|
2025-04-08
|
CVE-2025-27473
|
Uncontrolled resource consumption in Windows HTTP.sys allows an unauthorized attacker to deny service over a network.
|
Windows_10_1507, Windows_10_1607, Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019, Windows_server_2022, Windows_server_2022_23h2, Windows_server_2025
|
N/A
|
|
|
|
2025-04-08
|
CVE-2025-27475
|
Sensitive data storage in improperly locked memory in Windows Update Stack allows an authorized attacker to elevate privileges locally.
|
Windows_11_22h2, Windows_11_23h2, Windows_11_24h2
|
N/A
|
|
|
|
2025-04-08
|
CVE-2025-27476
|
Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.
|
Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2019, Windows_server_2022_23h2, Windows_server_2025
|
N/A
|
|
|
|
2025-04-08
|
CVE-2025-27477
|
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
|
Windows_10_1507, Windows_10_1607, Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019, Windows_server_2022, Windows_server_2022_23h2, Windows_server_2025
|
N/A
|
|
|
|
2025-04-08
|
CVE-2025-27478
|
Heap-based buffer overflow in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally.
|
Windows_10_1507, Windows_10_1607, Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019, Windows_server_2022, Windows_server_2022_23h2, Windows_server_2025
|
N/A
|
|
|
|
2025-04-08
|
CVE-2025-27481
|
Stack-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
|
Windows_10_1507, Windows_10_1607, Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019, Windows_server_2022, Windows_server_2022_23h2, Windows_server_2025
|
N/A
|
|
|
|
2025-04-08
|
CVE-2025-27484
|
Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over a network.
|
Windows_10_1507, Windows_10_1607, Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019, Windows_server_2022, Windows_server_2022_23h2, Windows_server_2025
|
N/A
|
|
|
|
2025-04-08
|
CVE-2025-27727
|
Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally.
|
Windows_10_1507, Windows_10_1607, Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019, Windows_server_2022, Windows_server_2022_23h2, Windows_server_2025
|
N/A
|
|
|
|
2025-04-08
|
CVE-2025-27491
|
Use after free in Windows Hyper-V allows an authorized attacker to execute code over a network.
|
Windows_10_1507, Windows_10_1607, Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2016, Windows_server_2019, Windows_server_2022, Windows_server_2022_23h2, Windows_server_2025
|
N/A
|
|
|
|
2025-04-08
|
CVE-2025-27492
|
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Secure Channel allows an authorized attacker to elevate privileges locally.
|
Windows_11_22h2, Windows_11_23h2, Windows_11_24h2, Windows_server_2022, Windows_server_2022_23h2, Windows_server_2025
|
N/A
|
|
|