83 matches found
EUVD-2025-17717
Malicious code in bioql PyPI...
CVE-2025-2884
TCG TPM2.0 Reference implementation's CryptHmacSign helper function is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm. See Errata Revision 1.83 and advisory TCGVRT0009 for TCG standard TPM2.0...
CVE-2025-2884
TCG TPM2.0 Reference implementation's CryptHmacSign helper function is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm. See Errata Revision 1.83 and advisory TCGVRT0009 for TCG standard TPM2.0...
CVE-2025-2884
TCG TPM2.0 Reference implementation's CryptHmacSign helper function is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm. See Errata Revision 1.83 and advisory TCGVRT0009 for TCG standard TPM2.0...
CVE-2025-2884 Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementation
TCG TPM2.0 Reference implementation's CryptHmacSign helper function is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm. See Errata Revision 1.83 and advisory TCGVRT0009 for TCG standard TPM2.0...
CVE-2025-2884 Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementation
TCG TPM2.0 Reference implementation's CryptHmacSign helper function is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm. See Errata Revision 1.83 and advisory TCGVRT0009 for TCG standard TPM2.0...
TPM Reference Implementation
CVE Details assigned by the TCG Refer to Glossary for explanation of terms CVE| CVSS Score| CVE Description ---|---|--- CVE-2025-2884| 6.6 Medium CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H| An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a read past the end of a...
PT-2025-24896
Name of the Vulnerable Software and Affected Versions TCG TPM2.0 versions affected versions not specified AMD Ryzen processors versions not specified Description The TCG TPM2.0 reference implementation's CryptHmacSign function contains a flaw due to a lack of validation between the signature sche...
Alibaba Cloud Linux 3 : 0082: virt:rhel and virt-devel:rhel (ALINUX3-SA-2023:0082)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2023:0082 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-46790: ntfsck in NTFS-3G through...
Security update for tpm2.0-tools, tpm2-0-tss
This update for tpm2.0-tools, tpm2-0-tss fixes the following issues: tpm2-0-tss: Update to version 4.1: + Security - CVE-2024-29040: arbitrary quote data may go undetected by FapiVerifyQuote bsc1223690 Fixed fapi: Fix length check on FAPI auth callbacks mu: Correct error message for errors...
Linux Distros Unpatched Vulnerability : CVE-2023-1017
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the...
Linux Distros Unpatched Vulnerability : CVE-2023-1018
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption...
CBL Mariner 2.0 Security Update: tpm2-tools (CVE-2024-29038)
The version of tpm2-tools installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-29038 advisory. - tpm2-tools is the source repository for the Trusted Platform Module TPM2.0 tools. A malicious attacker c...
CBL Mariner 2.0 Security Update: tpm2-tools (CVE-2024-29039)
The version of tpm2-tools installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-29039 advisory. - tpm2 is the source repository for the Trusted Platform Module TPM2.0 tools. This vulnerability allows...
ROS-20240708-02
A vulnerability in the TPMLPCRSELECTION functions of the source repository for Trusted Platform Module tools TPM2.0 is related to improper mapping of PCR slots, providing a misleading TPM state. Exploitation of the vulnerability could allow an attacker acting remotely to manipulate output data...
CVE-2024-29039
tpm2 is the source repository for the Trusted Platform Module TPM2.0 tools. This vulnerability allows attackers to manipulate tpm2checkquote outputs by altering the TPMLPCRSELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a...
CVE-2024-29039 Missing check in tpm2_checkquote allows attackers to misrepresent the TPM state
tpm2 is the source repository for the Trusted Platform Module TPM2.0 tools. This vulnerability allows attackers to manipulate tpm2checkquote outputs by altering the TPMLPCRSELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a...
CVE-2024-29039
tpm2 is the source repository for the Trusted Platform Module TPM2.0 tools. This vulnerability allows attackers to manipulate tpm2checkquote outputs by altering the TPMLPCRSELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a...
CVE-2024-29038
The CVE-2024-29038 issue affects tpm2-tools (TPM2.0 tools). Affected component: quote data generation and verification logic in tpm2-tools; root cause: an attacker could generate arbitrary quote data that is not detected by tpm2_checkquote. Impact: attacker-controlled quotes could bypass detectio...
OPENSUSE-SU-2024:11471-1 tpm2.0-tools-5.1.1-3.2 on GA media
These are all security issues fixed in the tpm2.0-tools-5.1.1-3.2 package on the GA media of openSUSE Tumbleweed...