Windows Server 2003
by Microsoft
Source repositories
CVEs (4,742)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-45608 | Med | 0.44 | 6.8 | 0.00 | Jun 9, 2026 | Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally. | ||
| CVE-2026-41097 | Med | 0.44 | 6.7 | 0.01 | May 12, 2026 | Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. | ||
| CVE-2026-32170 | Med | 0.44 | 6.7 | 0.00 | May 12, 2026 | Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-0390 | Med | 0.44 | 6.7 | 0.00 | Apr 14, 2026 | Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a security feature locally. | ||
| CVE-2025-55226 | Med | 0.44 | 6.7 | 0.00 | Sep 9, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to execute code locally. | ||
| CVE-2025-54915 | Med | 0.44 | 6.7 | 0.00 | Sep 9, 2025 | Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-54109 | Med | 0.44 | 6.7 | 0.00 | Sep 9, 2025 | Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-54104 | Med | 0.44 | 6.7 | 0.00 | Sep 9, 2025 | Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-54094 | Med | 0.44 | 6.7 | 0.00 | Sep 9, 2025 | Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-53810 | Med | 0.44 | 6.7 | 0.00 | Sep 9, 2025 | Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-53808 | Med | 0.44 | 6.7 | 0.00 | Sep 9, 2025 | Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-49751 | Med | 0.44 | 6.8 | 0.00 | Aug 12, 2025 | Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network. | ||
| CVE-2025-49743 | Med | 0.44 | 6.7 | 0.00 | Aug 12, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-48807 | Med | 0.44 | 6.7 | 0.00 | Aug 12, 2025 | Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally. | ||
| CVE-2025-48818 | Med | 0.44 | 6.8 | 0.00 | Jul 8, 2025 | Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | ||
| CVE-2025-48811 | Med | 0.44 | 6.7 | 0.00 | Jul 8, 2025 | Missing support for integrity check in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-48804 | Med | 0.44 | 6.8 | 0.01 | Jul 8, 2025 | Acceptance of extraneous untrusted data with trusted data in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | ||
| CVE-2025-48803 | Med | 0.44 | 6.7 | 0.00 | Jul 8, 2025 | Missing support for integrity check in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-48800 | Med | 0.44 | 6.8 | 0.01 | Jul 8, 2025 | Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | ||
| CVE-2025-48003 | Med | 0.44 | 6.8 | 0.01 | Jul 8, 2025 | Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. |
- risk 0.44cvss 6.8epss 0.00
Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.
- risk 0.44cvss 6.7epss 0.01
Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
- risk 0.44cvss 6.7epss 0.00
Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally.
- risk 0.44cvss 6.7epss 0.00
Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a security feature locally.
- risk 0.44cvss 6.7epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to execute code locally.
- risk 0.44cvss 6.7epss 0.00
Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.
- risk 0.44cvss 6.7epss 0.00
Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.
- risk 0.44cvss 6.7epss 0.00
Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.
- risk 0.44cvss 6.7epss 0.00
Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.
- risk 0.44cvss 6.7epss 0.00
Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.
- risk 0.44cvss 6.7epss 0.00
Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.
- risk 0.44cvss 6.8epss 0.00
Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network.
- risk 0.44cvss 6.7epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
- risk 0.44cvss 6.7epss 0.00
Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally.
- risk 0.44cvss 6.8epss 0.00
Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
- risk 0.44cvss 6.7epss 0.00
Missing support for integrity check in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
- risk 0.44cvss 6.8epss 0.01
Acceptance of extraneous untrusted data with trusted data in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
- risk 0.44cvss 6.7epss 0.00
Missing support for integrity check in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
- risk 0.44cvss 6.8epss 0.01
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
- risk 0.44cvss 6.8epss 0.01
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
Page 146 of 238