Windows Server 2019 Security Vulnerabilities - CVSS Score 9 - 10
A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory, aka "Windows Deployment Services TFTP Server Remote Code Execution Vulnerability." This affects Windows Server 2012 R2, Windows Server 2008, Windows Server 2012, Windows S...
9.8CVSS
7.7AI Score
0.223EPSS
A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers when they fail to properly handle requests, aka "Windows DNS Server Heap Overflow Vulnerability." This affects Windows Server 2012 R2, Windows Server 2019, Windows Server 2016, Windows 10, Windows 10 Servers.
9.8CVSS
9.5AI Score
0.038EPSS
A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server, aka 'Windows DHCP Server Remote Code Execution Vulnerability'.
9.8CVSS
9.5AI Score
0.842EPSS
A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows DHCP Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0698, CVE-2019-0726.
9.8CVSS
9.5AI Score
0.928EPSS
A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows DHCP Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0697, CVE-2019-0726.
9.8CVSS
9.5AI Score
0.928EPSS
A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0721.
9.1CVSS
9.4AI Score
0.01EPSS
A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0719.
9.1CVSS
9.4AI Score
0.01EPSS
A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially crafted packets, aka 'Windows DHCP Server Remote Code Execution Vulnerability'.
9.8CVSS
7.9AI Score
0.068EPSS
A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows DHCP Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0697, CVE-2019-0698.
9.8CVSS
9.5AI Score
0.928EPSS
A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server, aka 'Windows DHCP Server Remote Code Execution Vulnerability'.
9.8CVSS
7.9AI Score
0.061EPSS
An elevation of privilege vulnerability exists in the Microsoft Server Message Block (SMB) Server when an attacker with valid credentials attempts to open a specially crafted file over the SMB protocol on the same machine, aka 'SMB Server Elevation of Privilege Vulnerability'.
9.8CVSS
8.3AI Score
0.009EPSS
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. A...
9.8CVSS
9.6AI Score
0.098EPSS
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. A...
A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially crafted packets. An attacker who successfully exploited the vulnerability could cause the DHCP server service to stop responding.To exploit the vulnerability, a remote unauthenticated attacker coul...
9.8CVSS
7.4AI Score
0.121EPSS
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. A...
9.8CVSS
9.6AI Score
0.098EPSS
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. A...
9.8CVSS
9.6AI Score
0.098EPSS
An elevation of privilege vulnerability exists when Microsoft IIS Server fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability can allow an unprivileged function ran by the user to execute code in the context of NT AUTHORITY\sy...
9.9CVSS
9.3AI Score
0.002EPSS
A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages.To exploit this vulnerability, an attacker could send a specially crafted authentication request, aka 'Microsoft Windows Security Feature Bypass Vulnerability'.
9.9CVSS
9.2AI Score
0.002EPSS
A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'. This CVE ...
A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'. This CVE ...
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code Execution Injection Vulnerability'.
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'.
9.8CVSS
9.3AI Score
0.005EPSS
An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'.
9.9CVSS
8.5AI Score
0.002EPSS
9.8CVSS
9.5AI Score
0.035EPSS
9.8CVSS
9.5AI Score
0.035EPSS
9.8CVSS
9.5AI Score
0.035EPSS
9.8CVSS
9.6AI Score
0.035EPSS
9.8CVSS
9.5AI Score
0.035EPSS
9.9CVSS
8.7AI Score
0.022EPSS
9.8CVSS
8.7AI Score
0.052EPSS
9CVSS
9.2AI Score
0.004EPSS
9.8CVSS
9.5AI Score
0.035EPSS
9.8CVSS
9.4AI Score
0.035EPSS
9.8CVSS
9.4AI Score
0.035EPSS
9.8CVSS
9.4AI Score
0.035EPSS
9.8CVSS
9.5AI Score
0.035EPSS
9.9CVSS
9.5AI Score
0.113EPSS
9.4CVSS
8.9AI Score
0.004EPSS
9.9CVSS
9.2AI Score
0.022EPSS
9.8CVSS
9.2AI Score
0.026EPSS
Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability
9.8CVSS
9.5AI Score
0.031EPSS
9.8CVSS
9.5AI Score
0.031EPSS
9.8CVSS
9.4AI Score
0.031EPSS
9CVSS
8AI Score
0.0004EPSS
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
9.8CVSS
9AI Score
0.028EPSS
9.8CVSS
9.5AI Score
0.062EPSS
9.8CVSS
9.5AI Score
0.062EPSS
9.8CVSS
9.4AI Score
0.062EPSS