Lucene search
+L
MicrosoftWindows Server 2019*

1844 matches found

CVE
CVE
added 2024/09/10 4:53 p.m.282 views

CVE-2024-38217

CVE-2024-38217 is a security feature bypass in Microsoft Windows Mark of the Web (MOTW). The vulnerability allows bypassing MOTW protections when opening booby-trapped Office files, as discussed in multiple sources. Exploitation details are not fully disclosed in the provided documents, but the C...

5.4CVSS7.3AI score0.09756EPSS
In wild
CVE
CVE
added 2024/03/12 4:58 p.m.278 views

CVE-2024-21437

CVE-2024-21437 is a Windows Graphics Component elevation-of-privilege vulnerability (local access, low attack complexity) affecting Windows OS. Public references corroborate it as a Windows Graphics Component issue discussed among Patch Tuesday updates, highlighting it among elevated-risk vulnera...

7.8CVSS8.1AI score0.08031EPSS
CVE
CVE
added 2024/09/10 4:54 p.m.278 views

CVE-2024-30073

CVE-2024-30073 is a Windows Security Zone Mapping security feature bypass vulnerability. The public records show a CVSS v3.1 base score of 7.8 (High) with Local attack vector, low attack complexity, no privileges required, but user interaction required, and impact to confidentiality, integrity, a...

7.8CVSS8.6AI score0.00899EPSS
CVE
CVE
added 2023/11/14 5:57 p.m.277 views

CVE-2023-36424

CVE-2023-36424 is documented as a Windows kernel-level out-of-bounds read vulnerability in the Common Log File System Driver (clfs.sys) that enables privilege escalation. Connected sources describe a pool overflow/record-validation flaw in clfs.sys (Windows Kernel pool management) exploited via c...

7.8CVSS8.6AI score0.12184EPSS
In wild
CVE
CVE
added 2025/02/11 5:58 p.m.277 views

CVE-2025-21181

Technical details (affected products/versions, root cause, exploitability, fixes) for CVE-2025-21181 are not provided in the supplied documents. Please monitor official advisories for concrete technical information.

7.5CVSS7.8AI score0.03357EPSS
CVE
CVE
added 2024/03/12 4:58 p.m.275 views

CVE-2024-21427

CVE-2024-21427 is a Windows Kerberos Security Feature Bypass vulnerability. The CVSSv3.1 base score is 7.5 (High): Vector AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating network exploitation with high impact to confidentiality, integrity, and availability. The attack vector is network, requiring ...

7.5CVSS7.7AI score0.01534EPSS
CVE
CVE
added 2024/04/09 5:1 p.m.274 views

CVE-2024-29056

CVE-2024-29056 is a Windows authentication elevation-of-privilege issue. Public data shows a CVSSv3.1 base score of 4.3 (Medium) with a network attack vector, low attack complexity, and requiring low privileges with no user interaction. The vulnerability’s impact is listed as obtaining increased ...

4.3CVSS6.3AI score0.01014EPSS
CVE
CVE
added 2025/03/11 4:59 p.m.271 views

CVE-2025-24984

CVE-2025-24984 is an NTFS information-disclosure vulnerability in Windows NTFS caused by insertion of sensitive data into a log file, potentially leaking heap memory when a physical medium is mounted or accessed. CVSS v3.1 vector: AV=Physical/AC=L/PR=None/UI=None/S=Unchanged/C=High/I=None/A=None;...

4.6CVSS6.1AI score0.01831EPSS
In wild
CVE
CVE
added 2024/10/08 5:35 p.m.269 views

CVE-2024-20659

CVE-2024-20659 is a Windows Hyper-V security feature bypass vulnerability. The connected records place this CVE under Windows Hyper-V with an impact described as “Circumvention of security measure” and a base assessment around High severity, indicating an attacker could bypass security features i...

7.1CVSS7.7AI score0.00915EPSS
CVE
CVE
added 2024/06/11 4:59 p.m.269 views

CVE-2024-30085

CVE-2024-30085 affects Windows Cloud Files Mini Filter Driver (cldflt.sys). The root cause is a heap-based buffer overflow (CWE-122) enabling Elevation of Privilege to SYSTEM. Public PoCs/exploit code and a private TyphoonPWN 2024 exploit chain have been reported, with exploitation demonstrations...

7.8CVSS8.6AI score0.15127EPSS
CVE
CVE
added 2024/02/13 6:2 p.m.268 views

CVE-2024-21372

Technical details for CVE-2024-21372 are not publicly available in the provided documents. The connected items only reference the CVE among broader Windows vulnerability listings; no affected product/version, root cause, impact, or fixes are stated.

8.8CVSS9AI score0.01806EPSS
CVE
CVE
added 2024/03/12 4:58 p.m.268 views

CVE-2024-26166

Technical details about CVE-2024-26166 (affected software, root cause, impact, or fixes) are not provided in the connected documents. Please monitor for official advisories from Microsoft and CVE records for updates.

8.8CVSS8.8AI score0.02043EPSS
CVE
CVE
added 2024/08/13 5:30 p.m.268 views

CVE-2024-38107

CVE-2024-38107 is a Windows Privilege Escalation vulnerability in the Power Dependency Coordinator. Affected component: Windows Power Dependency Coordinator. Impact: local attacker with low privileges can obtain SYSTEM privileges (vector: local, no user interaction). Root cause details are not pr...

7.8CVSS7.7AI score0.01635EPSS
In wild
CVE
CVE
added 2024/08/13 5:30 p.m.268 views

CVE-2024-38118

Technical details (affected component, root cause, exploit info, patch status) for CVE-2024-38118 are not provided in the connected documents. The initial description notes LSA server information disclosure but lacks concrete specifics; monitor for updates.

5.5CVSS5.2AI score0.00629EPSS
CVE
CVE
added 2024/03/12 4:58 p.m.267 views

CVE-2024-21433

Technical details for CVE-2024-21433 are not publicly available in the provided documents. No affected products, root cause, or remediation are specified here. Monitor for updates.

7CVSS8AI score0.05138EPSS
CVE
CVE
added 2025/03/11 4:59 p.m.266 views

CVE-2025-24991

CVE-2025-24991 is an NTFS out-of-bounds read vulnerability in Windows that can disclose local information after mounting a malicious VHD. Exploitation requires local access and user interaction (per CVSS) or mounting a crafted disk image (per patch-cycle reporting). Microsoft has issued updates; ...

5.5CVSS6.5AI score0.01852EPSS
In wild
CVE
CVE
added 2024/03/12 4:58 p.m.265 views

CVE-2024-26162

CVE-2024-26162 corresponds to a remote code execution vulnerability in the Microsoft ODBC Driver. The CVSS 3.1 base metrics indicate: Network attack vector, low attack complexity, no privileges required, user interaction is required, and there is a High impact to confidentiality, integrity, and a...

8.8CVSS8.9AI score0.02024EPSS
CVE
CVE
added 2025/05/13 4:58 p.m.265 views

CVE-2025-30400

CVE-2025-30400 is a Windows DWM Core Library use-after-free vulnerability that enables local privilege escalation. Affected: Windows DWM Core Library components; exploit could grant SYSTEM-level privileges. CVSS v3.1 indicates high risk (local, user interaction none, privileges required low, conf...

7.8CVSS7.5AI score0.01763EPSS
In wild
CVE
CVE
added 2024/12/10 5:49 p.m.264 views

CVE-2024-49113

CVE-2024-49113 is a Windows LDAP Denial-of-Service vulnerability affecting the LDAP client. Public PoCs exist (e.g., LDAPNightmare) and show proof-of-concept testing integrated with Metasploit and other repositories; multiple exploit/checker projects also reference testing for this CVE. The descr...

7.5CVSS7.5AI score0.82992EPSS
CVE
CVE
added 2025/05/13 4:59 p.m.263 views

CVE-2025-30397

CVE-2025-30397 is a memory-corruption/Use-After-Free style vulnerability in the Microsoft Scripting Engine (jscript.dll) that enables remote code execution via specially crafted web content. The CVE’s affected component is the JScript/Windows Scripting Engine, with an attack vector over the netwo...

7.5CVSS7.5AI score0.21228EPSS
In wild
CVE
CVE
added 2024/02/13 6:2 p.m.262 views

CVE-2024-21370

Public technical details for CVE-2024-21370 are not provided in the connected documents; the OpenVAS entries enumerate the CVE across multiple Microsoft KBs without product/version specifics. Monitor for updates.

8.8CVSS9.2AI score0.01768EPSS
CVE
CVE
added 2024/02/13 6:2 p.m.262 views

CVE-2024-21420

Technical details about CVE-2024-21420 are not publicly provided in the supplied documents. The connected sources reference the CVE ID and Microsoft patches but do not disclose affected product specifics, root cause, impact, or remediation beyond generic update context. Monitor for updates.

8.8CVSS9.2AI score0.0173EPSS
CVE
CVE
added 2024/04/09 5:0 p.m.262 views

CVE-2024-26234

CVE-2024-26234 is a locally exploitable proxy driver spoofing vulnerability in Windows. The issue is tied to the Windows Proxy Driver, with exploitation requiring high privileges and no user interaction, leading to potential confidentiality, integrity, and availability impacts as indicated by the...

6.7CVSS7.4AI score0.04853EPSS
CVE
CVE
added 2024/02/13 6:2 p.m.261 views

CVE-2024-21350

CVE-2024-21350 corresponds to a Remote Code Execution vulnerability in the Microsoft WDAC OLE DB provider for SQL Server. The entry lists a CVSS v3.1 base score of 8.8 (HIGH), with attack vector NETWORK, privileges required NONE, user interaction REQUIRED, and both confidentiality, integrity, and...

8.8CVSS9.2AI score0.01484EPSS
CVE
CVE
added 2024/02/13 6:2 p.m.260 views

CVE-2024-21358

Technical details about CVE-2024-21358 (Microsoft WDAC OLE DB provider for SQL Server remote code execution) are not provided in the supplied documents. Monitor for official updates from Microsoft and trusted security advisories for affected products, mitigations, and fixes.

8.8CVSS9.2AI score0.01768EPSS
CVE
CVE
added 2021/12/15 2:15 p.m.259 views

CVE-2021-43226

CVE-2021-43226 pertains to the Windows Common Log File System (CLFS) Driver. The available documents identify a local privilege-escalation vulnerability in CLFS that could allow a privileged attacker on a Windows host to gain higher privileges. The CVE is listed in the KEV catalog as a Microsoft ...

7.8CVSS8.6AI score0.03072EPSS
In wild
CVE
CVE
added 2023/06/13 11:26 p.m.259 views

CVE-2023-29363

CVE-2023-29363 is a Windows Pragmatic General Multicast (PGM) Remote Code Execution vulnerability. The issue affects Windows message queuing in PGM server scenarios, where a remote, unauthenticated attacker could send a crafted file over the network to achieve code execution if the message-queuin...

9.8CVSS9.7AI score0.01959EPSS
CVE
CVE
added 2024/03/12 4:58 p.m.258 views

CVE-2024-26174

CVE-2024-26174 is a Windows Kernel Information Disclosure Vulnerability. The connected sources specify the issue as an out-of-bounds read of key node security in CmpValidateHiveSecurityDescriptors when loading corrupted registry hives, enabling potential leakage of kernel/registry data. Affected ...

5.5CVSS6.6AI score0.00928EPSS
CVE
CVE
added 2024/02/13 6:2 p.m.256 views

CVE-2024-21352

Technical details for CVE-2024-21352 are not publicly available in the provided documents; monitor for updates.

8.8CVSS9.2AI score0.01628EPSS
CVE
CVE
added 2024/02/13 6:2 p.m.256 views

CVE-2024-21369

Technical details for CVE-2024-21369 are not publicly provided in the supplied documents. Monitor for updates from Microsoft and vulnerability feeds.

8.8CVSS9.2AI score0.01549EPSS
CVE
CVE
added 2024/02/13 6:2 p.m.255 views

CVE-2024-21359

Technical details for CVE-2024-21359 are not provided in the connected documents. The available data only references a WDAC OLE DB provider RCE vulnerability. Monitor for official advisories to learn affected products, impact, and remediation.

8.8CVSS9.2AI score0.01644EPSS
CVE
CVE
added 2024/02/13 6:2 p.m.255 views

CVE-2024-21375

Technical details for CVE-2024-21375 are not publicly available in the provided documents. Monitor for updates as more information may be published.

8.8CVSS9.2AI score0.01652EPSS
CVE
CVE
added 2024/02/13 6:2 p.m.254 views

CVE-2024-21349

Technical details for CVE-2024-21349 (Microsoft ActiveX Data Objects remote code execution) are not provided in the connected documents; no affected versions, root cause, impact, or remediation are cited. Monitor for updates.

8.8CVSS8.9AI score0.01644EPSS
CVE
CVE
added 2024/02/13 6:2 p.m.254 views

CVE-2024-21361

Technical details for CVE-2024-21361 are not publicly provided in the supplied documents; monitor for updates.

8.8CVSS9.2AI score0.01644EPSS
CVE
CVE
added 2024/02/13 6:2 p.m.253 views

CVE-2024-21344

CVE-2024-21344 is described as a Windows NAT Denial of Service vulnerability with CVSS v3.1 base score 5.9 (Network attack, High attack complexity, No privileges, No user interaction, Availability impact). The available connected documents do not specify affected products/versions, root cause det...

5.9CVSS6.2AI score0.01691EPSS
CVE
CVE
added 2024/03/12 4:57 p.m.253 views

CVE-2024-21430

CVE-2024-21430 is a Windows vulnerability described as a Remote Code Execution via the Windows USB Attached SCSI (UAS) protocol. The UAS handling issue is the stated root cause, with impact described as high confidentiality, integrity, and availability (per NVD metrics: CVSS 3.1 base score 6.4; a...

6.4CVSS6.5AI score0.00705EPSS
CVE
CVE
added 2024/03/12 4:58 p.m.253 views

CVE-2024-26173

Technical details about CVE-2024-26173 are not provided in the connected documents. The materials discuss Windows registry and kernel context at a high level without concrete affected components, root cause, impact specifics, or patches. Monitor updates for official disclosures.

7.8CVSS8.1AI score0.00901EPSS
CVE
CVE
added 2024/02/13 6:2 p.m.252 views

CVE-2024-21365

CVE-2024-21365 affects the Microsoft WDAC OLE DB provider for SQL Server and is a Remote Code Execution vulnerability. It has a CVSS v3.1 base score of 8.8 (High) with Network attack vector, Low attack complexity, No privileges required, and User interaction required; impacts Confidentiality, Int...

8.8CVSS9.2AI score0.01768EPSS
CVE
CVE
added 2024/02/13 6:2 p.m.251 views

CVE-2024-21405

CVE-2024-21405 is a Microsoft Message Queuing (MSMQ) elevation of privilege vulnerability listed among February 2024 Windows security updates (KB5034830/KB5034819/etc.). Affected component: MSMQ on Windows. Root cause and exact exploit mechanism are not detailed in the provided documents beyond t...

7CVSS7.2AI score0.00384EPSS
CVE
CVE
added 2025/01/14 6:3 p.m.251 views

CVE-2025-21413

CVE-2025-21413 is a Windows Telephony Service remote code execution vulnerability. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) indicates network access, no privileges, user interaction required, with high impact to confidentiality, integrity, and availability. Connected sources conf...

8.8CVSS9AI score0.01086EPSS
CVE
CVE
added 2024/01/09 5:56 p.m.250 views

CVE-2024-20696

CVE-2024-20696 affects Windows: a Remote Code Execution vulnerability in the libarchive component. The root cause is a heap-based buffer overflow in libarchive handling Windows inputs, enabling a local attacker with low privileges and user interaction to potentially execute code. The referenced m...

7.3CVSS7.5AI score0.03154EPSS
CVE
CVE
added 2024/02/13 6:2 p.m.250 views

CVE-2024-21391

CVE-2024-21391 affects Microsoft WDAC OLE DB provider for SQL Server and is described as a Remote Code Execution vulnerability. The initial document provides a CVSS 3.1 base score of 8.8 (HIGH) with NETWORK attack vector, LOW attack complexity, and user interaction required. No specific remediati...

8.8CVSS9.2AI score0.01628EPSS
CVE
CVE
added 2024/03/12 4:57 p.m.249 views

CVE-2024-21446

CVE-2024-21446 is an NTFS Elevation of Privilege vulnerability. The NVD entry indicates a local, low-attack-complexity flaw in NTFS that yields a high impact on confidentiality, integrity, and availability (C:H, I:H, A:H) with a base score of 7.8 (Microsoft-reported). Exploitation is listed as lo...

7.8CVSS8.1AI score0.00663EPSS
CVE
CVE
added 2024/03/12 4:57 p.m.249 views

CVE-2024-21450

CVE-2024-21450 concerns the Microsoft WDAC OLE DB provider for SQL Server and is a remote code execution vulnerability. The CVSS 3.1 base score is 8.8 (HIGH) with NETWORK attack vector, LOW attack complexity, and requires user interaction. The impact is rated as high for confidentiality, integrit...

8.8CVSS9.2AI score0.02026EPSS
CVE
CVE
added 2024/02/13 6:2 p.m.248 views

CVE-2024-21347

Technical details for CVE-2024-21347 are not provided in the connected documents. Monitor for updates and published fixes or advisories once available.

7.5CVSS7.9AI score0.01372EPSS
CVE
CVE
added 2024/02/13 6:2 p.m.248 views

CVE-2024-21367

Technical details for CVE-2024-21367 are not provided in the connected documents. Public information about affected components, root cause, or fixes is not included here. Monitor for updates from the vendor/Microsoft and add any official advisories when available.

8.8CVSS9.2AI score0.01658EPSS
CVE
CVE
added 2024/03/12 4:57 p.m.248 views

CVE-2024-21441

CVE-2024-21441 affects the Microsoft WDAC OLE DB provider for SQL Server and is a Remote Code Execution vulnerability. The NVD entry rates it High (CVSS 3.1: 8.8) with NETWORK vector, LOW attack complexity, NONE privileges, and user interaction required; impacts on confidentiality, integrity, and...

8.8CVSS9.2AI score0.01947EPSS
CVE
CVE
added 2024/02/13 6:2 p.m.247 views

CVE-2024-21406

Technical details about CVE-2024-21406 are not publicly provided in the supplied documents. No affected product/version/impact specifics are given beyond the generic description. Monitor for updates from official advisories.

7.5CVSS7.7AI score0.00856EPSS
CVE
CVE
added 2024/03/12 4:57 p.m.247 views

CVE-2024-26197

Technical details about CVE-2024-26197 are not publicly provided in the connected documents. Monitor for updates from official sources for affected products, versions, impact, and fixes.

6.5CVSS7.3AI score0.02859EPSS
CVE
CVE
added 2024/04/09 5:0 p.m.247 views

CVE-2024-29050

CVE-2024-29050 is confirmed to affect Windows Cryptographic Services and is categorized as a Remote Code Execution (RCE) vulnerability. The connected documents identify the component and vulnerability name but do not provide explicit root-cause specifics, affected product versions, or remediation...

8.4CVSS8.8AI score0.0125EPSS
Total number of security vulnerabilities1844