Windows Server 2019 Security Vulnerabilities and Issues — Page 3 of Windows Server 2019 CVE List

An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries.To exploit this vulnerability, an attacker would have to log on to an a...

5.6CVSS6.8AI score0.15102EPSS

CVE•added 2022/05/10 9:15 p.m.•583 views

CVE-2022-29130

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

9.8CVSS9.4AI score0.06808EPSS

CVE•added 2022/07/12 11:15 p.m.•576 views

CVE-2022-30209

Windows IIS Server Elevation of Privilege Vulnerability

7.4CVSS7.9AI score0.01421EPSS

CVE•added 2023/07/11 6:15 p.m.•557 views

CVE-2023-36874

Windows Error Reporting Service Elevation of Privilege Vulnerability

7.8CVSS8.7AI score0.66165EPSS

CVE•added 2024/02/13 6:15 p.m.•554 views

CVE-2024-21338

Windows Kernel Elevation of Privilege Vulnerability

7.8CVSS8.1AI score0.7979EPSS

CVE•added 2023/03/14 5:15 p.m.•553 views

CVE-2023-23415

Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability

9.8CVSS9.7AI score0.03976EPSS

CVE•added 2025/04/08 6:16 p.m.•546 views

CVE-2025-29824

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

7.8CVSS7.5AI score0.02117EPSS

CVE•added 2024/08/08 2:15 a.m.•531 views

CVE-2024-21302

Summary:As of July 8, 2025 Microsoft has completed mitigations to address this vulnerability. See KB5042562: Guidance for blocking rollback of virtualization-based security related updates and the Recommended Actions section of this CVE for guidance on how to protect your systems from this vulnerab...

6.7CVSS5.8AI score0.00598EPSS

CVE•added 2024/02/13 6:15 p.m.•525 views

CVE-2024-21412

Internet Shortcut Files Security Feature Bypass Vulnerability

8.1CVSS8.3AI score0.93777EPSS

CVE•added 2021/05/11 8:15 p.m.•521 views

CVE-2020-24588

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802...

3.5CVSS6.4AI score0.00848EPSS

CVE•added 2023/09/12 5:15 p.m.•515 views

CVE-2023-38162

DHCP Server Service Denial of Service Vulnerability

7.5CVSS7.5AI score0.0689EPSS

CVE•added 2023/09/12 5:15 p.m.•501 views

CVE-2023-38144

Windows Common Log File System Driver Elevation of Privilege Vulnerability

7.8CVSS7.8AI score0.01242EPSS

CVE•added 2023/07/11 6:15 p.m.•496 views

CVE-2023-32049

Windows SmartScreen Security Feature Bypass Vulnerability

8.8CVSS9.3AI score0.11974EPSS

CVE•added 2023/09/12 5:15 p.m.•492 views

CVE-2023-36801

DHCP Server Service Information Disclosure Vulnerability

5.3CVSS6AI score0.00248EPSS

CVE•added 2024/11/12 6:15 p.m.•492 views

CVE-2024-38203

Windows Package Library Manager Information Disclosure Vulnerability

6.2CVSS5.8AI score0.00125EPSS

CVE•added 2023/07/11 6:15 p.m.•481 views

CVE-2023-32046

Windows MSHTML Platform Elevation of Privilege Vulnerability

7.8CVSS8.7AI score0.797EPSS

CVE•added 2022/06/14 10:15 p.m.•471 views

CVE-2022-32230

Microsoft Windows SMBv3 suffers from a null pointer dereference in versions of Windows prior to the April, 2022 patch set. By sending a malformed FileNormalizedNameInformation SMBv3 request over a named pipe, an attacker can cause a Blue Screen of Death (BSOD) crash of the Windows kernel. For most ...

7.8CVSS7.5AI score0.04085EPSS

CVE•added 2023/09/12 5:15 p.m.•470 views

CVE-2023-38161

Windows GDI Elevation of Privilege Vulnerability

7.8CVSS7.8AI score0.00071EPSS

CVE•added 2022/11/09 10:15 p.m.•462 views

CVE-2022-37967

Windows Kerberos Elevation of Privilege Vulnerability

7.2CVSS7.9AI score0.02202EPSS

CVE•added 2023/09/12 5:15 p.m.•460 views

CVE-2023-38149

Windows TCP/IP Denial of Service Vulnerability

7.5CVSS7.9AI score0.05411EPSS

CVE•added 2023/11/14 6:15 p.m.•459 views

CVE-2023-36025

Windows SmartScreen Security Feature Bypass Vulnerability

8.8CVSS9.5AI score0.90662EPSS

CVE•added 2023/04/11 9:15 p.m.•457 views

CVE-2023-28229

Windows CNG Key Isolation Service Elevation of Privilege Vulnerability

7CVSS7AI score0.07065EPSS

CVE•added 2024/07/09 5:15 p.m.•456 views

CVE-2024-38077

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

9.8CVSS9.6AI score0.8355EPSS

CVE•added 2023/11/14 6:15 p.m.•453 views

CVE-2023-36033

Windows DWM Core Library Elevation of Privilege Vulnerability

7.8CVSS8.6AI score0.00197EPSS

CVE•added 2023/09/12 5:15 p.m.•453 views

CVE-2023-36804

Windows GDI Elevation of Privilege Vulnerability

7.8CVSS7.7AI score0.00071EPSS

CVE•added 2024/08/08 2:15 a.m.•453 views

CVE-2024-38202

SummaryMicrosoft was notified that an elevation of privilege vulnerability exists in Windows Update, potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS). However, an attack...

7.3CVSS8.2AI score0.03533EPSS

CVE•added 2023/09/12 5:15 p.m.•449 views

CVE-2023-38143

Windows Common Log File System Driver Elevation of Privilege Vulnerability

7.8CVSS7.8AI score0.01242EPSS

CVE•added 2023/09/12 5:15 p.m.•446 views

CVE-2023-38141

Windows Kernel Elevation of Privilege Vulnerability

7.8CVSS7.8AI score0.00315EPSS

CVE•added 2020/01/14 11:15 p.m.•443 views

CVE-2020-0609

A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'. This CVE ...

10CVSS9.7AI score0.87813EPSS

CVE•added 2023/09/12 5:15 p.m.•443 views

CVE-2023-38152

DHCP Server Service Information Disclosure Vulnerability

5.3CVSS6AI score0.0239EPSS

CVE•added 2023/09/15 4:15 a.m.•441 views

CVE-2023-38039

When curl retrieves an HTTP response, it stores the incoming headers so thatthey can be accessed later via the libcurl headers API. However, curl did not have a limit in how many or how large headers it wouldaccept in a response, allowing a malicious server to stream an endless seriesof headers and...

7.5CVSS7.5AI score0.14467EPSS

CVE•added 2023/09/12 5:15 p.m.•441 views

CVE-2023-38140

Windows Kernel Information Disclosure Vulnerability

5.5CVSS6.5AI score0.00361EPSS

CVE•added 2023/10/10 6:15 p.m.•439 views

CVE-2023-35349

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

9.8CVSS9.6AI score0.01159EPSS

CVE•added 2023/09/12 5:15 p.m.•439 views

CVE-2023-38139

Windows Kernel Elevation of Privilege Vulnerability

7.8CVSS7.8AI score0.00584EPSS

CVE•added 2019/08/14 9:15 p.m.•438 views

CVE-2019-1181

A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. A...

10CVSS9.7AI score0.73187EPSS

CVE•added 2024/12/12 2:4 a.m.•434 views

CVE-2024-49138

Windows Common Log File System Driver Elevation of Privilege Vulnerability

7.8CVSS7.5AI score0.8442EPSS

CVE•added 2023/11/14 6:15 p.m.•431 views

CVE-2023-36036

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

7.8CVSS8.7AI score0.01128EPSS

CVE•added 2024/09/10 5:15 p.m.•428 views

CVE-2024-38014

Windows Installer Elevation of Privilege Vulnerability