Windows Server 2019
by Microsoft
CVEs (3,629)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-8453 | Hig | 0.77 | 7.8 | 0.70 | KEV | Oct 10, 2018 | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server… | |
| CVE-2023-38545 | Cri | 0.66 | 9.8 | 0.78 | Oct 18, 2023 | This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255… | ||
| CVE-2023-44487 | Hig | 0.65 | 7.5 | 1.00 | KEV | Oct 10, 2023 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | |
| CVE-2026-47291 | Cri | 0.64 | 9.8 | 0.22 | Jun 9, 2026 | Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-44815 | Cri | 0.64 | 9.8 | 0.01 | Jun 9, 2026 | Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-41089 | Cri | 0.64 | 9.8 | 0.72 | May 12, 2026 | Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-33824 | Cri | 0.64 | 9.8 | 0.56 | Apr 14, 2026 | Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-60724 | Cri | 0.64 | 9.8 | 0.06 | Nov 11, 2025 | Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-53766 | Cri | 0.64 | 9.8 | 0.07 | Aug 12, 2025 | Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network. | ||
| CVE-2023-36424 | Hig | 0.63 | 7.8 | 0.12 | KEV | Nov 14, 2023 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | |
| CVE-2026-45602 | Cri | 0.59 | 9.1 | 0.00 | Jun 9, 2026 | No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network. | ||
| CVE-2018-8494 | Hig | 0.59 | 8.8 | 0.22 | Oct 10, 2018 | A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka "MS XML Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019,… | ||
| CVE-2024-43455 | Hig | 0.58 | 8.8 | 0.02 | Sep 10, 2024 | Windows Remote Desktop Licensing Service Spoofing Vulnerability | ||
| CVE-2026-47653 | Hig | 0.57 | 8.8 | 0.01 | Jun 9, 2026 | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-47289 | Hig | 0.57 | 8.8 | 0.01 | Jun 9, 2026 | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-42985 | Hig | 0.57 | 8.8 | 0.01 | Jun 9, 2026 | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-40403 | Hig | 0.57 | 8.8 | 0.00 | May 12, 2026 | Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally. | ||
| CVE-2026-34329 | Hig | 0.57 | 8.8 | 0.00 | May 12, 2026 | Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network. | ||
| CVE-2026-32225 | Hig | 0.57 | 8.8 | 0.01 | Apr 14, 2026 | Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network. | ||
| CVE-2026-32157 | Hig | 0.57 | 8.8 | 0.01 | Apr 14, 2026 | Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network. |
- risk 0.77cvss 7.8epss 0.70
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server…
- risk 0.66cvss 9.8epss 0.78
This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255…
- risk 0.65cvss 7.5epss 1.00
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
- risk 0.64cvss 9.8epss 0.22
Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.
- risk 0.64cvss 9.8epss 0.01
Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code over a network.
- risk 0.64cvss 9.8epss 0.72
Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.
- risk 0.64cvss 9.8epss 0.56
Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.
- risk 0.64cvss 9.8epss 0.06
Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.
- risk 0.64cvss 9.8epss 0.07
Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.
- risk 0.63cvss 7.8epss 0.12
Windows Common Log File System Driver Elevation of Privilege Vulnerability
- risk 0.59cvss 9.1epss 0.00
No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network.
- risk 0.59cvss 8.8epss 0.22
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka "MS XML Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019,…
- risk 0.58cvss 8.8epss 0.02
Windows Remote Desktop Licensing Service Spoofing Vulnerability
- risk 0.57cvss 8.8epss 0.01
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.01
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.01
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.00
Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally.
- risk 0.57cvss 8.8epss 0.00
Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network.
- risk 0.57cvss 8.8epss 0.01
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
- risk 0.57cvss 8.8epss 0.01
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Page 1 of 182