22 matches found
CVE-2026-9793
A flaw was found in Keycloak. When a JSON Web Encryption JWE encrypted request object is submitted, Keycloak may incorrectly process unsigned claims if the decrypted content is raw JSON, bypassing the configured signature policy. This allows a remote attacker to submit unauthorized claims, leadin...
WordPress FAPI Member plugin authorization bypass vulnerability
The FAPI Member plugin is a tool for connecting and integrating the FAPIMember service with WordPress sites. An authorization bypass vulnerability exists in the WordPress FAPI Member plugin, which stems from a user control key bypassing authorization, and can be exploited by an attacker to levera...
CVE-2025-66132
Authorization Bypass Through User-Controlled Key vulnerability in FAPI Business s.r.o. FAPI Member fapi-member allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FAPI Member: from n/a through = 2.2.30...
EUVD-2025-203578
Authorization Bypass Through User-Controlled Key vulnerability in FAPI Business s.r.o. FAPI Member fapi-member allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FAPI Member: from n/a through = 2.2.26...
CVE-2025-66132
Authorization Bypass Through User-Controlled Key vulnerability in FAPI Business s.r.o. FAPI Member fapi-member allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FAPI Member: from n/a through = 2.2.30...
CVE-2025-66132 WordPress FAPI Member plugin <= 2.2.30 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in FAPI Business s.r.o. FAPI Member fapi-member allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FAPI Member: from n/a through = 2.2.30...
CVE-2025-66132
CVE-2025-66132 affects FAPI Member (WordPress plugin) according to Wordfence vulnerability details. The issue is described as an Unauthenticated Insecure Direct Object Reference (IDOR) affecting FAPI Member, with affected software listed as FAPI Member and versions up to at least 2.2.29. The entr...
CVE-2025-66132 WordPress FAPI Member plugin <= 2.2.30 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in FAPI Business s.r.o. FAPI Member fapi-member allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FAPI Member: from n/a through = 2.2.30...
WordPress plugin FAPI Member 安全漏洞
The FAPI Member plugin is a tool for connecting and integrating the FAPIMember service with WordPress sites. An authorization bypass vulnerability exists in the WordPress FAPI Member plugin, which stems from a user control key bypassing authorization, and can be exploited by an attacker to levera...
WordPress FAPI Member plugin <= 2.2.29 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by NumeX in WordPress Plugin FAPI Member versions = 2.2.29...
Security update for tpm2.0-tools, tpm2-0-tss
This update for tpm2.0-tools, tpm2-0-tss fixes the following issues: tpm2-0-tss: Update to version 4.1: + Security - CVE-2024-29040: arbitrary quote data may go undetected by FapiVerifyQuote bsc1223690 Fixed fapi: Fix length check on FAPI auth callbacks mu: Correct error message for errors...
CVE-2024-29040 Fapi Verify Quote: Does not detect if quote was not generated by TPM
This repository hosts source code implementing the Trusted Computing Group's TCG TPM2 Software Stack TSS. The JSON Quote Info returned by FapiQuote has to be deserialized by FapiVerifyQuote to the TPM Structure TPMSATTEST. For the field TPM2GENERATED magic of this structure any number can be used...
PT-2024-4042 · Unknown +5 · Tpm2 Software Stack +5
Name of the Vulnerable Software and Affected Versions: TPM2 Software Stack versions prior to 4.1.0 Description: The issue is related to the TPM2 GENERATED VALUE function in the TCG TPM2 TPM2 Software Stack implementation. It lacks a check to ensure the magic number in the attest matches the TPM2...
TCG TPM2 Software Stack: Information disclosure
Background TCG TPM2 Software Stack is a library to interface with trusted platform modules. Description TCG TPM2 Software Stack did not appropriately apply FAPI policies to protect data encrypted with the trusted platform module. Impact Data encrypted using TCG TPM2 Software Stack tpm2-tss may no...
EulerOS 2.0 SP9 : tpm2-tss (EulerOS-SA-2021-1278)
According to the version of the tpm2-tss package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - FAPI PolicyPCR not instatiating correctly.CVE-2020-24455 Note that Tenable Network Security has extracted the preceding description block directly...
Huawei EulerOS: Security Advisory for tpm2-tss (EulerOS-SA-2021-1259)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for tpm2-tss (EulerOS-SA-2021-1278)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2020-24455
The tpm2-tss package introduced an implementation of TCG Feature API FAPI from v2.4.0. While instantiating TPM policy via FAPI, TPM's Platform Configuration Register PCR are used to compute policy digest. While reading PCR values via 'ifapireadpcr' routine, a PCR list counter was not set which ca...
Updated tpm2-tss packages fix a security vulnerability
FAPI PolicyPCR not instatiating correctly CVE-2020-24455. Note that all TPM object created with a PolicyPCR with the currentPcrs and currentPcrsAndBank options have been created with an incorrect policy that omits PCR checks. All such objects have to be recreated. The tpm2-tss package has been...
Fedora 33 : tpm2-tss (2020-1d3fcce2a3)
tpm2-tss 3.0.1 changed or fixed : Fix CVE-2020-24455 FAPI PolicyPCR not instatiating correctly Note that all TPM object created with a PolicyPCR with the currentPcrs and currentPcrsAndBank options have been created with an incorrect policy that ommits PCR checks. All these objects have to be...