Windows Server 2019
by Microsoft
CVEs (3,628)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-25169 | 0.00 | — | 0.00 | Mar 10, 2026 | Divide by zero in Microsoft Graphics Component allows an unauthorized attacker to deny service locally. | |||
| CVE-2026-25168 | 0.00 | — | 0.00 | Mar 10, 2026 | Null pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to deny service locally. | |||
| CVE-2026-25165 | 0.00 | — | 0.00 | Mar 10, 2026 | Null pointer dereference in Windows Performance Counters allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-24297 | 0.00 | — | 0.00 | Mar 10, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kerberos allows an unauthorized attacker to bypass a security feature over a network. | |||
| CVE-2026-24296 | 0.00 | — | 0.00 | Mar 10, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Device Association Service allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-24295 | 0.00 | — | 0.00 | Mar 10, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Device Association Service allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-24294 | 0.00 | — | 0.03 | Mar 10, 2026 | Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-24292 | 0.00 | — | 0.00 | Mar 10, 2026 | Use after free in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-24291 | 0.00 | — | 0.03 | Mar 10, 2026 | Incorrect permission assignment for critical resource in Windows Accessibility Infrastructure (ATBroker.exe) allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-24290 | 0.00 | — | 0.00 | Mar 10, 2026 | Improper access control in Windows Projected File System allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-24289 | 0.00 | — | 0.04 | Mar 10, 2026 | Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-24287 | 0.00 | — | 0.00 | Mar 10, 2026 | External control of file name or path in Windows Kernel allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-23673 | 0.00 | — | 0.00 | Mar 10, 2026 | Out-of-bounds read in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-23672 | 0.00 | — | 0.00 | Mar 10, 2026 | Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability | |||
| CVE-2026-23671 | 0.00 | — | 0.00 | Mar 10, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-23669 | 0.00 | — | 0.01 | Mar 10, 2026 | Use after free in RPC Runtime allows an authorized attacker to execute code over a network. | |||
| CVE-2026-23668 | 0.00 | — | 0.04 | Mar 10, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-20846 | 0.00 | — | 0.01 | Feb 10, 2026 | Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network. | |||
| CVE-2026-21222 | 0.00 | — | 0.01 | Feb 10, 2026 | Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally. | |||
| CVE-2026-21231 | 0.00 | — | 0.02 | Feb 10, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally. |
- CVE-2026-25169Mar 10, 2026risk 0.00cvss —epss 0.00
Divide by zero in Microsoft Graphics Component allows an unauthorized attacker to deny service locally.
- CVE-2026-25168Mar 10, 2026risk 0.00cvss —epss 0.00
Null pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to deny service locally.
- CVE-2026-25165Mar 10, 2026risk 0.00cvss —epss 0.00
Null pointer dereference in Windows Performance Counters allows an authorized attacker to elevate privileges locally.
- CVE-2026-24297Mar 10, 2026risk 0.00cvss —epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kerberos allows an unauthorized attacker to bypass a security feature over a network.
- CVE-2026-24296Mar 10, 2026risk 0.00cvss —epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Device Association Service allows an authorized attacker to elevate privileges locally.
- CVE-2026-24295Mar 10, 2026risk 0.00cvss —epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Device Association Service allows an authorized attacker to elevate privileges locally.
- CVE-2026-24294Mar 10, 2026risk 0.00cvss —epss 0.03
Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally.
- CVE-2026-24292Mar 10, 2026risk 0.00cvss —epss 0.00
Use after free in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.
- CVE-2026-24291Mar 10, 2026risk 0.00cvss —epss 0.03
Incorrect permission assignment for critical resource in Windows Accessibility Infrastructure (ATBroker.exe) allows an authorized attacker to elevate privileges locally.
- CVE-2026-24290Mar 10, 2026risk 0.00cvss —epss 0.00
Improper access control in Windows Projected File System allows an authorized attacker to elevate privileges locally.
- CVE-2026-24289Mar 10, 2026risk 0.00cvss —epss 0.04
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
- CVE-2026-24287Mar 10, 2026risk 0.00cvss —epss 0.00
External control of file name or path in Windows Kernel allows an authorized attacker to elevate privileges locally.
- CVE-2026-23673Mar 10, 2026risk 0.00cvss —epss 0.00
Out-of-bounds read in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally.
- CVE-2026-23672Mar 10, 2026risk 0.00cvss —epss 0.00
Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
- CVE-2026-23671Mar 10, 2026risk 0.00cvss —epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to elevate privileges locally.
- CVE-2026-23669Mar 10, 2026risk 0.00cvss —epss 0.01
Use after free in RPC Runtime allows an authorized attacker to execute code over a network.
- CVE-2026-23668Mar 10, 2026risk 0.00cvss —epss 0.04
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
- CVE-2026-20846Feb 10, 2026risk 0.00cvss —epss 0.01
Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network.
- CVE-2026-21222Feb 10, 2026risk 0.00cvss —epss 0.01
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.
- CVE-2026-21231Feb 10, 2026risk 0.00cvss —epss 0.02
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.
Page 125 of 182