Windows Server 2019
by Microsoft
CVEs (3,628)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-3900 | Med | 0.51 | 5.5 | 0.45 | KEV | Dec 11, 2013 | Why is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update the Security Updates table and to inform customers that the EnableCertPaddingCheck is available in all currently supported versions of Windows 10 and Windows… | |
| CVE-2026-27913 | Hig | 0.50 | 7.7 | 0.00 | Apr 14, 2026 | Improper input validation in Windows BitLocker allows an unauthorized attacker to bypass a security feature locally. | ||
| CVE-2025-59200 | Hig | 0.50 | 7.7 | 0.01 | Oct 14, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Data Sharing Service Client allows an unauthorized attacker to perform spoofing locally. | ||
| CVE-2025-53722 | Hig | 0.50 | 7.5 | 0.17 | Aug 12, 2025 | Uncontrolled resource consumption in Windows Remote Desktop Services allows an unauthorized attacker to deny service over a network. | ||
| CVE-2025-47984 | Hig | 0.50 | 7.5 | 0.14 | Jul 8, 2025 | Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2025-29833 | Hig | 0.50 | 7.7 | 0.00 | May 13, 2025 | Time-of-check time-of-use (toctou) race condition in Windows Virtual Machine Bus allows an unauthorized attacker to execute code locally. | ||
| CVE-2023-38162 | Hig | 0.50 | 7.5 | 0.10 | Sep 12, 2023 | DHCP Server Service Denial of Service Vulnerability | ||
| CVE-2021-40463 | Hig | 0.50 | 7.7 | 0.02 | Oct 13, 2021 | Windows Network Address Translation (NAT) Denial of Service Vulnerability | ||
| CVE-2021-26416 | Hig | 0.50 | 7.7 | 0.04 | Apr 13, 2021 | Windows Hyper-V Denial of Service Vulnerability | ||
| CVE-2021-1692 | Hig | 0.50 | 7.7 | 0.04 | Jan 12, 2021 | Windows Hyper-V Denial of Service Vulnerability | ||
| CVE-2021-1638 | Hig | 0.50 | 7.7 | 0.01 | Jan 12, 2021 | Microsoft is aware of the "Impersonation in the Passkey Entry Protocol" vulnerability. For more information regarding the vulnerability, please see this statement from the Bluetooth SIG. To address the vulnerability, Microsoft has released a software update that… | ||
| CVE-2020-17096 | Hig | 0.50 | 7.5 | 0.19 | Dec 10, 2020 | Windows NTFS Remote Code Execution Vulnerability | ||
| CVE-2020-16997 | Hig | 0.50 | 7.7 | 0.04 | Nov 11, 2020 | Remote Desktop Protocol Server Information Disclosure Vulnerability | ||
| CVE-2020-16899 | Hig | 0.50 | 7.5 | 0.13 | Oct 16, 2020 | A denial of service vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could cause a target system to stop responding. To exploit this vulnerability, an… | ||
| CVE-2020-16896 | Hig | 0.50 | 7.5 | 0.10 | Oct 16, 2020 | An information disclosure vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could obtain information to further… | ||
| CVE-2020-1593 | Hig | 0.50 | 7.6 | 0.03 | Sep 11, 2020 | A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the… | ||
| CVE-2020-1508 | Hig | 0.50 | 7.6 | 0.03 | Sep 11, 2020 | A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the… | ||
| CVE-2019-1225 | Hig | 0.50 | 7.5 | 0.10 | Aug 14, 2019 | An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system. To exploit this vulnerability, an… | ||
| CVE-2019-0965 | Hig | 0.50 | 7.6 | 0.01 | Aug 14, 2019 | A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating… | ||
| CVE-2019-0620 | Hig | 0.50 | 7.6 | 0.01 | Jun 12, 2019 | A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating… |
- risk 0.51cvss 5.5epss 0.45
Why is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update the Security Updates table and to inform customers that the EnableCertPaddingCheck is available in all currently supported versions of Windows 10 and Windows…
- risk 0.50cvss 7.7epss 0.00
Improper input validation in Windows BitLocker allows an unauthorized attacker to bypass a security feature locally.
- risk 0.50cvss 7.7epss 0.01
Concurrent execution using shared resource with improper synchronization ('race condition') in Data Sharing Service Client allows an unauthorized attacker to perform spoofing locally.
- risk 0.50cvss 7.5epss 0.17
Uncontrolled resource consumption in Windows Remote Desktop Services allows an unauthorized attacker to deny service over a network.
- risk 0.50cvss 7.5epss 0.14
Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network.
- risk 0.50cvss 7.7epss 0.00
Time-of-check time-of-use (toctou) race condition in Windows Virtual Machine Bus allows an unauthorized attacker to execute code locally.
- risk 0.50cvss 7.5epss 0.10
DHCP Server Service Denial of Service Vulnerability
- risk 0.50cvss 7.7epss 0.02
Windows Network Address Translation (NAT) Denial of Service Vulnerability
- risk 0.50cvss 7.7epss 0.04
Windows Hyper-V Denial of Service Vulnerability
- risk 0.50cvss 7.7epss 0.04
Windows Hyper-V Denial of Service Vulnerability
- risk 0.50cvss 7.7epss 0.01
Microsoft is aware of the "Impersonation in the Passkey Entry Protocol" vulnerability. For more information regarding the vulnerability, please see this statement from the Bluetooth SIG. To address the vulnerability, Microsoft has released a software update that…
- risk 0.50cvss 7.5epss 0.19
Windows NTFS Remote Code Execution Vulnerability
- risk 0.50cvss 7.7epss 0.04
Remote Desktop Protocol Server Information Disclosure Vulnerability
- risk 0.50cvss 7.5epss 0.13
A denial of service vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could cause a target system to stop responding. To exploit this vulnerability, an…
- risk 0.50cvss 7.5epss 0.10
An information disclosure vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could obtain information to further…
- risk 0.50cvss 7.6epss 0.03
A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the…
- risk 0.50cvss 7.6epss 0.03
A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the…
- risk 0.50cvss 7.5epss 0.10
An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system. To exploit this vulnerability, an…
- risk 0.50cvss 7.6epss 0.01
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating…
- risk 0.50cvss 7.6epss 0.01
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating…
Page 93 of 182