Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Microsoft Subscribe
Filtered by product Windows Server 2012
Total 2763 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-2554 1 Microsoft 9 Windows 10, Windows 7, Windows 8 and 6 more 2019-05-15 7.2 HIGH N/A
The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Windows Object Reference Elevation of Privilege Vulnerability."
CVE-2015-2552 1 Microsoft 9 Windows 10, Windows 7, Windows 8 and 6 more 2019-05-15 7.2 HIGH N/A
The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows physically proximate attackers to bypass the Trusted Boot protection mechanism, and consequently interfere with the integrity of code, BitLocker, Device Encryption, and Device Health Attestation, via a crafted Boot Configuration Data (BCD) setting, aka "Trusted Boot Security Feature Bypass Vulnerability."
CVE-2015-2550 1 Microsoft 9 Windows 10, Windows 7, Windows 8 and 6 more 2019-05-15 7.2 HIGH N/A
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Windows Elevation of Privilege Vulnerability."
CVE-2015-2549 1 Microsoft 9 Windows 10, Windows 7, Windows 8 and 6 more 2019-05-15 7.2 HIGH N/A
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability."
CVE-2016-0036 1 Microsoft 4 Windows 10, Windows 7, Windows 8.1 and 1 more 2019-05-15 9.3 HIGH 8.1 HIGH
The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows remote authenticated users to execute arbitrary code via crafted data, aka "Remote Desktop Protocol (RDP) Elevation of Privilege Vulnerability."
CVE-2016-0058 1 Microsoft 3 Windows 10, Windows 8.1, Windows Server 2012 2019-05-15 9.3 HIGH 7.8 HIGH
Buffer overflow in the PDF Library in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows remote attackers to execute arbitrary code via a crafted PDF document that triggers API calls, aka "Microsoft PDF Library Buffer Overflow Vulnerability."
CVE-2015-2429 1 Microsoft 8 Windows 7, Windows 8, Windows 8.1 and 5 more 2019-05-15 9.3 HIGH N/A
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow attackers to bypass an application sandbox protection mechanism and perform unspecified registry actions via a crafted application, aka "Windows Registry Elevation of Privilege Vulnerability."
CVE-2015-1698 1 Microsoft 8 Windows 7, Windows 8, Windows 8.1 and 5 more 2019-05-15 9.3 HIGH N/A
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1695, CVE-2015-1696, CVE-2015-1697, and CVE-2015-1699.
CVE-2015-1697 1 Microsoft 8 Windows 7, Windows 8, Windows 8.1 and 5 more 2019-05-15 9.3 HIGH N/A
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1695, CVE-2015-1696, CVE-2015-1698, and CVE-2015-1699.
CVE-2016-7860 6 Adobe, Apple, Google and 3 more 14 Flash Player, Flash Player For Linux, Mac Os X and 11 more 2019-05-15 9.3 HIGH 8.8 HIGH
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2016-7861 6 Adobe, Apple, Google and 3 more 14 Flash Player, Flash Player For Linux, Mac Os X and 11 more 2019-05-15 9.3 HIGH 8.8 HIGH
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2016-7862 6 Adobe, Apple, Google and 3 more 14 Flash Player, Flash Player For Linux, Mac Os X and 11 more 2019-05-15 9.3 HIGH 8.8 HIGH
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2016-3215 1 Microsoft 4 Edge, Windows 10, Windows 8.1 and 1 more 2019-05-15 4.3 MEDIUM 5.5 MEDIUM
Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 1511, and Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted PDF document, aka "Windows PDF Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3201.
CVE-2016-7864 6 Adobe, Apple, Google and 3 more 14 Flash Player, Flash Player For Linux, Mac Os X and 11 more 2019-05-15 9.3 HIGH 8.8 HIGH
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2016-3320 2 Fedoraproject, Microsoft 5 Fedora, Windows 10, Windows 8.1 and 2 more 2019-05-15 4.0 MEDIUM 4.9 MEDIUM
Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow attackers to bypass the Secure Boot protection mechanism by leveraging (1) administrative or (2) physical access to install a crafted boot manager, aka "Secure Boot Security Feature Bypass."
CVE-2014-0318 1 Microsoft 9 Windows 7, Windows 8, Windows 8.1 and 6 more 2019-05-15 7.2 HIGH N/A
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly control access to thread-owned objects, which allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
CVE-2016-0044 1 Microsoft 3 Windows 8.1, Windows Rt 8.1, Windows Server 2012 2019-05-15 5.0 MEDIUM 7.5 HIGH
Sync Framework in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 allows remote attackers to cause a denial of service (SyncShareSvc service outage) via crafted "change batch" data, aka "Windows DLL Loading Denial of Service Vulnerability."
CVE-2014-2780 1 Microsoft 6 Windows 7, Windows 8, Windows 8.1 and 3 more 2019-05-15 6.9 MEDIUM N/A
DirectShow in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows local users to gain privileges by leveraging control over a low-integrity process to execute a crafted application, aka "DirectShow Elevation of Privilege Vulnerability."
CVE-2014-1807 1 Microsoft 9 Windows 7, Windows 8, Windows 8.1 and 6 more 2019-05-15 7.2 HIGH N/A
The ShellExecute API in Windows Shell in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly implement file associations, which allows local users to gain privileges via a crafted application, as exploited in the wild in May 2014, aka "Windows Shell File Association Vulnerability."
CVE-2015-0010 1 Microsoft 9 Windows 7, Windows 8, Windows 8.1 and 6 more 2019-05-15 1.9 LOW N/A
The CryptProtectMemory function in cng.sys (aka the Cryptography Next Generation driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1, when the CRYPTPROTECTMEMORY_SAME_LOGON option is used, does not check an impersonation token's level, which allows local users to bypass intended decryption restrictions by leveraging a service that (1) has a named-pipe planting vulnerability or (2) uses world-readable shared memory for encrypted data, aka "CNG Security Feature Bypass Vulnerability" or MSRC ID 20707.