MiracleLinux 9 : tpm2-tools-5.2-4.el9 (AXSA:2024-9175:01)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-9175:01 advisory. tpm2-tools: arbitrary quote data may go undetected by tpm2checkquote CVE-2024-29038 tpm2-tools: pcr selection value is not compared with the attest...

EUVD-2024-49935

Malicious code in bioql PyPI...

CVE-2024-9430

The Get Quote For Woocommerce – Request A Quote For Woocommerce plugin for WordPress is vulnerable to unauthorized access of Quote data due to a missing capability check on the cttepfwwploaded function in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attacke...

tpm2-tools: arbitrary quote data may go undetected by tpm2_checkquote

A flaw was found in the tpm2-tools package. This issue occurs due to a missing check whether the magic number in attest is equal to TPM2GENERATEDVALUE, which can allow an attacker to generate arbitrary quote data that may not be detected by tpm2checkquote...

OESA-2024-2081 tpm2-tools security update

The package contains the code for the TPM Trusted Platform Module 2.0 tools based on tpm2-tss. Security Fixes: tpm2-tools is the source repository for the Trusted Platform Module TPM2.0 tools. A malicious attacker can generate arbitrary quote data which is not detected by tpm2 checkquote. This...

Huawei EulerOS: Security Advisory for tpm2-tss (EulerOS-SA-2024-2151)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.10.0 : tpm2-tss (EulerOS-SA-2024-2131)

According to the versions of the tpm2-tss package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the...

EulerOS Virtualization 2.10.1 : tpm2-tss (EulerOS-SA-2024-2151)

According to the versions of the tpm2-tss package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the...

Medium: tpm2-tools

Issue Overview: tpm2-tools: arbitrary quote data may go undetected by tpm2checkquote CVE-2024-29038 tpm2-tools: pcr selection value is not compared with the attest CVE-2024-29039 Affected Packages: tpm2-tools Issue Correction: Run dnf update tpm2-tools --releasever 2023.5.20240805 or dnf update...

Amazon Linux 2023 : tpm2-tools (ALAS2023-2024-693)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-693 advisory. tpm2-tools: arbitrary quote data may go undetected by tpm2checkquote CVE-2024-29038 tpm2-tools: pcr selection value is not compared with the attest CVE-2024-29039 Tenable has extracted the...

EulerOS 2.0 SP9 : tpm2-tss (EulerOS-SA-2024-1976)

According to the versions of the tpm2-tss package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2GENERATEDVALUE...

EulerOS 2.0 SP10 : tpm2-tss (EulerOS-SA-2024-1924)

According to the versions of the tpm2-tss package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2GENERATEDVALUE...

AZL-43018 CVE-2024-29038 affecting package tpm2-tools for versions less than 4.3.2-2

tpm2-tools is the source repository for the Trusted Platform Module TPM2.0 tools. A malicious attacker can generate arbitrary quote data which is not detected by tpm2 checkquote. This issue was patched in version 5.7...

CVE-2024-29038

tpm2-tools is the source repository for the Trusted Platform Module TPM2.0 tools. A malicious attacker can generate arbitrary quote data which is not detected by tpm2 checkquote. This issue was patched in version 5.7...

DEBIAN-CVE-2024-29038

tpm2-tools is the source repository for the Trusted Platform Module TPM2.0 tools. A malicious attacker can generate arbitrary quote data which is not detected by tpm2 checkquote. This issue was patched in version 5.7...

UBUNTU-CVE-2024-29038

tpm2-tools is the source repository for the Trusted Platform Module TPM2.0 tools. A malicious attacker can generate arbitrary quote data which is not detected by tpm2 checkquote. This issue was patched in version 5.7...

CVE-2024-29038

tpm2-tools is the source repository for the Trusted Platform Module TPM2.0 tools. A malicious attacker can generate arbitrary quote data which is not detected by tpm2 checkquote. This issue was patched in version 5.7...

CVE-2024-29038 tpm2 does not detect if quote was not generated by TPM

tpm2-tools is the source repository for the Trusted Platform Module TPM2.0 tools. A malicious attacker can generate arbitrary quote data which is not detected by tpm2 checkquote. This issue was patched in version 5.7...

CVE-2024-29038

The CVE-2024-29038 issue affects tpm2-tools (TPM2.0 tools). Affected component: quote data generation and verification logic in tpm2-tools; root cause: an attacker could generate arbitrary quote data that is not detected by tpm2_checkquote. Impact: attacker-controlled quotes could bypass detectio...

CVE-2024-29038

tpm2-tools is the source repository for the Trusted Platform Module TPM2.0 tools. A malicious attacker can generate arbitrary quote data which is not detected by tpm2 checkquote. This issue was patched in version 5.7...