10464 matches found
CVE-2025-15575 Missing Firmware Authenticity Checks in Solax Power Pocket WiFi models
The firmware update functionality does not verify the authenticity of the supplied firmware update files. This allows attackers to flash malicious firmware update files on the device. Initial analysis of the firmware update functionality does not show any cryptographic checks e.g. digital signatu...
CVE-2025-15575
The firmware update functionality does not verify the authenticity of the supplied firmware update files. This allows attackers to flash malicious firmware update files on the device. Initial analysis of the firmware update functionality does not show any cryptographic checks e.g. digital signatu...
CVE-2025-15575
The CVE-2025-15575 issue affects Solax Power Pocket WiFi. The firmware update functionality does not verify the authenticity of supplied firmware update files and lacks cryptographic checks (e.g., digital signatures). ESP32 security features such as secure boot are not used. Root cause: no authen...
PT-2026-7837
Name of the Vulnerable Software and Affected Versions Solax Power Pocket WiFi affected versions not specified Description The firmware update functionality lacks verification of the authenticity of supplied firmware update files. This allows attackers to flash malicious firmware updates onto the...
RLSA-2026:2225 Critical: keylime security update
Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution. Security Fixes: keylime: Keylime: Authentication bypass allows unauthorized administrative operations due to missing client-side TLS authentication CVE-2026-1709 For more details about the...
CVE-2025-48515
Insufficient parameter sanitization in AMD Secure Processor ASP Boot Loader could allow an attacker with access to SPIROM upgrade to overwrite the memory, potentially resulting in arbitrary code execution...
CVE-2025-29949
Insufficient input parameter sanitization in AMD Secure Processor ASP Boot Loader legacy recovery mode only could allow an attacker to write out-of-bounds to corrupt Secure DRAM potentially resulting in denial of service...
CVE-2025-48515
Insufficient parameter sanitization in AMD Secure Processor ASP Boot Loader could allow an attacker with access to SPIROM upgrade to overwrite the memory, potentially resulting in arbitrary code execution...
CVE-2025-48515
Insufficient parameter sanitization in AMD Secure Processor ASP Boot Loader could allow an attacker with access to SPIROM upgrade to overwrite the memory, potentially resulting in arbitrary code execution...
CVE-2025-48515
CVE-2025-48515 concerns the AMD Secure Processor (ASP) Boot Loader. The provided documents describe insufficient parameter sanitization that could allow an attacker with access to a SPI ROM upgrade to overwrite memory, potentially enabling arbitrary code execution. The PT-2026-7464 entry reiterat...
CVE-2025-48515
Insufficient parameter sanitization in AMD Secure Processor ASP Boot Loader could allow an attacker with access to SPIROM upgrade to overwrite the memory, potentially resulting in arbitrary code execution...
CVE-2025-29949
Insufficient input parameter sanitization in AMD Secure Processor ASP Boot Loader legacy recovery mode only could allow an attacker to write out-of-bounds to corrupt Secure DRAM potentially resulting in denial of service...
CVE-2025-29949
Insufficient input parameter sanitization in AMD Secure Processor ASP Boot Loader legacy recovery mode only could allow an attacker to write out-of-bounds to corrupt Secure DRAM potentially resulting in denial of service...
CVE-2025-29949
Insufficient input parameter sanitization in AMD Secure Processor ASP Boot Loader legacy recovery mode only could allow an attacker to write out-of-bounds to corrupt Secure DRAM potentially resulting in denial of service...
CVE-2025-29949
CVE-2025-29949 is an AMD ASP Boot Loader issue limited to legacy recovery mode. The connected documents confirm insufficient input parameter sanitization in the ASP Boot Loader, which could allow an out-of-bounds write that corrupts Secure DRAM and may cause a denial of service. Affected software...
February 10, 2026—KB5075912 (OS Builds 19045.6937 and 19044.6937)
February 10, 2026—KB5075912 OS Builds 19045.6937 and 19044.6937 Windows Secure Boot certificate expirationImportant: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. Microsoft has been updating these certificates on consumer and non-managed business...
February 10, 2026—KB5075904 (OS Build 17763.8389)
February 10, 2026—KB5075904 OS Build 17763.8389 Windows Secure Boot certificate expirationImportant: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. Microsoft has been updating these certificates on consumer and non-managed business devices for the...
February 10, 2026—KB5075970 (Monthly Rollup)
February 10, 2026—KB5075970 Monthly Rollup Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012 R2. For a successful installation, please make sure all Subset of endpoints for ESU...
February 10, 2026—Hotpatch KB5075942 (OS Build 26100.32313)
None None...
February 10, 2026—KB5075897 (OS Build 25398.2149)
February 10, 2026—KB5075897 OS Build 25398.2149 This cumulative update for Windows Server, version 23H2 KB5075897, includes the latest security fixes and improvements, along with non-security updates from last month’s optional preview release. To learn more about differences between security...