Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

OSV
OSVadded 2026/01/15 9:23 a.m.2 views

SUSE-SU-2026:20357-1 Security update for elemental-toolkit, elemental-operator

This update for elemental-toolkit, elemental-operator fixes the following issues: elemental-operator: - Update to v1.7.4: Bump github.com/rancher-sandbox/go-tpm and its dependencies This bump includes few CVE fixes: bsc1241826 CVE-2025-22872 bsc1241857 CVE-2025-22872 bsc1251511 CVE-2025-47911...

7.5CVSS6.8AI score0.00046EPSS
Exploits2References14
Github Security Blog
Github Security Blogadded 2022/02/11 11:18 p.m.42 views

TPM 1.2 key authorization values vulnerable to TPM transport eavesdropper in go-tpm

Impact TPM 2.0 users are unaffected by this issue. An adversary eavesdropping on the TPM 1.2 transport path can calculate usageAuth for a key created with CreateWrapKey, even though this value is encrypted as part of the TPM 1.2 command protocol. The TPM 1.2 CreateWrapKey command accepts two...

7.1CVSS6.7AI score0.00017EPSS
Exploits1References6Affected Software1
Veracode
Veracodeadded 2020/08/12 6:4 a.m.19 views

Information Disclosure

github.com/google/go-tpm is vulnerable to information disclosure. An attacker is able to discover the encUsageAuth and encMigrationAuth values and calculateusageAuth ^ encMigrationAuth since the migrationAuth can be guessed for all keys created with CreateWrapKey, and subsequently discover the au...

7.1CVSS2AI score0.00017EPSS
Exploits1References2Affected Software1
NVD
NVDadded 2020/08/11 7:15 p.m.11 views

CVE-2020-8918

An improperly initialized 'migrationAuth' value in Google's go-tpm TPM1.2 library versions prior to 0.3.0 can lead an eavesdropping attacker to discover the auth value for a key created with CreateWrapKey. An attacker listening in on the channel can collect both 'encUsageAuth' and...

7.1CVSS6.4AI score0.00017EPSS
Exploits1References1
CVE
CVEadded 2020/08/11 6:35 p.m.48 views

CVE-2020-8918

The CVE-2020-8918 issue affects Google's go-tpm TPM1.2 library prior to 0.3.0, where a bug initializes migrationAuth, allowing a local attacker eavesdropping on TPM1.2 transport to compute usageAuth for keys created with CreateWrapKey by XOR’ing encUsageAuth and encMigrationAuth. TPM2.0 is not af...

7.1CVSS6.3AI score0.00017EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2020/08/11 6:35 p.m.14 views

CVE-2020-8918 TPM 1.2 key authorization values are vulnerable to a TPM transport eavesdropper

An improperly initialized 'migrationAuth' value in Google's go-tpm TPM1.2 library versions prior to 0.3.0 can lead an eavesdropping attacker to discover the auth value for a key created with CreateWrapKey. An attacker listening in on the channel can collect both 'encUsageAuth' and...

6.3CVSS6.8AI score0.00017EPSS
Exploits1References1
Rows per page
Query Builder