CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Microsoft » Windows Server 2019 : Security Vulnerabilities (CVSS score between 3 and 3.99)

CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-28326 DoS 2021-04-13 2021-06-04
3.6
 None Local Low Not required None Partial Partial
Windows AppX Deployment Server Denial of Service Vulnerability
2 CVE-2021-26886 DoS 2021-03-11 2021-03-23
3.6
 None Local Low Not required None Partial Partial
User Profile Service Denial of Service Vulnerability
3 CVE-2021-26866 269 2021-03-11 2021-03-22
3.6
 None Local Low Not required None Partial Partial
Windows Update Service Elevation of Privilege Vulnerability
4 CVE-2021-1708 2021-01-12 2021-01-20
3.5
 None Remote Medium ??? Partial None None
Windows GDI+ Information Disclosure Vulnerability
5 CVE-2020-1405 269 2020-07-14 2020-07-23
3.6
 None Local Low Not required None Partial Partial
An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions, aka 'Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1372.
6 CVE-2020-1364 20 DoS 2020-07-14 2020-07-17
3.6
 None Local Low Not required None Partial Partial
A denial of service vulnerability exists in the way that the WalletService handles files, aka 'Windows WalletService Denial of Service Vulnerability'.
7 CVE-2020-1333 269 2020-07-14 2020-07-20
3.7
 None Local High Not required Partial Partial Partial
An elevation of privilege vulnerability exists when Group Policy Services Policy Processing improperly handle reparse points, aka 'Group Policy Services Policy Processing Elevation of Privilege Vulnerability'.
8 CVE-2020-1204 269 2020-06-09 2020-06-15
3.6
 None Local Low Not required None Partial Partial
An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions, aka 'Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability'.
9 CVE-2020-0942 269 2020-04-15 2020-04-22
3.6
 None Local Low Not required None Partial Partial
An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0944, CVE-2020-1029.
10 CVE-2020-0936 269 2020-04-15 2020-04-21
3.6
 None Local Low Not required None Partial Partial
An elevation of privilege vulnerability exists when a Windows scheduled task improperly handles file redirections, aka 'Windows Scheduled Task Elevation of Privilege Vulnerability'.
11 CVE-2020-0854 269 2020-03-12 2020-03-17
3.6
 None Local Low Not required None Partial Partial
An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions, aka 'Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability'.
12 CVE-2020-0785 269 2020-03-12 2020-03-18
3.6
 None Local Low Not required None Partial Partial
An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'.
13 CVE-2020-0730 59 2020-02-11 2020-02-14
3.6
 None Local Low Not required None Partial Partial
An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'.
14 CVE-2019-1454 269 2020-01-24 2020-01-27
3.6
 None Local Low Not required None Partial Partial
An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'.
15 CVE-2019-1289 863 2019-09-11 2020-08-24
3.6
 None Local Low Not required None Partial Partial
An elevation of privilege vulnerability exists when the Windows Update Delivery Optimization does not properly enforce file share permissions, aka 'Windows Update Delivery Optimization Elevation of Privilege Vulnerability'.
16 CVE-2019-1273 79 XSS 2019-09-11 2019-09-12
3.5
 None Remote Medium ??? None Partial None
A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize certain error messages, aka 'Active Directory Federation Services XSS Vulnerability'.
17 CVE-2019-1270 269 2019-09-11 2019-09-12
3.6
 None Local Low Not required None Partial Partial
An elevation of privilege vulnerability exists in Windows store installer where WindowsApps directory is vulnerable to symbolic link attack, aka 'Microsoft Windows Store Installer Elevation of Privilege Vulnerability'.
18 CVE-2019-0986 59 2019-06-12 2020-08-24
3.6
 None Local Low Not required None Partial Partial
An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'.
19 CVE-2018-8547 79 XSS 2018-11-14 2018-12-14
3.5
 None Remote Medium ??? None Partial None
A cross-site-scripting (XSS) vulnerability exists when an open source customization for Microsoft Active Directory Federation Services (AD FS) does not properly sanitize a specially crafted web request to an affected AD FS server, aka "Active Directory Federation Services XSS Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.
Total number of vulnerabilities : 19   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.