) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:itanium:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2020-17045 |
Windows KernelStream Information Disclosure Vulnerability Published: November 11, 2020; 2:15:16 AM -0500 |
V3.1: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
| CVE-2020-17042 |
Windows Print Spooler Remote Code Execution Vulnerability Published: November 11, 2020; 2:15:16 AM -0500 |
V3.1: 8.8 HIGH V2.0: 9.3 HIGH |
| CVE-2020-17038 |
Win32k Elevation of Privilege Vulnerability Published: November 11, 2020; 2:15:15 AM -0500 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
| CVE-2020-17036 |
Windows Function Discovery SSDP Provider Information Disclosure Vulnerability Published: November 11, 2020; 2:15:15 AM -0500 |
V3.1: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
| CVE-2020-17029 |
Windows Canonical Display Driver Information Disclosure Vulnerability Published: November 11, 2020; 2:15:15 AM -0500 |
V3.1: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
| CVE-2020-16937 |
<p>An information disclosure vulnerability exists when the .NET Framework improperly handles objects in memory. An attacker who successfully exploited the vulnerability could disclose contents of an affected system's memory.</p> <p>To exploit the vulnerability, an authenticated attacker would need to run a specially crafted application.</p> <p>The update addresses the vulnerability by correcting how the .NET Framework handles objects in memory.</p> Published: October 16, 2020; 7:15:15 PM -0400 |
V3.1: 4.7 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2020-16902 |
<p>An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.</p> <p>A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation.</p> Published: October 16, 2020; 7:15:13 PM -0400 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
| CVE-2020-16900 |
<p>An elevation of privilege vulnerability exists when the Windows Event System improperly handles objects in memory.</p> <p>To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.</p> <p>The security update addresses the vulnerability by correcting how the Windows Event System handles objects in memory.</p> Published: October 16, 2020; 7:15:13 PM -0400 |
V3.1: 7.0 HIGH V2.0: 4.6 MEDIUM |
| CVE-2020-1584 |
An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the dnsrslvr.dll properly handles objects in memory. Published: August 17, 2020; 3:15:21 PM -0400 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
| CVE-2020-1476 |
An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. To exploit this vulnerability, an attacker would need to send a specially crafted request to an affected server. The update addresses the vulnerability by changing how ASP.NET and .NET handle requests. Published: August 17, 2020; 3:15:15 PM -0400 |
V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
| CVE-2020-1437 |
An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory, aka 'Windows Network Location Awareness Service Elevation of Privilege Vulnerability'. Published: July 14, 2020; 7:15:19 PM -0400 |
V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
| CVE-2020-1436 |
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Windows Font Library Remote Code Execution Vulnerability'. Published: July 14, 2020; 7:15:19 PM -0400 |
V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2020-1435 |
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. Published: July 14, 2020; 7:15:19 PM -0400 |
V3.1: 8.8 HIGH V2.0: 9.3 HIGH |
| CVE-2020-1147 |
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'. Published: July 14, 2020; 7:15:12 PM -0400 |
V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2020-0907 |
A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'. Published: April 15, 2020; 11:15:14 AM -0400 |
V3.1: 7.8 HIGH V2.0: 9.3 HIGH |
| CVE-2020-0774 |
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0874, CVE-2020-0879, CVE-2020-0880, CVE-2020-0882. Published: March 12, 2020; 12:15:14 PM -0400 |
V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2020-0645 |
A tampering vulnerability exists when Microsoft IIS Server improperly handles malformed request headers, aka 'Microsoft IIS Server Tampering Vulnerability'. Published: March 12, 2020; 12:15:13 PM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2019-1339 |
An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1315, CVE-2019-1342. Published: October 10, 2019; 10:15:17 AM -0400 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
| CVE-2019-1178 |
An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1173, CVE-2019-1174, CVE-2019-1175, CVE-2019-1177, CVE-2019-1179, CVE-2019-1180, CVE-2019-1184, CVE-2019-1186. Published: August 14, 2019; 5:15:16 PM -0400 |
V3.0: 7.8 HIGH V2.0: 4.6 MEDIUM |
| CVE-2019-1152 |
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Microsoft Graphics Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1144, CVE-2019-1145, CVE-2019-1149, CVE-2019-1150, CVE-2019-1151. Published: August 14, 2019; 5:15:15 PM -0400 |
V3.0: 8.8 HIGH V2.0: 9.3 HIGH |