Windows Server 2019 Security Vulnerabilities and Issues — Page 6 of Windows Server 2019 CVE List

Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extrem...

6.4CVSS7.6AI score0.00033EPSS

CVE•added 2023/02/28 7:15 p.m.•323 views

CVE-2023-1017

An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process o...

7.8CVSS7.7AI score0.00187EPSS

CVE•added 2022/10/11 7:15 p.m.•322 views

CVE-2022-38028

Windows Print Spooler Elevation of Privilege Vulnerability

7.8CVSS8.3AI score0.03323EPSS

In wild

CVE•added 2021/01/12 8:15 p.m.•321 views

CVE-2021-1648

Microsoft splwow64 Elevation of Privilege Vulnerability

7.8CVSS7.7AI score0.00979EPSS

In wild

CVE•added 2023/03/14 5:15 p.m.•321 views

CVE-2023-21708

Remote Procedure Call Runtime Remote Code Execution Vulnerability

9.8CVSS9.7AI score0.04719EPSS

CVE•added 2025/01/14 6:15 p.m.•321 views

CVE-2025-21189

MapUrlToZone Security Feature Bypass Vulnerability

4.3CVSS4.6AI score0.00189EPSS

CVE•added 2020/06/09 8:15 p.m.•320 views

CVE-2020-1269

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020...

7.8CVSS7.7AI score0.17136EPSS

In wild

CVE•added 2021/06/08 11:15 p.m.•320 views

CVE-2021-26414

Windows DCOM Server Security Feature Bypass

6.5CVSS6.9AI score0.14238EPSS

CVE•added 2022/09/13 7:15 p.m.•313 views

CVE-2022-34721

Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability

9.8CVSS9.7AI score0.26867EPSS

In wild

CVE•added 2022/04/15 7:15 p.m.•310 views

CVE-2022-24490

Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability

8.1CVSS6.8AI score0.15202EPSS

CVE•added 2025/02/11 6:15 p.m.•310 views

CVE-2025-21418

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

7.8CVSS8.2AI score0.04314EPSS

In wild

CVE•added 2022/08/09 8:15 p.m.•309 views

CVE-2022-30133

Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability

9.8CVSS9.6AI score0.17199EPSS

CVE•added 2023/11/14 6:15 p.m.•307 views

CVE-2023-36705

Windows Installer Elevation of Privilege Vulnerability

7.8CVSS8.6AI score0.00162EPSS

CVE•added 2021/07/14 6:15 p.m.•306 views

CVE-2021-34514

Windows Kernel Elevation of Privilege Vulnerability

7.8CVSS8.2AI score0.00403EPSS

In wild

CVE•added 2024/05/14 5:17 p.m.•305 views

CVE-2024-30040

Windows MSHTML Platform Security Feature Bypass Vulnerability

8.8CVSS6.3AI score0.51138EPSS

In wild

CVE•added 2025/06/10 5:22 p.m.•304 views

CVE-2025-33065

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

5.5CVSS5.2AI score0.00056EPSS

CVE•added 2025/06/10 5:22 p.m.•300 views

CVE-2025-33052

Use of uninitialized resource in Windows DWM Core Library allows an authorized attacker to disclose information locally.

5.5CVSS5.3AI score0.00144EPSS

CVE•added 2018/12/12 12:29 a.m.•298 views

CVE-2018-8641

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Wind...

7.8CVSS8.5AI score0.28596EPSS

In wild

CVE•added 2023/11/28 7:15 a.m.•298 views

CVE-2023-24023

Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS.

6.8CVSS6.8AI score0.00176EPSS

CVE•added 2022/07/12 11:15 p.m.•297 views

CVE-2022-22049

Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability

7.8CVSS8.2AI score0.00235EPSS

In wild

CVE•added 2023/05/09 6:15 p.m.•297 views

CVE-2023-24943

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

9.8CVSS9.6AI score0.01302EPSS

CVE•added 2025/03/11 5:16 p.m.•296 views

CVE-2025-24054

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.

6.5CVSS6.5AI score0.28518EPSS

In wild

CVE•added 2020/07/29 6:15 p.m.•294 views

CVE-2020-15706

GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 ...

6.4CVSS7.7AI score0.00064EPSS

CVE•added 2024/03/12 5:15 p.m.•294 views

CVE-2024-21408

Windows Hyper-V Denial of Service Vulnerability

5.5CVSS6.8AI score0.00478EPSS

CVE•added 2020/07/29 6:15 p.m.•293 views

CVE-2020-15705

GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. Thi...

6.4CVSS7.1AI score0.00024EPSS

CVE•added 2021/07/16 9:15 p.m.•293 views

CVE-2021-34458

Windows Kernel Remote Code Execution Vulnerability

9.9CVSS9.4AI score0.01265EPSS

CVE•added 2023/11/14 6:15 p.m.•292 views

CVE-2023-36394

Windows Search Service Elevation of Privilege Vulnerability

7CVSS8.1AI score0.01054EPSS

CVE•added 2019/08/14 9:15 p.m.•288 views

CVE-2019-1182

A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. A...

10CVSS9.7AI score0.09129EPSS

In wild

CVE•added 2019/04/09 9:29 p.m.•287 views

CVE-2019-0685

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0803, CVE-2019-0859.

7.8CVSS8.2AI score0.78606EPSS

In wild

CVE•added 2022/03/09 5:15 p.m.•287 views

CVE-2022-24505

Windows ALPC Elevation of Privilege Vulnerability

7CVSS7.6AI score0.00118EPSS

CVE•added 2018/12/12 12:29 a.m.•286 views

CVE-2018-8639

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server...

8.4CVSS8.5AI score0.28596EPSS

In wild

CVE•added 2021/09/15 12:15 p.m.•284 views

CVE-2021-38633

Windows Common Log File System Driver Elevation of Privilege Vulnerability

7.8CVSS8AI score0.00426EPSS

In wild

CVE•added 2022/09/13 7:15 p.m.•282 views

CVE-2022-30170

Windows Credential Roaming Service Elevation of Privilege Vulnerability

7.3CVSS8.3AI score0.00913EPSS

In wild