Azure Linux 3.0 Security Update: libtpms (CVE-2025-49133)

The version of libtpms installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-49133 advisory. - Libtpms is a library that targets the integration of TPM functionality into hypervisors, primarily into Qem...

MiracleLinux 4 : trousers-0.3.13-2.AXS4 (AXSA:2014-608:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2014-608:01 advisory. Description : TrouSerS is an implementation of the Trusted Computing Group's Software Stack TSS specification. You can use TrouSerS to write applications that...

CVE-2025-58770

CVE-2025-58770 concerns the AMI AptioV BIOS, where a local attacker can trigger improper handling of insufficient permissions to escalate privileges. The vulnerability affects the BIOS/firmware layer of AptioV implementations and may impact integrity, availability, and potentially lead to elevate...

EUVD-2018-18369

Malware in sbrugna...

EUVD-2024-26089

Malicious code in bioql PyPI...

EUVD-2023-26863

Malicious code in bioql PyPI...

EUVD-2025-24532

Malicious code in bioql PyPI...

CVE-2025-49133 Libtpms contains a possible out-of-bound access and abort due to HMAC signing issue

Libtpms is a library that targets the integration of TPM functionality into hypervisors, primarily into Qemu. Libtpms, which is derived from the TPM 2.0 reference implementation code published by the Trusted Computing Group, is prone to a potential out of bounds OOB read vulnerability. The...

TCG TPM 安全漏洞

TCG TPM is a chip that is planted inside a computer to provide a trusted root for the computer, organized by Trusted Computing Group. A security vulnerability exists in version 2.0 of the TCG TPM, which stems from a CryptHmacSign helper function that does not validate the signing scheme and signi...

Linux Distros Unpatched Vulnerability : CVE-2024-29040

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This repository hosts source code implementing the Trusted Computing Group's TCG TPM2 Software Stack TSS. The JSON Quote Info returned by FapiQuote has to be...

Huawei EulerOS: Security Advisory for tpm2-tss (EulerOS-SA-2024-2229)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP12 : tpm2-tss (EulerOS-SA-2024-2253)

According to the versions of the tpm2-tss package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : This repository hosts source code implementing the Trusted Computing Group's TCG TPM2 Software Stack TSS. The JSON Quote Info returned by FapiQuo...

EulerOS 2.0 SP11 : tpm2-tss (EulerOS-SA-2024-2096)

According to the versions of the tpm2-tss package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : This repository hosts source code implementing the Trusted Computing Group's TCG TPM2 Software Stack TSS. The JSON Quote Info returned by FapiQuo...

CVE-2024-29040

This repository hosts source code implementing the Trusted Computing Group's TCG TPM2 Software Stack TSS. The JSON Quote Info returned by FapiQuote has to be deserialized by FapiVerifyQuote to the TPM Structure TPMSATTEST. For the field TPM2GENERATED magic of this structure any number can be used...

AZL-42985 CVE-2024-29040 affecting package tpm2-tss for versions less than 2.4.6-4

This repository hosts source code implementing the Trusted Computing Group's TCG TPM2 Software Stack TSS. The JSON Quote Info returned by FapiQuote has to be deserialized by FapiVerifyQuote to the TPM Structure TPMSATTEST. For the field TPM2GENERATED magic of this structure any number can be used...

CVE-2024-29040 Fapi Verify Quote: Does not detect if quote was not generated by TPM

This repository hosts source code implementing the Trusted Computing Group's TCG TPM2 Software Stack TSS. The JSON Quote Info returned by FapiQuote has to be deserialized by FapiVerifyQuote to the TPM Structure TPMSATTEST. For the field TPM2GENERATED magic of this structure any number can be used...

CVE-2024-29040

This repository hosts source code implementing the Trusted Computing Group's TCG TPM2 Software Stack TSS. The JSON Quote Info returned by FapiQuote has to be deserialized by FapiVerifyQuote to the TPM Structure TPMSATTEST. For the field TPM2GENERATED magic of this structure any number can be used...

CVE-2024-29040 Fapi Verify Quote: Does not detect if quote was not generated by TPM

This repository hosts source code implementing the Trusted Computing Group's TCG TPM2 Software Stack TSS. The JSON Quote Info returned by FapiQuote has to be deserialized by FapiVerifyQuote to the TPM Structure TPMSATTEST. For the field TPM2GENERATED magic of this structure any number can be used...

CVE-2024-29040

This repository hosts source code implementing the Trusted Computing Group's TCG TPM2 Software Stack TSS. The JSON Quote Info returned by FapiQuote has to be deserialized by FapiVerifyQuote to the TPM Structure TPMSATTEST. For the field TPM2GENERATED magic of this structure any number can be used...

EDK2 Buffer Error Vulnerability

EDK2 is a set of cross-platform firmware development environments from the Tianocore community based on the UEFI and PI specifications. A security vulnerability exists in EDK2 202311 and earlier versions, which stems from a buffer overflow vulnerability in the Tcg2MeasureGptTable function...