Windows Server 2019
by Microsoft
CVEs (3,629)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-28252 | 0.26 | — | 0.49 | KEV | Apr 11, 2023 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | ||
| CVE-2021-42287 | 0.26 | — | 0.74 | KEV | Nov 10, 2021 | Active Directory Domain Services Elevation of Privilege Vulnerability | ||
| CVE-2021-42278 | 0.26 | — | 0.70 | KEV | Nov 10, 2021 | Active Directory Domain Services Elevation of Privilege Vulnerability | ||
| CVE-2026-45642 | Low | 0.25 | 3.9 | 0.00 | Jun 9, 2026 | Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack. | ||
| CVE-2025-26633 | 0.25 | — | 0.32 | KEV | Mar 11, 2025 | Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally. | ||
| CVE-2024-30088 | 0.25 | — | 0.68 | KEV | Jun 11, 2024 | Windows Kernel Elevation of Privilege Vulnerability | ||
| CVE-2023-36884 | 0.25 | — | 0.99 | KEV | Jul 11, 2023 | Windows Search Remote Code Execution Vulnerability | ||
| CVE-2023-24880 | 0.24 | — | 0.78 | KEV | Mar 14, 2023 | Windows SmartScreen Security Feature Bypass Vulnerability | ||
| CVE-2024-49039 | 0.23 | — | 0.14 | KEV | Nov 12, 2024 | Windows Task Scheduler Elevation of Privilege Vulnerability | ||
| CVE-2022-44698 | 0.23 | — | 0.76 | KEV | Dec 13, 2022 | Windows SmartScreen Security Feature Bypass Vulnerability | ||
| CVE-2020-24588 | Low | 0.23 | 3.5 | 0.04 | May 11, 2021 | The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is… | ||
| CVE-2024-49138 | 0.22 | — | 0.25 | KEV | Dec 10, 2024 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | ||
| CVE-2024-30051 | 0.22 | — | 0.06 | KEV | May 14, 2024 | Windows DWM Core Library Elevation of Privilege Vulnerability | ||
| CVE-2022-26923 | 0.22 | — | 0.83 | KEV | May 10, 2022 | Active Directory Domain Services Elevation of Privilege Vulnerability | ||
| CVE-2022-21882 | 0.22 | — | 0.56 | KEV | Jan 11, 2022 | Win32k Elevation of Privilege Vulnerability | ||
| CVE-2025-59287 | 0.21 | — | 1.00 | KEV | Oct 14, 2025 | Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network. | ||
| CVE-2024-38193 | 0.21 | — | 0.28 | KEV | Aug 13, 2024 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | ||
| CVE-2024-26169 | 0.21 | — | 0.04 | KEV | Mar 12, 2024 | Windows Error Reporting Service Elevation of Privilege Vulnerability | ||
| CVE-2023-36874 | 0.21 | — | 0.32 | KEV | Jul 11, 2023 | Windows Error Reporting Service Elevation of Privilege Vulnerability | ||
| CVE-2019-1069 | 0.21 | — | 0.06 | KEV | Jun 12, 2019 | An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations. An attacker who successfully exploited the vulnerability could gain elevated privileges on a victim system. To exploit the vulnerability, an attacker would… |
- risk 0.26cvss —epss 0.49
Windows Common Log File System Driver Elevation of Privilege Vulnerability
- risk 0.26cvss —epss 0.74
Active Directory Domain Services Elevation of Privilege Vulnerability
- risk 0.26cvss —epss 0.70
Active Directory Domain Services Elevation of Privilege Vulnerability
- risk 0.25cvss 3.9epss 0.00
Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.
- risk 0.25cvss —epss 0.32
Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.
- risk 0.25cvss —epss 0.68
Windows Kernel Elevation of Privilege Vulnerability
- risk 0.25cvss —epss 0.99
Windows Search Remote Code Execution Vulnerability
- risk 0.24cvss —epss 0.78
Windows SmartScreen Security Feature Bypass Vulnerability
- risk 0.23cvss —epss 0.14
Windows Task Scheduler Elevation of Privilege Vulnerability
- risk 0.23cvss —epss 0.76
Windows SmartScreen Security Feature Bypass Vulnerability
- risk 0.23cvss 3.5epss 0.04
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is…
- risk 0.22cvss —epss 0.25
Windows Common Log File System Driver Elevation of Privilege Vulnerability
- risk 0.22cvss —epss 0.06
Windows DWM Core Library Elevation of Privilege Vulnerability
- risk 0.22cvss —epss 0.83
Active Directory Domain Services Elevation of Privilege Vulnerability
- risk 0.22cvss —epss 0.56
Win32k Elevation of Privilege Vulnerability
- risk 0.21cvss —epss 1.00
Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
- risk 0.21cvss —epss 0.28
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
- risk 0.21cvss —epss 0.04
Windows Error Reporting Service Elevation of Privilege Vulnerability
- risk 0.21cvss —epss 0.32
Windows Error Reporting Service Elevation of Privilege Vulnerability
- risk 0.21cvss —epss 0.06
An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations. An attacker who successfully exploited the vulnerability could gain elevated privileges on a victim system. To exploit the vulnerability, an attacker would…
Page 15 of 182