Microsoft Windows Server 2012 vulnerabilities
3,707 known vulnerabilities affecting microsoft/windows_server_2012.
Total CVEs
3,707
CISA KEV
148
actively exploited
Public exploits
290
Exploited in wild
141
Severity breakdown
CRITICAL157HIGH2452MEDIUM1046LOW52
Vulnerabilities
Page 119 of 186
CVE-2020-15706MEDIUMCVSS 6.4vr22020-07-29
CVE-2020-15706 [MEDIUM] CWE-362 CVE-2020-15706: GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnera
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.
nvd
CVE-2020-15707MEDIUMCVSS 6.4vr22020-07-29
CVE-2020-15707 [MEDIUM] CWE-362 CVE-2020-15707: Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efili
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command
nvd
CVE-2020-15705MEDIUMCVSS 6.4vr22020-07-29
CVE-2020-15705 [MEDIUM] CWE-347 CVE-2020-15705: GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions
nvd
CVE-2020-1036CRITICALCVSS 9.0vr22020-07-14
CVE-2020-1036 [CRITICAL] CVE-2020-1036: A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to pr
A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-1040, CVE-2020-1041, CVE-2020-1042, CVE-2020-1043.
nvd
CVE-2020-1032CRITICALCVSS 9.0vr22020-07-14
CVE-2020-1032 [CRITICAL] CWE-20 CVE-2020-1032: A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to pr
A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1036, CVE-2020-1040, CVE-2020-1041, CVE-2020-1042, CVE-2020-1043.
nvd
CVE-2020-1043CRITICALCVSS 9.0vr22020-07-14
CVE-2020-1043 [CRITICAL] CVE-2020-1043: A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to pr
A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-1036, CVE-2020-1040, CVE-2020-1041, CVE-2020-1042.
nvd
CVE-2020-1040CRITICALCVSS 9.0KEVvr22020-07-14
CVE-2020-1040 [CRITICAL] CVE-2020-1040: A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to pr
A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-1036, CVE-2020-1041, CVE-2020-1042, CVE-2020-1043.
nvd
CVE-2020-1042CRITICALCVSS 9.0vr22020-07-14
CVE-2020-1042 [CRITICAL] CVE-2020-1042: A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to pr
A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-1036, CVE-2020-1040, CVE-2020-1041, CVE-2020-1043.
nvd
CVE-2020-1041CRITICALCVSS 9.0vr22020-07-14
CVE-2020-1041 [CRITICAL] CVE-2020-1041: A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to pr
A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-1036, CVE-2020-1040, CVE-2020-1042, CVE-2020-1043.
nvd
CVE-2020-1350CRITICALCVSS 10.0KEVvr22020-07-14
CVE-2020-1350 [CRITICAL] CWE-20 CVE-2020-1350: A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to
A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'.
nvd
CVE-2020-1374HIGHCVSS 7.5vr22020-07-14
CVE-2020-1374 [HIGH] CVE-2020-1374: A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connec
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'.
nvd
CVE-2020-1396HIGHCVSS 7.8vr22020-07-14
CVE-2020-1396 [HIGH] CVE-2020-1396: An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Loc
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka 'Windows ALPC Elevation of Privilege Vulnerability'.
nvd
CVE-2020-1408HIGHCVSS 8.8vr22020-07-14
CVE-2020-1408 [HIGH] CWE-346 CVE-2020-1408: A remote code execution vulnerability exists when the Windows font library improperly handles specia
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Microsoft Graphics Remote Code Execution Vulnerability'.
nvd
CVE-2020-1406HIGHCVSS 7.8vr22020-07-14
CVE-2020-1406 [HIGH] CVE-2020-1406: An elevation of privilege vulnerability exists in the way that the Windows Network List Service hand
An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory, aka 'Windows Network List Service Elevation of Privilege Vulnerability'.
nvd
CVE-2020-1384HIGHCVSS 7.8vr22020-07-14
CVE-2020-1384 [HIGH] CVE-2020-1384: An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) K
An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory, aka 'Windows CNG Key Isolation Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1359.
nvd
CVE-2020-1428HIGHCVSS 7.8vr22020-07-14
CVE-2020-1428 [HIGH] CVE-2020-1428: An elevation of privilege vulnerability exists in the way that the Windows Network Connections Servi
An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1438.
nvd
CVE-2020-1438HIGHCVSS 7.8vr22020-07-14
CVE-2020-1438 [HIGH] CVE-2020-1438: An elevation of privilege vulnerability exists in the way that the Windows Network Connections Servi
An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1428.
nvd
CVE-2020-1359HIGHCVSS 7.8vr22020-07-14
CVE-2020-1359 [HIGH] CVE-2020-1359: An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) K
An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory, aka 'Windows CNG Key Isolation Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1384.
nvd
CVE-2020-1409HIGHCVSS 7.8vr22020-07-14
CVE-2020-1409 [HIGH] CVE-2020-1409: A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory,
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'.
nvd
CVE-2020-1427HIGHCVSS 7.8vr22020-07-14
CVE-2020-1427 [HIGH] CVE-2020-1427: An elevation of privilege vulnerability exists in the way that the Windows Network Connections Servi
An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1373, CVE-2020-1390, CVE-2020-1428, CVE-2020-1438.
nvd