Windows Server 2019
by Microsoft
CVEs (3,629)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-35423 | Med | 0.35 | 5.4 | 0.01 | May 12, 2026 | Out-of-bounds read in Telnet Client allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2018-8492 | Med | 0.35 | 5.3 | 0.02 | Oct 10, 2018 | A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10,… | ||
| CVE-2026-45655 | Med | 0.34 | 5.3 | 0.00 | Jun 9, 2026 | Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | ||
| CVE-2026-42914 | Med | 0.34 | 5.3 | 0.01 | Jun 9, 2026 | Windows Kerberos Denial of Service Vulnerability | ||
| CVE-2026-33829 | Med | 0.31 | 4.3 | 0.03 | Apr 14, 2026 | Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network. | ||
| CVE-2026-26175 | Med | 0.30 | 4.6 | 0.00 | Apr 14, 2026 | Use of uninitialized resource in Windows Boot Manager allows an unauthorized attacker to bypass a security feature with a physical attack. | ||
| CVE-2026-20928 | Med | 0.30 | 4.6 | 0.00 | Apr 14, 2026 | Improper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an unauthorized attacker to bypass a security feature with a physical attack. | ||
| CVE-2026-32209 | Med | 0.29 | 4.4 | 0.00 | May 12, 2026 | Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally. | ||
| CVE-2021-40444 | 0.29 | — | 0.97 | KEV | Sep 15, 2021 | Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents. An attacker… | ||
| CVE-2021-34527 | 0.29 | — | 1.00 | KEV | Jul 2, 2021 | A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install… | ||
| CVE-2021-1675 | 0.29 | — | 0.86 | KEV | Jun 8, 2021 | Windows Print Spooler Remote Code Execution Vulnerability | ||
| CVE-2020-1472 | 0.29 | — | 1.00 | KEV | Aug 17, 2020 | An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially… | ||
| CVE-2022-30190 | 0.28 | — | 0.99 | KEV | Jun 1, 2022 | A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then… | ||
| CVE-2021-40449 | 0.28 | — | 0.73 | KEV | Oct 13, 2021 | Win32k Elevation of Privilege Vulnerability | ||
| CVE-2021-36942 | 0.28 | — | 0.66 | KEV | Aug 12, 2021 | Windows LSA Spoofing Vulnerability | ||
| CVE-2021-1732 | 0.28 | — | 0.78 | KEV | Feb 25, 2021 | Windows Win32k Elevation of Privilege Vulnerability | ||
| CVE-2018-8320 | Med | 0.28 | 4.3 | 0.05 | Oct 10, 2018 | A security feature bypass vulnerability exists in DNS Global Blocklist feature, aka "Windows DNS Security Feature Bypass Vulnerability." This affects Windows Server 2012 R2, Windows Server 2008, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows Server 2008… | ||
| CVE-2024-21338 | 0.27 | — | 0.52 | KEV | Feb 13, 2024 | Windows Kernel Elevation of Privilege Vulnerability | ||
| CVE-2022-21999 | 0.27 | — | 0.42 | KEV | Feb 9, 2022 | Windows Print Spooler Elevation of Privilege Vulnerability | ||
| CVE-2024-21412 | 0.26 | — | 0.95 | KEV | Feb 13, 2024 | Internet Shortcut Files Security Feature Bypass Vulnerability |
- risk 0.35cvss 5.4epss 0.01
Out-of-bounds read in Telnet Client allows an unauthorized attacker to disclose information over a network.
- risk 0.35cvss 5.3epss 0.02
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10,…
- risk 0.34cvss 5.3epss 0.00
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
- risk 0.34cvss 5.3epss 0.01
Windows Kerberos Denial of Service Vulnerability
- risk 0.31cvss 4.3epss 0.03
Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network.
- risk 0.30cvss 4.6epss 0.00
Use of uninitialized resource in Windows Boot Manager allows an unauthorized attacker to bypass a security feature with a physical attack.
- risk 0.30cvss 4.6epss 0.00
Improper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an unauthorized attacker to bypass a security feature with a physical attack.
- risk 0.29cvss 4.4epss 0.00
Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally.
- risk 0.29cvss —epss 0.97
Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents. An attacker…
- risk 0.29cvss —epss 1.00
A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install…
- risk 0.29cvss —epss 0.86
Windows Print Spooler Remote Code Execution Vulnerability
- risk 0.29cvss —epss 1.00
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially…
- risk 0.28cvss —epss 0.99
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then…
- risk 0.28cvss —epss 0.73
Win32k Elevation of Privilege Vulnerability
- risk 0.28cvss —epss 0.66
Windows LSA Spoofing Vulnerability
- risk 0.28cvss —epss 0.78
Windows Win32k Elevation of Privilege Vulnerability
- risk 0.28cvss 4.3epss 0.05
A security feature bypass vulnerability exists in DNS Global Blocklist feature, aka "Windows DNS Security Feature Bypass Vulnerability." This affects Windows Server 2012 R2, Windows Server 2008, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows Server 2008…
- risk 0.27cvss —epss 0.52
Windows Kernel Elevation of Privilege Vulnerability
- risk 0.27cvss —epss 0.42
Windows Print Spooler Elevation of Privilege Vulnerability
- risk 0.26cvss —epss 0.95
Internet Shortcut Files Security Feature Bypass Vulnerability
Page 14 of 182