Microsoft Windows Server vulnerabilities

705 known vulnerabilities affecting microsoft/windows_server.

Total CVEs

705

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL27HIGH458MEDIUM216LOW4

Vulnerabilities

Page 29 of 36

CVE-2019-1252MEDIUMCVSS 6.5v2008 R2 for x64-based Systems Service Pack 1 (Core installation)v2008 R2 for Itanium-Based Systems Service Pack 1+15 more2019-09-11

CVE-2019-1252 [MEDIUM] CWE-200 CVE-2019-1252: An information disclosure vulnerability exists when the Windows GDI component improperly discloses t An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1286.

nvd

CVE-2019-1216MEDIUMCVSS 5.5v2008 R2 for x64-based Systems Service Pack 1 (Core installation)v2008 R2 for Itanium-Based Systems Service Pack 1+7 more2019-09-11

CVE-2019-1216 [MEDIUM] CWE-200 CVE-2019-1216: An information disclosure vulnerability exists when DirectX improperly handles objects in memory, ak An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Information Disclosure Vulnerability'.

nvd

CVE-2019-1274MEDIUMCVSS 5.5v2008 R2 for x64-based Systems Service Pack 1 (Core installation)v2008 R2 for Itanium-Based Systems Service Pack 1+15 more2019-09-11

CVE-2019-1274 [MEDIUM] CWE-665 CVE-2019-1274: An information disclosure vulnerability exists when the Windows kernel fails to properly initialize An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'.

nvd

CVE-2019-1282MEDIUMCVSS 5.5v2008 R2 for x64-based Systems Service Pack 1 (Core installation)v2008 R2 for Itanium-Based Systems Service Pack 1+15 more2019-09-11

CVE-2019-1282 [MEDIUM] CVE-2019-1282: An information disclosure exists in the Windows Common Log File System (CLFS) driver when it fails t An information disclosure exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle sandbox checks, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'.

nvd

CVE-2019-1219MEDIUMCVSS 5.5v2008 R2 for x64-based Systems Service Pack 1 (Core installation)v2008 R2 for Itanium-Based Systems Service Pack 1+15 more2019-09-11

CVE-2019-1219 [MEDIUM] CWE-200 CVE-2019-1219: An information disclosure vulnerability exists when the Windows Transaction Manager improperly handl An information disclosure vulnerability exists when the Windows Transaction Manager improperly handles objects in memory, aka 'Windows Transaction Manager Information Disclosure Vulnerability'.

nvd

CVE-2019-1283MEDIUMCVSS 5.5v2008 R2 for x64-based Systems Service Pack 1 (Core installation)v2008 R2 for Itanium-Based Systems Service Pack 1+1 more2019-09-11

CVE-2019-1283 [MEDIUM] CWE-200 CVE-2019-1283: An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Information Disclosure Vulnerability'.

nvd

CVE-2019-1254MEDIUMCVSS 5.5v2016v2016 (Core installation)+3 more2019-09-11

CVE-2019-1254 [MEDIUM] CWE-908 CVE-2019-1254: An information disclosure vulnerability exists when Windows Hyper-V writes uninitialized memory to d An information disclosure vulnerability exists when Windows Hyper-V writes uninitialized memory to disk, aka 'Windows Hyper-V Information Disclosure Vulnerability'.

nvd

CVE-2019-1244MEDIUMCVSS 6.5PoCvversion 1803 (Core Installation)v2019+1 more2019-09-11

CVE-2019-1244 [MEDIUM] CWE-200 CVE-2019-1244: An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1245, CVE-2019-1251.

nvd

CVE-2019-0785CRITICALCVSS 9.8v2012v2012 (Core installation)+7 more2019-07-15

CVE-2019-0785 [CRITICAL] CWE-787 CVE-2019-0785: A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends s A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server, aka 'Windows DHCP Server Remote Code Execution Vulnerability'.

nvd

CVE-2019-1090HIGHCVSS 7.8vversion 1803 (Core Installation)v2019+1 more2019-07-15

CVE-2019-1090 [HIGH] CVE-2019-1090: An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in m An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory, aka 'Windows dnsrlvr.dll Elevation of Privilege Vulnerability'.

nvd

CVE-2019-0880HIGHCVSS 7.8KEVv2012v2012 (Core installation)+7 more2019-07-15

CVE-2019-0880 [HIGH] CVE-2019-0880: A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka ' A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Elevation of Privilege Vulnerability'.

nvd

CVE-2019-0811HIGHCVSS 7.5v2012 R2v2012 R2 (Core installation)+5 more2019-07-15

CVE-2019-0811 [HIGH] CWE-19 CVE-2019-0811: A denial of service vulnerability exists in Windows DNS Server when it fails to properly handle DNS A denial of service vulnerability exists in Windows DNS Server when it fails to properly handle DNS queries, aka 'Windows DNS Server Denial of Service Vulnerability'.

nvd

CVE-2019-1117HIGHCVSS 8.8PoCvversion 1803 (Core Installation)v2019+1 more2019-07-15

CVE-2019-1117 [HIGH] CVE-2019-1117: A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.

nvd

CVE-2019-1132HIGHCVSS 7.8KEVPoCv2008 R2 for x64-based Systems Service Pack 1 (Core installation)v2008 R2 for Itanium-Based Systems Service Pack 1+6 more2019-07-15

CVE-2019-1132 [HIGH] CVE-2019-1132: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properl An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.

nvd

CVE-2019-1102HIGHCVSS 8.8v2008 R2 for x64-based Systems Service Pack 1 (Core installation)v2008 R2 for Itanium-Based Systems Service Pack 1+15 more2019-07-15

CVE-2019-1102 [HIGH] CVE-2019-1102: A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface ( A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.

nvd

CVE-2019-1067HIGHCVSS 7.8v2016v2016 (Core installation)+3 more2019-07-15

CVE-2019-1067 [HIGH] CVE-2019-1067: An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle obje An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'.

nvd

CVE-2019-1129HIGHCVSS 7.8KEVv2012v2012 (Core installation)+7 more2019-07-15

CVE-2019-1129 [HIGH] CWE-59 CVE-2019-1129: An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improp An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1130.

nvd

CVE-2019-1085HIGHCVSS 7.8v2008 R2 for x64-based Systems Service Pack 1 (Core installation)v2008 R2 for Itanium-Based Systems Service Pack 1+15 more2019-07-15

CVE-2019-1085 [HIGH] CVE-2019-1085: An elevation of privilege vulnerability exists in the way that the wlansvc.dll handles objects in me An elevation of privilege vulnerability exists in the way that the wlansvc.dll handles objects in memory, aka 'Windows WLAN Service Elevation of Privilege Vulnerability'.

nvd

CVE-2019-1037HIGHCVSS 7.0vversion 1803 (Core Installation)v2019+1 more2019-07-15

CVE-2019-1037 [HIGH] CVE-2019-1037: An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles file An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'.

nvd

CVE-2019-1006HIGHCVSS 7.5v2008 R2 for x64-based Systems Service Pack 1 (Core installation)v2008 R2 for Itanium-Based Systems Service Pack 1+15 more2019-07-15

CVE-2019-1006 [HIGH] CWE-295 CVE-2019-1006: An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'.

nvd

← Previous29 / 36Next →