Windows Server 2019
by Microsoft
CVEs (3,628)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-1013 | Hig | 0.49 | 7.5 | 0.06 | Sep 11, 2020 | An elevation of privilege vulnerability exists when Microsoft Windows processes group policy updates. An attacker who successfully exploited this vulnerability could potentially escalate permissions or perform additional privileged actions on the target machine. To… | ||
| CVE-2020-0908 | Hig | 0.49 | 7.5 | 0.03 | Sep 11, 2020 | A remote code execution vulnerability exists when the Windows Text Service Module improperly handles memory. An attacker who successfully exploited the vulnerability could gain execution on a victim system. An attacker could host a specially crafted website that is… | ||
| CVE-2020-0836 | Hig | 0.49 | 7.5 | 0.05 | Sep 11, 2020 | A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries. An attacker who successfully exploited this vulnerability could cause the DNS service to become nonresponsive. To exploit the vulnerability, an authenticated attacker… | ||
| CVE-2020-1565 | Hig | 0.49 | 7.5 | 0.03 | Aug 17, 2020 | An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted… | ||
| CVE-2020-1378 | Hig | 0.49 | 7.5 | 0.04 | Aug 17, 2020 | An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit… | ||
| CVE-2019-1255 | Hig | 0.49 | 7.5 | 0.04 | Sep 23, 2019 | A denial of service vulnerability exists when Microsoft Defender improperly handles files, aka 'Microsoft Defender Denial of Service Vulnerability'. | ||
| CVE-2019-1224 | Hig | 0.49 | 7.5 | 0.08 | Aug 14, 2019 | An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system. To exploit this vulnerability, an… | ||
| CVE-2019-1223 | Hig | 0.49 | 7.5 | 0.05 | Aug 14, 2019 | A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to… | ||
| CVE-2019-1206 | Hig | 0.49 | 7.5 | 0.05 | Aug 14, 2019 | A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server. An attacker who successfully exploited the vulnerability could cause the DHCP service to become nonresponsive. To exploit the… | ||
| CVE-2019-1188 | Hig | 0.49 | 7.5 | 0.04 | Aug 14, 2019 | A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured… | ||
| CVE-2019-1057 | Hig | 0.49 | 7.5 | 0.03 | Aug 14, 2019 | A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user’s system. To exploit the vulnerability,… | ||
| CVE-2019-0959 | Hig | 0.49 | 7.0 | 0.03 | Jun 12, 2019 | An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an… | ||
| CVE-2019-0909 | Hig | 0.49 | 7.5 | 0.04 | Jun 12, 2019 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by… | ||
| CVE-2026-40414 | Hig | 0.48 | 7.4 | 0.01 | May 12, 2026 | Windows TCP/IP Denial of Service Vulnerability | ||
| CVE-2026-40413 | Hig | 0.48 | 7.4 | 0.00 | May 12, 2026 | Windows TCP/IP Denial of Service Vulnerability | ||
| CVE-2026-32156 | Hig | 0.48 | 7.4 | 0.00 | Apr 14, 2026 | Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-49690 | Hig | 0.48 | 7.4 | 0.00 | Jul 8, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an unauthorized attacker to elevate privileges locally. | ||
| CVE-2025-24991 | Med | 0.48 | 5.5 | 0.02 | KEV | Mar 11, 2025 | Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally. | |
| CVE-2025-21331 | Hig | 0.48 | 7.3 | 0.01 | Jan 14, 2025 | Windows Installer Elevation of Privilege Vulnerability | ||
| CVE-2024-49107 | Hig | 0.48 | 7.3 | 0.02 | Dec 12, 2024 | WmsRepair Service Elevation of Privilege Vulnerability |
- risk 0.49cvss 7.5epss 0.06
An elevation of privilege vulnerability exists when Microsoft Windows processes group policy updates. An attacker who successfully exploited this vulnerability could potentially escalate permissions or perform additional privileged actions on the target machine. To…
- risk 0.49cvss 7.5epss 0.03
A remote code execution vulnerability exists when the Windows Text Service Module improperly handles memory. An attacker who successfully exploited the vulnerability could gain execution on a victim system. An attacker could host a specially crafted website that is…
- risk 0.49cvss 7.5epss 0.05
A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries. An attacker who successfully exploited this vulnerability could cause the DNS service to become nonresponsive. To exploit the vulnerability, an authenticated attacker…
- risk 0.49cvss 7.5epss 0.03
An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted…
- risk 0.49cvss 7.5epss 0.04
An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit…
- risk 0.49cvss 7.5epss 0.04
A denial of service vulnerability exists when Microsoft Defender improperly handles files, aka 'Microsoft Defender Denial of Service Vulnerability'.
- risk 0.49cvss 7.5epss 0.08
An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system. To exploit this vulnerability, an…
- risk 0.49cvss 7.5epss 0.05
A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to…
- risk 0.49cvss 7.5epss 0.05
A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server. An attacker who successfully exploited the vulnerability could cause the DHCP service to become nonresponsive. To exploit the…
- risk 0.49cvss 7.5epss 0.04
A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured…
- risk 0.49cvss 7.5epss 0.03
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user’s system. To exploit the vulnerability,…
- risk 0.49cvss 7.0epss 0.03
An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an…
- risk 0.49cvss 7.5epss 0.04
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by…
- risk 0.48cvss 7.4epss 0.01
Windows TCP/IP Denial of Service Vulnerability
- risk 0.48cvss 7.4epss 0.00
Windows TCP/IP Denial of Service Vulnerability
- risk 0.48cvss 7.4epss 0.00
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to execute code locally.
- risk 0.48cvss 7.4epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an unauthorized attacker to elevate privileges locally.
- risk 0.48cvss 5.5epss 0.02
Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally.
- risk 0.48cvss 7.3epss 0.01
Windows Installer Elevation of Privilege Vulnerability
- risk 0.48cvss 7.3epss 0.02
WmsRepair Service Elevation of Privilege Vulnerability
Page 102 of 182