Windows Server 2019
by Microsoft
CVEs (3,628)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-48563 | Hig | 0.49 | 7.5 | 0.01 | Jun 9, 2026 | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-47654 | Hig | 0.49 | 7.5 | 0.01 | Jun 9, 2026 | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-44801 | Hig | 0.49 | 7.5 | 0.00 | Jun 9, 2026 | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-42992 | Hig | 0.49 | 7.5 | 0.00 | Jun 9, 2026 | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-42909 | Hig | 0.49 | 7.5 | 0.00 | Jun 9, 2026 | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-40406 | Hig | 0.49 | 7.5 | 0.01 | May 12, 2026 | Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2026-35424 | Hig | 0.49 | 7.5 | 0.01 | May 12, 2026 | Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network. | ||
| CVE-2026-32071 | Hig | 0.49 | 7.5 | 0.01 | Apr 14, 2026 | Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network. | ||
| CVE-2026-26154 | Hig | 0.49 | 7.5 | 0.01 | Apr 14, 2026 | Improper input validation in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network. | ||
| CVE-2026-20921 | Hig | 0.49 | 7.5 | 0.01 | Jan 13, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2025-60704 | Hig | 0.49 | 7.5 | 0.00 | Nov 11, 2025 | Missing cryptographic step in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network. | ||
| CVE-2025-59502 | Hig | 0.49 | 7.5 | 0.01 | Oct 14, 2025 | Uncontrolled resource consumption in Windows Remote Procedure Call allows an unauthorized attacker to deny service over a network. | ||
| CVE-2025-58726 | Hig | 0.49 | 7.5 | 0.01 | Oct 14, 2025 | Improper access control in Windows SMB Server allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2025-55326 | Hig | 0.49 | 7.5 | 0.01 | Oct 14, 2025 | Use after free in Connected Devices Platform Service (Cdpsvc) allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-54919 | Hig | 0.49 | 7.5 | 0.00 | Sep 9, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally. | ||
| CVE-2025-55231 | Hig | 0.49 | 7.5 | 0.00 | Aug 21, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Storage allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-49744 | Hig | 0.49 | 7.0 | 0.01 | Jul 8, 2025 | Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-49716 | Hig | 0.49 | 7.5 | 0.01 | Jul 8, 2025 | Uncontrolled resource consumption in Windows Netlogon allows an unauthorized attacker to deny service over a network. | ||
| CVE-2025-48814 | Hig | 0.49 | 7.5 | 0.01 | Jul 8, 2025 | Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an unauthorized attacker to bypass a security feature over a network. | ||
| CVE-2025-33068 | Hig | 0.49 | 7.5 | 0.01 | Jun 10, 2025 | Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. |
- risk 0.49cvss 7.5epss 0.01
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
- risk 0.49cvss 7.5epss 0.01
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
- risk 0.49cvss 7.5epss 0.00
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
- risk 0.49cvss 7.5epss 0.00
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
- risk 0.49cvss 7.5epss 0.00
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
- risk 0.49cvss 7.5epss 0.01
Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.
- risk 0.49cvss 7.5epss 0.01
Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network.
- risk 0.49cvss 7.5epss 0.01
Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.
- risk 0.49cvss 7.5epss 0.01
Improper input validation in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network.
- risk 0.49cvss 7.5epss 0.01
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.
- risk 0.49cvss 7.5epss 0.00
Missing cryptographic step in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network.
- risk 0.49cvss 7.5epss 0.01
Uncontrolled resource consumption in Windows Remote Procedure Call allows an unauthorized attacker to deny service over a network.
- risk 0.49cvss 7.5epss 0.01
Improper access control in Windows SMB Server allows an authorized attacker to elevate privileges over a network.
- risk 0.49cvss 7.5epss 0.01
Use after free in Connected Devices Platform Service (Cdpsvc) allows an unauthorized attacker to execute code over a network.
- risk 0.49cvss 7.5epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally.
- risk 0.49cvss 7.5epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Storage allows an unauthorized attacker to execute code over a network.
- risk 0.49cvss 7.0epss 0.01
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
- risk 0.49cvss 7.5epss 0.01
Uncontrolled resource consumption in Windows Netlogon allows an unauthorized attacker to deny service over a network.
- risk 0.49cvss 7.5epss 0.01
Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an unauthorized attacker to bypass a security feature over a network.
- risk 0.49cvss 7.5epss 0.01
Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.
Page 94 of 182