Lucene search
K

513 matches found

EUVD
EUVD
added 2026/07/02 8:42 a.m.8 views

EUVD-2026-41271

A vulnerability was discovered on StormShield Network Security 4.3.0 to 4.3.41 included, 4.8.0 to 4.8.15 included , 5.0.0 to 5.0.5 included There is a possible leak of secret information if administration commands have been passed with the CLI command line tool. Someone with SSH access to the...

4.3CVSS5.8AI score0.00212EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 4:29 p.m.7 views

CVE-2026-53038

The CVE-2026-53038 issue affects the Linux kernel’s ima_fs logic, where allocated TPM crypto_id can be HASH_ALGO__LAST for unsupported TPM algorithms, leading to reads of hash_algo_name[] out of bounds. The provided documents confirm that TPM algorithms like SHA3-256 (0x0027) may be unsupported, ...

5.7AI score0.00168EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: tpm: st33zp24: Fixed an issue where missing cleanup was performed after a getburstcount call failed. getburstcount may return -EBUSY when it times out. In such cases, st33zp24send returns directly without releasing the locality...

5.5CVSS5.7AI score0.00163EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: tpm: Limit the number of PCR banks The function tpm2getpcrallocation does not impose any upper limit on the number of banks. The limit is set to eight banks, so values that exceed this limit from external I/O cause only limite...

5.5CVSS6AI score0.00123EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/24 1:39 a.m.11 views

keylime: Keylime: Security bypass due to hardcoded TPM quote nonce

A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit a vulnerability in the Keylime verifier. The verifier uses a hardcoded challenge nonce for Trusted Platform Module TPM quote attestation instead of a...

6.3CVSS5.8AI score0.00121EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/24 1:39 a.m.7 views

Moderate: Red Hat Security Advisory: keylime security update

An update for keylime is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

6.3CVSS6AI score0.00121EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-51932

Name of the Vulnerable Software and Affected Versions Linux kernel version 6.12.40 Description A global out-of-bounds read occurs in the create securityfs measurement lists function when the system uses a TPM chip with an unsupported hash algorithm. The issue arises because ima tpm chip-allocated...

6.1AI score0.00168EPSS
Exploits0References13
EUVD
EUVD
added 2026/06/12 10:0 a.m.10 views

EUVD-2026-36411

A Missing Required Cryptographic Step vulnerability has been identified in Moxa's embedded Linux firmware for industrial computers and controllers. This vulnerability represents an incomplete remediation of CVE-2026-0714. The firmware introduced TPM2 parameter encryption as a countermeasure again...

7CVSS5.1AI score0.00115EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 10:0 a.m.22 views

CVE-2026-9266

CVE-2026-9266 affects Moxa’s embedded Linux firmware for industrial computers and controllers. The issue is a Missing Required Cryptographic Step, an incomplete remediation of CVE-2026-0714, where TPM2 parameter encryption is undermined by an omission in the authorization session configuration. A...

7CVSS5.2AI score0.0007EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 10:0 a.m.8 views

CVE-2026-9266

A Missing Required Cryptographic Step vulnerability has been identified in Moxa's embedded Linux firmware for industrial computers and controllers. This vulnerability represents an incomplete remediation of CVE-2026-0714. The firmware introduced TPM2 parameter encryption as a countermeasure again...

7CVSS5.2AI score0.0007EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.13 views

PT-2026-48857

A Missing Required Cryptographic Step vulnerability has been identified in Moxa's embedded Linux firmware for industrial computers and controllers. This vulnerability represents an incomplete remediation of CVE-2026-0714. The firmware introduced TPM2 parameter encryption as a countermeasure again...

7CVSS5.2AI score0.0007EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/08 7:54 p.m.11 views

CVE-2026-46283

A flaw was found in the Linux kernel's Trusted Platform Module TPM driver. This vulnerability arises from the driver's failure to securely clear sensitive cryptographic material, such as session keys and passphrases, from memory when a TPM device is released. A local attacker could potentially...

5.5CVSS5.4AI score0.00122EPSS
Exploits0References4
OSV
OSV
added 2026/06/08 5:16 p.m.10 views

UBUNTU-CVE-2026-46283

In the Linux kernel, the following vulnerability has been resolved: tpm: Use kfreesensitive to free auth session in tpmdevrelease tpmdevrelease uses plain kfree to free chip-auth, which contains sensitive cryptographic material including HMAC session keys, nonces, and passphrase data struct...

5.5CVSS5.4AI score0.00122EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/06/08 3:41 p.m.45 views

CVE-2026-46283 tpm: Use kfree_sensitive() to free auth session in tpm_dev_release()

In the Linux kernel, the following vulnerability has been resolved: tpm: Use kfreesensitive to free auth session in tpmdevrelease tpmdevrelease uses plain kfree to free chip-auth, which contains sensitive cryptographic material including HMAC session keys, nonces, and passphrase data struct...

0.00122EPSS
Exploits0References4
CVE
CVE
added 2026/06/08 3:41 p.m.25 views

CVE-2026-46283

In the provided sources, CVE-2026-46283 affects the Linux kernel TPM subsystem, where tpm_dev_release() frees sensitive material (chip->auth) with plain kfree() instead of kfree_sensitive(). This leaves HMAC session keys, nonces, and passphrase data potentially scrubbed only later in memory, u...

5.5CVSS5.5AI score0.00122EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/08 3:41 p.m.1 views

CVE-2026-46283 tpm: Use kfree_sensitive() to free auth session in tpm_dev_release()

In the Linux kernel, the following vulnerability has been resolved: tpm: Use kfreesensitive to free auth session in tpmdevrelease tpmdevrelease uses plain kfree to free chip-auth, which contains sensitive cryptographic material including HMAC session keys, nonces, and passphrase data struct...

5.5CVSS5.9AI score0.00122EPSS
Exploits0References7
Fedora
Fedora
added 2026/06/07 1:7 a.m.15 views

[SECURITY] Fedora 43 Update: keylime-7.14.2-1.fc43

Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution...

6.3CVSS5.5AI score0.00121EPSS
Exploits0
Fedora
Fedora
added 2026/06/07 12:57 a.m.16 views

[SECURITY] Fedora 44 Update: keylime-7.14.2-1.fc44

Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution...

6.3CVSS5.5AI score0.00121EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.13 views

CVE-2026-6923

A side-channel attack, which requires a physical presence to the TPM, can lead to extraction of an Elliptic Curve Diffie-Hellman ECDH key...

3.8CVSS5.4AI score0.00117EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/28 3:57 a.m.11 views

SUSE CVE-2026-45871

In the Linux kernel, the following vulnerability has been resolved: tpm: st33zp24: Fix missing cleanup on getburstcount error getburstcount can return -EBUSY on timeout. When this happens, st33zp24send returns directly without releasing the locality acquired earlier. Use goto outerr to ensure...

5.8AI score0.00163EPSS
Exploits0References3
Rows per page
Query Builder