Windows Server 2019
by Microsoft
CVEs (3,629)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-21972 | 0.04 | — | 0.81 | May 10, 2022 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | |||
| CVE-2022-24500 | 0.04 | — | 0.39 | Apr 15, 2022 | Windows SMB Remote Code Execution Vulnerability | |||
| CVE-2021-28476 | 0.04 | — | 0.38 | May 11, 2021 | Windows Hyper-V Remote Code Execution Vulnerability | |||
| CVE-2021-24086 | 0.04 | — | 0.59 | Feb 25, 2021 | Windows TCP/IP Denial of Service Vulnerability | |||
| CVE-2019-1184 | 0.04 | — | 0.70 | Aug 14, 2019 | An elevation of privilege vulnerability exists when Windows Core Shell COM Server Registrar improperly handles COM calls. An attacker who successfully exploited this vulnerability could potentially set certain items to run at a higher level and thereby elevate permissions. To… | |||
| CVE-2019-0573 | 0.04 | — | 0.20 | Jan 8, 2019 | An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10… | |||
| CVE-2019-0571 | 0.04 | — | 0.16 | Jan 8, 2019 | An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10… | |||
| CVE-2018-8476 | 0.04 | — | 0.63 | Nov 14, 2018 | A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory, aka "Windows Deployment Services TFTP Server Remote Code Execution Vulnerability." This affects Windows Server 2012 R2, Windows Server 2008, Windows… | |||
| CVE-2026-21244 | 0.03 | — | 0.01 | Feb 10, 2026 | Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally. | |||
| CVE-2026-21248 | 0.03 | — | 0.01 | Feb 10, 2026 | Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally. | |||
| CVE-2025-59254 | 0.03 | — | 0.01 | Oct 14, 2025 | Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-53722 | 0.03 | — | 0.17 | Aug 12, 2025 | Uncontrolled resource consumption in Windows Remote Desktop Services allows an unauthorized attacker to deny service over a network. | |||
| CVE-2025-50172 | 0.03 | — | 0.01 | Aug 12, 2025 | Allocation of resources without limits or throttling in Windows DirectX allows an authorized attacker to deny service over a network. | |||
| CVE-2025-49744 | 0.03 | — | 0.01 | Jul 8, 2025 | Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-49730 | 0.03 | — | 0.01 | Jul 8, 2025 | Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-49683 | 0.03 | — | 0.02 | Jul 8, 2025 | Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-49716 | 0.03 | — | 0.01 | Jul 8, 2025 | Uncontrolled resource consumption in Windows Netlogon allows an unauthorized attacker to deny service over a network. | |||
| CVE-2025-33068 | 0.03 | — | 0.01 | Jun 10, 2025 | Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. | |||
| CVE-2025-26677 | 0.03 | — | 0.01 | May 13, 2025 | Uncontrolled resource consumption in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network. | |||
| CVE-2025-21420 | 0.03 | — | 0.03 | Feb 11, 2025 | Windows Disk Cleanup Tool Elevation of Privilege Vulnerability |
- CVE-2022-21972May 10, 2022risk 0.04cvss —epss 0.81
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
- CVE-2022-24500Apr 15, 2022risk 0.04cvss —epss 0.39
Windows SMB Remote Code Execution Vulnerability
- CVE-2021-28476May 11, 2021risk 0.04cvss —epss 0.38
Windows Hyper-V Remote Code Execution Vulnerability
- CVE-2021-24086Feb 25, 2021risk 0.04cvss —epss 0.59
Windows TCP/IP Denial of Service Vulnerability
- CVE-2019-1184Aug 14, 2019risk 0.04cvss —epss 0.70
An elevation of privilege vulnerability exists when Windows Core Shell COM Server Registrar improperly handles COM calls. An attacker who successfully exploited this vulnerability could potentially set certain items to run at a higher level and thereby elevate permissions. To…
- CVE-2019-0573Jan 8, 2019risk 0.04cvss —epss 0.20
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10…
- CVE-2019-0571Jan 8, 2019risk 0.04cvss —epss 0.16
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10…
- CVE-2018-8476Nov 14, 2018risk 0.04cvss —epss 0.63
A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory, aka "Windows Deployment Services TFTP Server Remote Code Execution Vulnerability." This affects Windows Server 2012 R2, Windows Server 2008, Windows…
- CVE-2026-21244Feb 10, 2026risk 0.03cvss —epss 0.01
Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.
- CVE-2026-21248Feb 10, 2026risk 0.03cvss —epss 0.01
Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.
- CVE-2025-59254Oct 14, 2025risk 0.03cvss —epss 0.01
Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
- CVE-2025-53722Aug 12, 2025risk 0.03cvss —epss 0.17
Uncontrolled resource consumption in Windows Remote Desktop Services allows an unauthorized attacker to deny service over a network.
- CVE-2025-50172Aug 12, 2025risk 0.03cvss —epss 0.01
Allocation of resources without limits or throttling in Windows DirectX allows an authorized attacker to deny service over a network.
- CVE-2025-49744Jul 8, 2025risk 0.03cvss —epss 0.01
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
- CVE-2025-49730Jul 8, 2025risk 0.03cvss —epss 0.01
Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally.
- CVE-2025-49683Jul 8, 2025risk 0.03cvss —epss 0.02
Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to execute code locally.
- CVE-2025-49716Jul 8, 2025risk 0.03cvss —epss 0.01
Uncontrolled resource consumption in Windows Netlogon allows an unauthorized attacker to deny service over a network.
- CVE-2025-33068Jun 10, 2025risk 0.03cvss —epss 0.01
Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.
- CVE-2025-26677May 13, 2025risk 0.03cvss —epss 0.01
Uncontrolled resource consumption in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network.
- CVE-2025-21420Feb 11, 2025risk 0.03cvss —epss 0.03
Windows Disk Cleanup Tool Elevation of Privilege Vulnerability
Page 23 of 182