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0734.
- risk 0.50cvss 7.5epss 0.14
A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed, aka "LNK Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows…
- risk 0.50cvss 7.5epss 0.11
A denial of service vulnerability exists when Windows improperly handles File Transfer Protocol (FTP) connections, aka "Windows FTP Server Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012,…
- risk 0.50cvss 7.5epss 0.13
A denial of service vulnerability exists in the HTTP 2.0 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP 2.0 requests, aka "HTTP.sys Denial of Service Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
- risk 0.50cvss 7.6epss 0.03
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate vSMB packet data, aka "Hyper-V vSMB Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
Page 110 of 238