Lucene search
K

106 matches found

OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.23 views

Mageia: Security Advisory (MGASA-2021-0590)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.1CVSS6.3AI score0.00894EPSS
Exploits1References11
OSV
OSV
added 2021/12/30 4:41 p.m.17 views

MGASA-2021-0590 Updated libtpms/swtpm packages fix security vulnerability

CryptSym: fix AES output IV CVE-2021-3505. Fixed a context save and suspend/resume problem when public keys are loaded. Reset too large size indicators in TPM2B to avoid access beyond buffer CVE-2021-3623 Restore original value in buffer if unmarshalled one was illegal Fixed out-of-bounds access...

7.1CVSS5.9AI score0.00894EPSS
Exploits1References10
Veracode
Veracode
added 2021/06/04 5:8 a.m.23 views

Denial Of Service (DoS)

libtpms.so is vulnerable to denial of service. Decrypting data using RSA causes a SIGBUS bad memory access and termination of swtpm in CryptRsaDecrypt in src/tpm2/crypto/openssl/CryptRsa.c...

5.5CVSS4.2AI score0.00259EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2021/06/04 12:0 a.m.22 views

libtpms stack corruption vulnerability

libtpms is an application. Library that provides software emulation of trusted platform modules TPM 1.2 and TPM 2.0. libtpms has a security vulnerability that stems from a stack corruption bug that could lead to SIGBUS bad memory access and termination of swtpm. No detailed vulnerability details...

5.5CVSS1.9AI score0.00259EPSS
Exploits0References1
OSV
OSV
added 2021/06/03 12:15 p.m.3 views

DEBIAN-CVE-2021-3569

A stack corruption bug was found in libtpms in versions before 0.7.2 and before 0.8.0 while decrypting data using RSA. This flaw could result in a SIGBUS bad memory access and termination of swtpm. The highest threat from this vulnerability is to system availability...

5.5CVSS5.9AI score0.00259EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/06/03 12:15 p.m.3 views

CVE-2021-3569

A stack corruption bug was found in libtpms in versions before 0.7.2 and before 0.8.0 while decrypting data using RSA. This flaw could result in a SIGBUS bad memory access and termination of swtpm. The highest threat from this vulnerability is to system availability...

5.5CVSS5.5AI score0.00259EPSS
Exploits0References2
OSV
OSV
added 2021/06/03 12:15 p.m.5 views

UBUNTU-CVE-2021-3569

A stack corruption bug was found in libtpms in versions before 0.7.2 and before 0.8.0 while decrypting data using RSA. This flaw could result in a SIGBUS bad memory access and termination of swtpm. The highest threat from this vulnerability is to system availability...

5.5CVSS6.2AI score0.00259EPSS
Exploits0References4
CVE
CVE
added 2021/06/03 11:5 a.m.92 views

CVE-2021-3569

CVE-2021-3569 describes a stack corruption bug in libtpms that occurs when decrypting data using RSA. Affected versions are before 0.7.2 and before 0.8.0, and the flaw can cause a SIGBUS (bad memory access) and termination of swtpm, with the highest impact on availability. The connected sources c...

5.5CVSS5.4AI score0.00259EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/06/03 11:5 a.m.32 views

CVE-2021-3569

A stack corruption bug was found in libtpms in versions before 0.7.2 and before 0.8.0 while decrypting data using RSA. This flaw could result in a SIGBUS bad memory access and termination of swtpm. The highest threat from this vulnerability is to system availability...

5.7AI score0.00259EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/06/03 12:0 a.m.5 views

libtpms 缓冲区错误漏洞

libtpms is an application. Library that provides software emulation of trusted platform modules TPM 1.2 and TPM 2.0. libtpms has a security vulnerability that stems from a stack corruption bug that could lead to SIGBUS bad memory access and termination of swtpm. No detailed vulnerability details...

5.5CVSS5.6AI score0.00259EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2021/05/25 2:57 p.m.48 views

CVE-2020-28407

A flaw was found in swtpm. This flaw allows an attacker to create a symbolic link with the name of the temporary file TMP2-00.permall for TPM 2 and have this point to a valuable file, which will get overwritten by swtpm. The success of the attack depends on the attacker having access to the TPM's...

7.3CVSS2.1AI score0.00279EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/11/30 12:0 a.m.15 views

Fedora 32 : swtpm (2020-c707fcb91f)

Another build of v0.5.1 after more fixes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable...

5.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/11/30 12:0 a.m.15 views

Fedora 33 : swtpm (2020-00d28cf56b)

Another build of v0.5.1 after more fixes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable...

5.5AI score
Exploits0References1
Fedora
Fedora
added 2020/11/27 1:23 a.m.38 views

[SECURITY] Fedora 33 Update: swtpm-0.5.1-2.20201117git96f5a04.fc33

TPM emulator built on libtpms providing TPM functionality for QEMU VMs...

8.2CVSS1.9AI score0.01282EPSS
Exploits0
Fedora
Fedora
added 2020/11/27 1:12 a.m.33 views

[SECURITY] Fedora 32 Update: swtpm-0.5.1-2.20201117git96f5a04.fc32

TPM emulator built on libtpms providing TPM functionality for QEMU VMs...

8.2CVSS1.9AI score0.01282EPSS
Exploits0
CNNVD
CNNVD
added 2020/11/27 12:0 a.m.7 views

Stefanberger Swtpm Security Vulnerabilities

Stefanberger Swtpm is a Libtpms-based software emulator from the individual developer Stefanberger. The software supports features such as sockets, character devices and the Linux CUSE interface. A security vulnerability exists in Stefanberger Swtpm versions prior to 0.5.1, which stems from a...

7.1CVSS7.1AI score0.00279EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2020/11/27 12:0 a.m.15 views

Fedora: Security Advisory for swtpm (FEDORA-2020-c707fcb91f)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.1CVSS7.1AI score0.00279EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/11/27 12:0 a.m.12 views

Fedora: Security Advisory for swtpm (FEDORA-2020-00d28cf56b)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.1CVSS7.1AI score0.00279EPSS
Exploits0References2
ArchLinux
ArchLinux
added 2020/11/19 12:0 a.m.133 views

[ASA-202011-21] swtpm: privilege escalation

Arch Linux Security Advisory ASA-202011-21 ========================================== Severity: Medium Date : 2020-11-19 CVE-ID : CVE-2020-28407 Package : swtpm Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-1282 Summary ======= The package swtpm before version...

7.1CVSS1.1AI score0.00279EPSS
Exploits0References9
OpenVAS
OpenVAS
added 2020/09/26 12:0 a.m.5 views

Fedora: Security Advisory for swtpm (FEDORA-2020-561c908a9a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Rows per page
Query Builder