Vulnerabilities > Microsoft > Windows Server 2019 > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-02-11 CVE-2020-0676 Unspecified vulnerability in Microsoft products
An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the service handles objects in memory., aka 'Windows Key Isolation Service Information Disclosure Vulnerability'.
local
low complexity
microsoft
5.5
2020-02-11 CVE-2020-0675 Unspecified vulnerability in Microsoft products
An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the service handles objects in memory., aka 'Windows Key Isolation Service Information Disclosure Vulnerability'.
local
low complexity
microsoft
5.5
2020-02-11 CVE-2020-0661 Improper Input Validation vulnerability in Microsoft products
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'.
low complexity
microsoft CWE-20
6.8
2020-02-11 CVE-2020-0658 Unspecified vulnerability in Microsoft products
An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'.
local
low complexity
microsoft
5.5
2020-01-24 CVE-2019-1454 Improper Privilege Management vulnerability in Microsoft products
An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'.
local
low complexity
microsoft CWE-269
5.5
2020-01-14 CVE-2020-0643 Unspecified vulnerability in Microsoft products
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI+ Information Disclosure Vulnerability'.
local
low complexity
microsoft
5.5
2020-01-14 CVE-2020-0639 Unspecified vulnerability in Microsoft products
An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'.
local
low complexity
microsoft
5.5
2020-01-14 CVE-2020-0637 Unspecified vulnerability in Microsoft products
An information disclosure vulnerability exists when Remote Desktop Web Access improperly handles credential information, aka 'Remote Desktop Web Access Information Disclosure Vulnerability'.
network
low complexity
microsoft
6.5
2020-01-14 CVE-2020-0621 Insufficient Session Expiration vulnerability in Microsoft products
A security feature bypass vulnerability exists in Windows 10 when third party filters are called during a password update, aka 'Windows Security Feature Bypass Vulnerability'.
local
low complexity
microsoft CWE-613
4.4
2020-01-14 CVE-2020-0617 Improper Input Validation vulnerability in Microsoft products
A denial of service vulnerability exists when Microsoft Hyper-V Virtual PCI on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Hyper-V Denial of Service Vulnerability'.
local
low complexity
microsoft CWE-20
6.0