Lucene search
+L

519 matches found

Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.19 views

PT-2026-40966

A side-channel attack, which requires a physical presence to the TPM, can lead to extraction of an Elliptic Curve Diffie-Hellman ECDH key...

3.8CVSS5.8AI score0.00117EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.13 views

Nuvoton NPCT7xx 安全漏洞

Nuvoton NPCT7xx is a series of TPM security controllers developed by Nuvoton Corporation in Taiwan, China, aimed at trusted computing and platform security management. Nuvoton NPCT7xx has security vulnerabilities, which stem from side-channel attacks and may lead to the extraction of elliptic cur...

3.8CVSS5.8AI score0.00117EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/11 2:42 p.m.11 views

EUVD-2026-27657

Keylime has a hardcoded attestation challenge nonce that allows replay attacks...

6.3CVSS5.8AI score0.00121EPSS
Exploits0References4
OSV
OSV
added 2026/05/06 12:30 p.m.7 views

GHSA-WC6P-4GWJ-JCR8 Duplicate Advisory: Keylime has a hardcoded attestation challenge nonce that allows replay attacks

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-q8w6-w55c-ccv5. This link is maintained to preserve external references. Original Description A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent...

6.3CVSS5.7AI score0.00121EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/06 12:30 p.m.13 views

Duplicate Advisory: Keylime has a hardcoded attestation challenge nonce that allows replay attacks

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-q8w6-w55c-ccv5. This link is maintained to preserve external references. Original Description A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent...

6.3CVSS5.7AI score0.00121EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/05/06 12:26 p.m.16 views

Use of Predictable Algorithm in Random Number Generator

Overview keylime is a TPM-based key bootstrapping and system integrity measurement system for cloud Affected versions of this package are vulnerable to Use of Predictable Algorithm in Random Number Generator in the generatechallenge method. An attacker can evade detection and bypass security...

8.3CVSS5.8AI score0.00121EPSS
Exploits0References2
NVD
NVD
added 2026/05/06 11:16 a.m.11 views

CVE-2026-6420

A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit a vulnerability in the Keylime verifier. The verifier uses a hardcoded challenge nonce for Trusted Platform Module TPM quote attestation instead of a...

6.3CVSS0.00121EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/06 10:19 a.m.37 views

CVE-2026-6420 Keylime: keylime: security bypass due to hardcoded tpm quote nonce

A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit a vulnerability in the Keylime verifier. The verifier uses a hardcoded challenge nonce for Trusted Platform Module TPM quote attestation instead of a...

6.3CVSS0.00121EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/06 10:19 a.m.7 views

CVE-2026-6420 Keylime: keylime: security bypass due to hardcoded tpm quote nonce

A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit a vulnerability in the Keylime verifier. The verifier uses a hardcoded challenge nonce for Trusted Platform Module TPM quote attestation instead of a...

6.3CVSS5.8AI score0.00121EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/06 10:19 a.m.7 views

CVE-2026-6420

A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit a vulnerability in the Keylime verifier. The verifier uses a hardcoded challenge nonce for Trusted Platform Module TPM quote attestation instead of a...

6.3CVSS5.8AI score0.00121EPSS
Exploits0References3
CVE
CVE
added 2026/05/06 10:19 a.m.32 views

CVE-2026-6420

CVE-2026-6420 affects Keylime: a flaw in the verifier uses a hardcoded TPM quote nonce instead of a cryptographically random value. An attacker with root on an enrolled monitored machine where the Keylime agent runs can stockpile valid TPM quotes and replay them to evade detection after compromis...

6.3CVSS5.8AI score0.00121EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/06 10:13 a.m.15 views

CVE-2026-6420

A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit a vulnerability in the Keylime verifier. The verifier uses a hardcoded challenge nonce for Trusted Platform Module TPM quote attestation instead of a...

6.3CVSS5.7AI score0.00121EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.15 views

PT-2026-37443

Name of the Vulnerable Software and Affected Versions Keylime affected versions not specified Description A flaw in the Keylime verifier allows an attacker with root access on an enrolled monitored machine to bypass security. The verifier uses a hardcoded challenge nonce for Trusted Platform Modu...

6.3CVSS5.8AI score0.00121EPSS
Exploits0References21
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.10 views

Keylime 安全漏洞

Keylime is an open-source scalable trust system developed using TPM technology. Keylime has a security vulnerability, which stems from the verifier using hardcoded challenge random numbers for TPM reference proofs instead of encrypted random values. This allows attackers to accumulate valid TPM...

6.3CVSS5.8AI score0.00121EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/24 12:0 a.m.6 views

Ubuntu Pro Realtime 24.04 LTS : Linux kernel (Raspberry Pi Real-time) vulnerabilities (USN-8204-1)

"The remote Ubuntu Pro Realtime 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8204-1 advisory. Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly...

9.8CVSS5.9AI score0.00385EPSS
Exploits0References176
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.5 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013593)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013593 advisory. In the Linux kernel, the following vulnerability has been resolved: tpm: tpmtis: Add the missed acpiputtable to fix memory leak In checkacpitpm2, we get the TPM2 tab...

5.8AI score0.00216EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.6 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010949)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010949 advisory. In the Linux kernel, the following vulnerability has been resolved: tpm: tpmtis: Add the missed acpiputtable to fix memory leak In checkacpitpm2, we get the TPM2 tab...

5.8AI score0.00216EPSS
Exploits0References4
ICS
ICS
added 2026/04/14 12:0 a.m.10 views

Siemens TPM 2.0

SUMMARY The products listed below contain a vulnerability that could allow an attacker to perform an out-of-bound read, potentially leading to information disclosure or denial of service of the TPM. Siemens has released new versions for several affected products and recommends to update to the...

6.6CVSS7.4AI score0.00199EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/04/13 5:35 p.m.5 views

CVE-2026-40097

A flaw was found in Step CA, an online certificate authority. A remote attacker can trigger a Denial of Service DoS by sending a specially crafted attestation key AK certificate with an empty Extended Key Usage EKU extension during Trusted Platform Module TPM device attestation. This causes an...

3.7CVSS5.7AI score0.00181EPSS
Exploits0References2
OSV
OSV
added 2026/04/10 8:18 p.m.19 views

GHSA-9QQ8-CGCV-QMC9 Step CA affected by an index out of bounds panic in TPM attestation EKU validation

Summary An attacker can trigger an index out-of-bounds panic in Step CA by sending a crafted attestation key AK certificate with an empty Extended Key Usage EKU extension during TPM device attestation. Details When processing a device-attest-01 ACME challenge using TPM attestation, Step CA...

3.7CVSS5.9AI score0.00181EPSS
Exploits0References6
Rows per page
Query Builder