Windows Server 2003
by Microsoft
Source repositories
CVEs (4,742)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-0959 | Hig | 0.50 | 7.6 | 0.09 | May 9, 2018 | A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows… | ||
| CVE-2018-0956 | Hig | 0.50 | 7.5 | 0.14 | Apr 12, 2018 | A denial of service vulnerability exists in the HTTP 2.0 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP 2.0 requests, aka "HTTP.sys Denial of Service Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | ||
| CVE-2001-1452 | Hig | 0.50 | 7.5 | 0.09 | Aug 31, 2001 | By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS responses. | ||
| CVE-2026-48563 | Hig | 0.49 | 7.5 | 0.01 | Jun 9, 2026 | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-47654 | Hig | 0.49 | 7.5 | 0.01 | Jun 9, 2026 | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-44801 | Hig | 0.49 | 7.5 | 0.00 | Jun 9, 2026 | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-42993 | Hig | 0.49 | 7.5 | 0.00 | Jun 9, 2026 | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-42992 | Hig | 0.49 | 7.5 | 0.00 | Jun 9, 2026 | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-42909 | Hig | 0.49 | 7.5 | 0.00 | Jun 9, 2026 | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-40406 | Hig | 0.49 | 7.5 | 0.01 | May 12, 2026 | Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2026-35424 | Hig | 0.49 | 7.5 | 0.01 | May 12, 2026 | Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network. | ||
| CVE-2026-33096 | Hig | 0.49 | 7.5 | 0.01 | Apr 14, 2026 | Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to deny service over a network. | ||
| CVE-2026-32071 | Hig | 0.49 | 7.5 | 0.01 | Apr 14, 2026 | Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network. | ||
| CVE-2026-26154 | Hig | 0.49 | 7.5 | 0.01 | Apr 14, 2026 | Improper input validation in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network. | ||
| CVE-2026-20921 | Hig | 0.49 | 7.5 | 0.01 | Jan 13, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2025-60704 | Hig | 0.49 | 7.5 | 0.00 | Nov 11, 2025 | Missing cryptographic step in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network. | ||
| CVE-2025-59502 | Hig | 0.49 | 7.5 | 0.01 | Oct 14, 2025 | Uncontrolled resource consumption in Windows Remote Procedure Call allows an unauthorized attacker to deny service over a network. | ||
| CVE-2025-58726 | Hig | 0.49 | 7.5 | 0.01 | Oct 14, 2025 | Improper access control in Windows SMB Server allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2025-55326 | Hig | 0.49 | 7.5 | 0.01 | Oct 14, 2025 | Use after free in Connected Devices Platform Service (Cdpsvc) allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-54919 | Hig | 0.49 | 7.5 | 0.00 | Sep 9, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally. |
- risk 0.50cvss 7.6epss 0.09
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows…
- risk 0.50cvss 7.5epss 0.14
A denial of service vulnerability exists in the HTTP 2.0 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP 2.0 requests, aka "HTTP.sys Denial of Service Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
- risk 0.50cvss 7.5epss 0.09
By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS responses.
- risk 0.49cvss 7.5epss 0.01
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
- risk 0.49cvss 7.5epss 0.01
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
- risk 0.49cvss 7.5epss 0.00
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
- risk 0.49cvss 7.5epss 0.00
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
- risk 0.49cvss 7.5epss 0.00
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
- risk 0.49cvss 7.5epss 0.00
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
- risk 0.49cvss 7.5epss 0.01
Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.
- risk 0.49cvss 7.5epss 0.01
Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network.
- risk 0.49cvss 7.5epss 0.01
Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to deny service over a network.
- risk 0.49cvss 7.5epss 0.01
Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.
- risk 0.49cvss 7.5epss 0.01
Improper input validation in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network.
- risk 0.49cvss 7.5epss 0.01
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.
- risk 0.49cvss 7.5epss 0.00
Missing cryptographic step in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network.
- risk 0.49cvss 7.5epss 0.01
Uncontrolled resource consumption in Windows Remote Procedure Call allows an unauthorized attacker to deny service over a network.
- risk 0.49cvss 7.5epss 0.01
Improper access control in Windows SMB Server allows an authorized attacker to elevate privileges over a network.
- risk 0.49cvss 7.5epss 0.01
Use after free in Connected Devices Platform Service (Cdpsvc) allows an unauthorized attacker to execute code over a network.
- risk 0.49cvss 7.5epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally.
Page 111 of 238