Windows Server 2019
by Microsoft
CVEs (3,629)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-29832 | 0.00 | — | 0.01 | May 13, 2025 | Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | |||
| CVE-2025-29831 | 0.00 | — | 0.01 | May 13, 2025 | Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. | |||
| CVE-2025-29830 | 0.00 | — | 0.01 | May 13, 2025 | Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | |||
| CVE-2025-29829 | 0.00 | — | 0.00 | May 13, 2025 | Use of uninitialized resource in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally. | |||
| CVE-2025-27488 | 0.00 | — | 0.00 | May 13, 2025 | Use of hard-coded credentials in Windows Hardware Lab Kit allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-30394 | 0.00 | — | 0.21 | May 13, 2025 | Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network. | |||
| CVE-2025-27468 | 0.00 | — | 0.00 | May 13, 2025 | Improper privilege management in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-29969 | 0.00 | — | 0.01 | May 13, 2025 | Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a network. | |||
| CVE-2025-29967 | 0.00 | — | 0.01 | May 13, 2025 | Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. | |||
| CVE-2025-29966 | 0.00 | — | 0.01 | May 13, 2025 | Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network. | |||
| CVE-2025-29964 | 0.00 | — | 0.01 | May 13, 2025 | Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. | |||
| CVE-2025-29960 | 0.00 | — | 0.01 | May 13, 2025 | Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | |||
| CVE-2025-29959 | 0.00 | — | 0.01 | May 13, 2025 | Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | |||
| CVE-2025-24060 | 0.00 | — | 0.01 | Apr 8, 2025 | Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-29810 | 0.00 | — | 0.02 | Apr 8, 2025 | Improper access control in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network. | |||
| CVE-2025-29809 | 0.00 | — | 0.04 | Apr 8, 2025 | Insecure storage of sensitive information in Windows Kerberos allows an authorized attacker to bypass a security feature locally. | |||
| CVE-2025-27739 | 0.00 | — | 0.01 | Apr 8, 2025 | Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-27738 | 0.00 | — | 0.03 | Apr 8, 2025 | Improper access control in Windows Resilient File System (ReFS) allows an authorized attacker to disclose information over a network. | |||
| CVE-2025-27737 | 0.00 | — | 0.01 | Apr 8, 2025 | Improper input validation in Windows Security Zone Mapping allows an unauthorized attacker to bypass a security feature locally. | |||
| CVE-2025-27736 | 0.00 | — | 0.01 | Apr 8, 2025 | Exposure of sensitive information to an unauthorized actor in Windows Power Dependency Coordinator allows an authorized attacker to disclose information locally. |
- CVE-2025-29832May 13, 2025risk 0.00cvss —epss 0.01
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
- CVE-2025-29831May 13, 2025risk 0.00cvss —epss 0.01
Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.
- CVE-2025-29830May 13, 2025risk 0.00cvss —epss 0.01
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
- CVE-2025-29829May 13, 2025risk 0.00cvss —epss 0.00
Use of uninitialized resource in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally.
- CVE-2025-27488May 13, 2025risk 0.00cvss —epss 0.00
Use of hard-coded credentials in Windows Hardware Lab Kit allows an authorized attacker to elevate privileges locally.
- CVE-2025-30394May 13, 2025risk 0.00cvss —epss 0.21
Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network.
- CVE-2025-27468May 13, 2025risk 0.00cvss —epss 0.00
Improper privilege management in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally.
- CVE-2025-29969May 13, 2025risk 0.00cvss —epss 0.01
Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a network.
- CVE-2025-29967May 13, 2025risk 0.00cvss —epss 0.01
Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.
- CVE-2025-29966May 13, 2025risk 0.00cvss —epss 0.01
Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network.
- CVE-2025-29964May 13, 2025risk 0.00cvss —epss 0.01
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.
- CVE-2025-29960May 13, 2025risk 0.00cvss —epss 0.01
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
- CVE-2025-29959May 13, 2025risk 0.00cvss —epss 0.01
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
- CVE-2025-24060Apr 8, 2025risk 0.00cvss —epss 0.01
Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
- CVE-2025-29810Apr 8, 2025risk 0.00cvss —epss 0.02
Improper access control in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network.
- CVE-2025-29809Apr 8, 2025risk 0.00cvss —epss 0.04
Insecure storage of sensitive information in Windows Kerberos allows an authorized attacker to bypass a security feature locally.
- CVE-2025-27739Apr 8, 2025risk 0.00cvss —epss 0.01
Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.
- CVE-2025-27738Apr 8, 2025risk 0.00cvss —epss 0.03
Improper access control in Windows Resilient File System (ReFS) allows an authorized attacker to disclose information over a network.
- CVE-2025-27737Apr 8, 2025risk 0.00cvss —epss 0.01
Improper input validation in Windows Security Zone Mapping allows an unauthorized attacker to bypass a security feature locally.
- CVE-2025-27736Apr 8, 2025risk 0.00cvss —epss 0.01
Exposure of sensitive information to an unauthorized actor in Windows Power Dependency Coordinator allows an authorized attacker to disclose information locally.
Page 149 of 182