Vulnerabilities > Microsoft > Windows Server 2019 > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-09-11 CVE-2019-1289 Incorrect Authorization vulnerability in Microsoft products
An elevation of privilege vulnerability exists when the Windows Update Delivery Optimization does not properly enforce file share permissions, aka 'Windows Update Delivery Optimization Elevation of Privilege Vulnerability'.
local
low complexity
microsoft CWE-863
5.5
2019-09-11 CVE-2019-1286 Information Exposure vulnerability in Microsoft products
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'.
network
low complexity
microsoft CWE-200
6.5
2019-09-11 CVE-2019-1282 Unspecified vulnerability in Microsoft products
An information disclosure exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle sandbox checks, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'.
local
low complexity
microsoft
5.5
2019-09-11 CVE-2019-1274 Improper Initialization vulnerability in Microsoft products
An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'.
local
low complexity
microsoft CWE-665
5.5
2019-09-11 CVE-2019-1273 Cross-site Scripting vulnerability in Microsoft products
A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize certain error messages, aka 'Active Directory Federation Services XSS Vulnerability'.
network
low complexity
microsoft CWE-79
5.4
2019-09-11 CVE-2019-1270 Link Following vulnerability in Microsoft products
An elevation of privilege vulnerability exists in Windows store installer where WindowsApps directory is vulnerable to symbolic link attack, aka 'Microsoft Windows Store Installer Elevation of Privilege Vulnerability'.
local
low complexity
microsoft CWE-59
5.5
2019-09-11 CVE-2019-1254 Use of Uninitialized Resource vulnerability in Microsoft products
An information disclosure vulnerability exists when Windows Hyper-V writes uninitialized memory to disk, aka 'Windows Hyper-V Information Disclosure Vulnerability'.
local
low complexity
microsoft CWE-908
5.5
2019-09-11 CVE-2019-1252 Information Exposure vulnerability in Microsoft products
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'.
network
low complexity
microsoft CWE-200
6.5
2019-09-11 CVE-2019-1251 Information Exposure vulnerability in Microsoft products
An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'.
local
low complexity
microsoft CWE-200
5.5
2019-09-11 CVE-2019-1245 Information Exposure vulnerability in Microsoft products
An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'.
network
low complexity
microsoft CWE-200
6.5