Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Microsoft Subscribe
Filtered by product Windows Server 2008
Total 3056 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-0086 1 Microsoft 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more 2019-02-26 7.2 HIGH N/A
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Improper User Input Validation Vulnerability."
CVE-2011-0087 1 Microsoft 5 Windows 2003 Server, Windows Server 2003, Windows Server 2008 and 2 more 2019-02-26 7.2 HIGH N/A
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient User Input Validation Vulnerability."
CVE-2011-0088 1 Microsoft 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more 2019-02-26 7.2 HIGH N/A
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Pointer Confusion Vulnerability."
CVE-2011-0089 1 Microsoft 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more 2019-02-26 7.2 HIGH N/A
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Improper Pointer Validation Vulnerability."
CVE-2011-0090 1 Microsoft 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more 2019-02-26 7.2 HIGH N/A
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
CVE-2011-0096 1 Microsoft 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more 2019-02-26 4.3 MEDIUM N/A
The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."
CVE-2011-1283 1 Microsoft 5 Windows 2003 Server, Windows Server 2003, Windows Server 2008 and 2 more 2019-02-26 7.2 HIGH N/A
The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 does not ensure that an unspecified array index has a non-negative value before performing read and write operations, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleNumberOfCommand Vulnerability."
CVE-2011-1869 1 Microsoft 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more 2019-02-26 7.8 HIGH N/A
The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka "DFS Referral Response Vulnerability."
CVE-2011-1894 1 Microsoft 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more 2019-02-26 4.3 MEDIUM N/A
The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for embedded content in an HTML document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted EMBED element in a web page that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."
CVE-2011-2018 1 Microsoft 4 Windows 7, Windows Server 2003, Windows Server 2008 and 1 more 2019-02-26 7.2 HIGH N/A
The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 does not properly initialize objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
CVE-2011-5046 1 Microsoft 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more 2019-02-26 9.3 HIGH N/A
The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability."
CVE-2012-0005 1 Microsoft 4 Windows Server 2003, Windows Server 2008, Windows Vista and 1 more 2019-02-26 6.9 MEDIUM N/A
The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which allows local users to gain privileges via a crafted application, aka "CSRSS Elevation of Privilege Vulnerability."
CVE-2012-0181 1 Microsoft 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more 2019-02-26 7.2 HIGH N/A
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability."
CVE-2012-1537 1 Microsoft 5 Directx, Windows Server 2003, Windows Server 2008 and 2 more 2019-02-26 9.3 HIGH N/A
Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka "DirectPlay Heap Overflow Vulnerability."
CVE-2012-2003 2 Hp, Microsoft 4 Insight Management Agents, Windows 2003 Server, Windows Server 2003 and 1 more 2019-02-26 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2012-2004 2 Hp, Microsoft 4 Insight Management Agents, Windows 2003 Server, Windows Server 2003 and 1 more 2019-02-26 8.3 HIGH N/A
Open redirect vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2012-2005 2 Hp, Microsoft 4 Insight Management Agents, Windows 2003 Server, Windows Server 2003 and 1 more 2019-02-26 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-2006 2 Hp, Microsoft 4 Insight Management Agents, Windows 2003 Server, Windows Server 2003 and 1 more 2019-02-26 4.9 MEDIUM N/A
Unspecified vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to modify data or cause a denial of service via unknown vectors.
CVE-2012-2553 1 Microsoft 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more 2019-02-26 7.2 HIGH N/A
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
CVE-2012-4786 1 Microsoft 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more 2019-02-26 10.0 HIGH N/A
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability."