CVE-2022-22734

The Simple Quotation WordPress plugin through 1.3.2 does not have CSRF check when creating or editing a quote and does not sanitise and escape Quotes. As a result, attacker could make a logged in admin create or edit arbitrary quote, and put Cross-Site Scripting payloads in them...

RLSA-2024:9424 Low: tpm2-tools security update

The tpm2-tools packages add a set of utilities for management and utilization of Trusted Platform Module TPM 2.0 devices from user space. Security Fixes: tpm2-tools: arbitrary quote data may go undetected by tpm2checkquote CVE-2024-29038 tpm2-tools: pcr selection value is not compared with the...

tpm2-tools: arbitrary quote data may go undetected by tpm2_checkquote

A flaw was found in the tpm2-tools package. This issue occurs due to a missing check whether the magic number in attest is equal to TPM2GENERATEDVALUE, which can allow an attacker to generate arbitrary quote data that may not be detected by tpm2checkquote...

Huawei EulerOS: Security Advisory for tpm2-tss (EulerOS-SA-2024-2151)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.10.0 : tpm2-tss (EulerOS-SA-2024-2131)

According to the versions of the tpm2-tss package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the...

EulerOS Virtualization 2.10.1 : tpm2-tss (EulerOS-SA-2024-2151)

According to the versions of the tpm2-tss package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the...

Amazon Linux 2023 : tpm2-tools (ALAS2023-2024-693)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-693 advisory. tpm2-tools: arbitrary quote data may go undetected by tpm2checkquote CVE-2024-29038 tpm2-tools: pcr selection value is not compared with the attest CVE-2024-29039 Tenable has extracted the...

EulerOS 2.0 SP10 : tpm2-tss (EulerOS-SA-2024-1924)

According to the versions of the tpm2-tss package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2GENERATEDVALUE...

CVE-2024-29038

tpm2-tools is the source repository for the Trusted Platform Module TPM2.0 tools. A malicious attacker can generate arbitrary quote data which is not detected by tpm2 checkquote. This issue was patched in version 5.7...

DEBIAN-CVE-2024-29038

tpm2-tools is the source repository for the Trusted Platform Module TPM2.0 tools. A malicious attacker can generate arbitrary quote data which is not detected by tpm2 checkquote. This issue was patched in version 5.7...

CVE-2024-29038

tpm2-tools is the source repository for the Trusted Platform Module TPM2.0 tools. A malicious attacker can generate arbitrary quote data which is not detected by tpm2 checkquote. This issue was patched in version 5.7...

CVE-2024-29038 tpm2 does not detect if quote was not generated by TPM

tpm2-tools is the source repository for the Trusted Platform Module TPM2.0 tools. A malicious attacker can generate arbitrary quote data which is not detected by tpm2 checkquote. This issue was patched in version 5.7...

CVE-2024-29038

tpm2-tools is the source repository for the Trusted Platform Module TPM2.0 tools. A malicious attacker can generate arbitrary quote data which is not detected by tpm2 checkquote. This issue was patched in version 5.7...

CVE-2024-29038

The CVE-2024-29038 issue affects tpm2-tools (TPM2.0 tools). Affected component: quote data generation and verification logic in tpm2-tools; root cause: an attacker could generate arbitrary quote data that is not detected by tpm2_checkquote. Impact: attacker-controlled quotes could bypass detectio...

ROS-20240611-02

The vulnerability of Tss2RCDecode and Tss2RCSetHandler functions of TCG TPM2 TPM2 Software Stack implementation is related to buffer copying without input data validation. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data, violate its integrity, and cause ...

OESA-2024-1638 tpm2-tss security update

tpm2-tss is a software stack supporting Trusted Platform ModuleTPM 2.0 system APIs which provides TPM2.0 specified APIs for applications to access TPM module through kernel TPM drivers. Security Fixes: A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number i...

OESA-2024-1613 tpm2-tss security update

tpm2-tss is a software stack supporting Trusted Platform ModuleTPM 2.0 system APIs which provides TPM2.0 specified APIs for applications to access TPM module through kernel TPM drivers. Security Fixes: A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number i...

SUSE-SU-2024:1636-1 Security update for tpm2.0-tools

This update for tpm2.0-tools fixes the following issues: - CVE-2024-29038: Fixed arbitrary quote data validation by tpm2checkquote bsc1223687. - CVE-2024-29039: Fixed pcr selection value to be compared with the attest bsc1223689...

Updated tpm2-tss packages fix security vulnerabilities

A flaw was found in the tpm2-tss package, where there was no check that the magic number in the attest is equal to the TPM2GENERATEDVALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by FapiVerifyQuote...

MGASA-2024-0171 Updated tpm2-tss packages fix security vulnerabilities

A flaw was found in the tpm2-tss package, where there was no check that the magic number in the attest is equal to the TPM2GENERATEDVALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by FapiVerifyQuote...