Vulnerabilities > Microsoft > Windows Server 2019 > Low

DATE CVE VULNERABILITY TITLE RISK
2019-10-10 CVE-2019-1337 Information Exposure vulnerability in Microsoft products
An information disclosure vulnerability exists when Windows Update Client fails to properly handle objects in memory, aka 'Windows Update Client Information Disclosure Vulnerability'.
local
low complexity
microsoft CWE-200
2.1
2019-10-10 CVE-2019-1344 Out-of-bounds Read vulnerability in Microsoft products
An information disclosure vulnerability exists in the way that the Windows Code Integrity Module handles objects in memory, aka 'Windows Code Integrity Module Information Disclosure Vulnerability'.
local
low complexity
microsoft CWE-125
2.1
2019-10-10 CVE-2019-1345 Out-of-bounds Read vulnerability in Microsoft products
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'.
local
low complexity
microsoft CWE-125
2.1
2019-10-10 CVE-2019-1368 Unspecified vulnerability in Microsoft products
A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality, aka 'Windows Secure Boot Security Feature Bypass Vulnerability'.
local
low complexity
microsoft
2.1
2019-09-11 CVE-2019-1142 Path Traversal vulnerability in Microsoft .Net Framework
An elevation of privilege vulnerability exists when the .NET Framework common language runtime (CLR) allows file creation in arbitrary locations, aka '.NET Framework Elevation of Privilege Vulnerability'.
local
low complexity
microsoft CWE-22
2.1
2019-09-11 CVE-2019-1219 Information Exposure vulnerability in Microsoft products
An information disclosure vulnerability exists when the Windows Transaction Manager improperly handles objects in memory, aka 'Windows Transaction Manager Information Disclosure Vulnerability'.
local
low complexity
microsoft CWE-200
2.1
2019-09-11 CVE-2019-1251 Information Exposure vulnerability in Microsoft products
An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'.
local
low complexity
microsoft CWE-200
2.1
2019-09-11 CVE-2019-1254 Use of Uninitialized Resource vulnerability in Microsoft products
An information disclosure vulnerability exists when Windows Hyper-V writes uninitialized memory to disk, aka 'Windows Hyper-V Information Disclosure Vulnerability'.
local
low complexity
microsoft CWE-908
2.1
2019-09-11 CVE-2019-1270 Improper Privilege Management vulnerability in Microsoft products
An elevation of privilege vulnerability exists in Windows store installer where WindowsApps directory is vulnerable to symbolic link attack, aka 'Microsoft Windows Store Installer Elevation of Privilege Vulnerability'.
local
low complexity
microsoft CWE-269
3.6
2019-09-11 CVE-2019-1273 Cross-site Scripting vulnerability in Microsoft products
A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize certain error messages, aka 'Active Directory Federation Services XSS Vulnerability'.
network
microsoft CWE-79
3.5