本頁列出影響 microsoft windows_server_2008 的已公開 CVE 漏洞(透過 NVD CPE 關聯)。每列包含嚴重程度評分、摘要與發布日期,便於識別與分析安全議題。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2026-20940 | Heap-based buffer overflow in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. | [email protected] | 7.8 | 0.05% | 2026-01-13 | 2026-01-16 |
| CVE-2026-20936 | Out-of-bounds read in Windows NDIS allows an authorized attacker to disclose information with a physical attack. | [email protected] | 4.3 | 0.05% | 2026-01-13 | 2026-01-16 |
| CVE-2026-20931 | External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network. | [email protected] | 8.0 | 0.38% | 2026-01-13 | 2026-05-26 |
| CVE-2026-20929 | Improper access control in Windows HTTP.sys allows an authorized attacker to elevate privileges over a network. | [email protected] | 7.5 | 0.07% | 2026-01-13 | 2026-01-16 |
| CVE-2026-20927 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to deny service over a network. | [email protected] | 5.3 | 0.05% | 2026-01-13 | 2026-01-16 |
| CVE-2026-20925 | External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network. | [email protected] | 6.5 | 0.16% | 2026-01-13 | 2026-01-16 |
| CVE-2026-20922 | Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally. | [email protected] | 7.8 | 0.02% | 2026-01-13 | 2026-01-15 |
| CVE-2026-20921 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network. | [email protected] | 7.5 | 0.05% | 2026-01-13 | 2026-05-26 |
| CVE-2026-20875 | Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network. | [email protected] | 7.5 | 0.08% | 2026-01-13 | 2026-01-15 |
| CVE-2026-20872 | External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network. | [email protected] | 6.5 | 0.08% | 2026-01-13 | 2026-03-27 |
| CVE-2026-20869 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Local Session Manager (LSM) allows an authorized attacker to elevate privileges locally. | [email protected] | 7.0 | 0.04% | 2026-01-13 | 2026-01-15 |
| CVE-2026-20868 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | [email protected] | 8.8 | 0.21% | 2026-01-13 | 2026-02-10 |
| CVE-2026-20860 | Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | [email protected] | 7.8 | 0.47% | 2026-01-13 | 2026-01-15 |
| CVE-2026-20849 | Reliance on untrusted inputs in a security decision in Windows Kerberos allows an authorized attacker to elevate privileges over a network. | [email protected] | 7.5 | 0.08% | 2026-01-13 | 2026-01-15 |
| CVE-2026-20847 | Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to perform spoofing over a network. | [email protected] | 6.5 | 0.18% | 2026-01-13 | 2026-01-15 |
| CVE-2026-20843 | Improper access control in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally. | [email protected] | 7.8 | 0.03% | 2026-01-13 | 2026-01-15 |
| CVE-2026-20840 | Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally. | [email protected] | 7.8 | 0.02% | 2026-01-13 | 2026-01-15 |
| CVE-2026-20839 | Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to disclose information locally. | [email protected] | 5.5 | 0.05% | 2026-01-13 | 2026-01-15 |
| CVE-2026-20834 | Absolute path traversal in Windows Shell allows an unauthorized attacker to perform spoofing with a physical attack. | [email protected] | 4.6 | 0.12% | 2026-01-13 | 2026-01-15 |
| CVE-2026-20833 | Use of a broken or risky cryptographic algorithm in Windows Kerberos allows an authorized attacker to disclose information locally. | [email protected] | 5.5 | 0.02% | 2026-01-13 | 2026-01-15 |