CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2026/04/21 12:0 a.m.•2 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013146)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013146 advisory. In the Linux kernel, the following vulnerability has been resolved: tpm: tpmvtpmproxy: fix a race condition in /dev/vtpmx creation /dev/vtpmx is made visible before...

5.7AI score0.00029EPSS

OSV•added 2026/04/08 2:17 p.m.•0 views

SUSE-SU-2026:21064-1 Security update for libtpms

This update for libtpms fixes the following issues: - CVE-2025-49133: out-of-bounds OOB access due to HMAC signing issue leads to abort and vTPM DoS bsc1244528...

5.9CVSS5.8AI score0.00096EPSS

EUVD•added 2026/02/04 8:47 p.m.•2 views

EUVD-2023-48032

EVE Freely Allocates Buffer on The Stack With Data From Socket...

9.9CVSS8.3AI score0.00072EPSS

RedhatCVE•added 2026/01/09 9:1 a.m.•1 views

CVE-2023-43632

9.9CVSS7.2AI score0.00072EPSS

Exploits0References1

Tenable Nessus•added 2025/12/31 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2023-54309

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tpm: tpmvtpmproxy: fix a race condition in /dev/vtpmx creation /dev/vtpmx is made visible before 'workqueue' is initialized, which can lead to a memory corrupti...

6.1AI score0.00029EPSS

Debian CVE•added 2025/12/30 12:23 p.m.•3 views

CVE-2023-54309

In the Linux kernel, the following vulnerability has been resolved: tpm: tpmvtpmproxy: fix a race condition in /dev/vtpmx creation /dev/vtpmx is made visible before 'workqueue' is initialized, which can lead to a memory corruption in the worst case scenario. Address this by initializing 'workqueu...

5.6AI score0.00029EPSS

Tenable Nessus•added 2025/09/25 12:0 a.m.•3 views

Fedora 42 : rust-az-cvm-vtpm / rust-az-snp-vtpm / rust-az-tdx-vtpm / etc (2025-2408b72979)

The remote Fedora 42 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2025-2408b72979 advisory. Rebase trustee-guest-components to v0.13.0 Include rust-az-???-vtpm packages rebase to version 0.7.4 Adjust patches to work with 'sev' version 6...

6.5CVSS6.5AI score0.00277EPSS

Exploits0References5

IBM Security Bulletins•added 2025/06/28 2:35 a.m.•5 views

Security Bulletin: This Power System update is being released to address CVE-2025-2884

Summary The PowerVM Virtual Trusted Platform Module vTPM feature is impacted by the referenced vulnerability. Vulnerability Details CVEID:CVE-2025-2884 DESCRIPTION: TCG TPM2.0 Reference implementation's CryptHmacSign helper function is vulnerable to Out-of-Bounds read due to the lack of validatio...

6.6CVSS9.1AI score0.00078EPSS

Vulnrichment•added 2025/06/10 7:46 p.m.•9 views

CVE-2025-49133 Libtpms contains a possible out-of-bound access and abort due to HMAC signing issue

Libtpms is a library that targets the integration of TPM functionality into hypervisors, primarily into Qemu. Libtpms, which is derived from the TPM 2.0 reference implementation code published by the Trusted Computing Group, is prone to a potential out of bounds OOB read vulnerability. The...

5.9CVSS5.8AI score0.00096EPSS

Cvelist•added 2025/06/10 7:46 p.m.•12 views

CVE-2025-49133 Libtpms contains a possible out-of-bound access and abort due to HMAC signing issue

5.9CVSS0.00096EPSS

Citrix•added 2024/04/19 12:0 a.m.•6 views

New machines with vTPM have the same thumbprint in vSphere

New machines have the same vTPM thumbprint as the master image in vSphere. This can be seen using PowerCLI and comparing the machines with the following command: Get-VTpm -vm | Get-VTpmCertificate...

7.1AI score

IBM Security Bulletins•added 2024/02/29 4:7 p.m.•34 views

Security Bulletin: This Power System update is being released to address CVE-2021-3505

Summary A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit keys with 1984 bit strength due to a bug in the TCG specification. The bug is in the key creation algorithm in RsaAdjustPrimeCandidate, which is called before the prime number check...

5.5CVSS5.2AI score0.00126EPSS

Exploits1Affected Software3

Debian CVE•added 2024/02/27 6:40 p.m.•21 views

CVE-2021-46951

In the Linux kernel, the following vulnerability has been resolved: tpm: efi: Use local variable for calculating final log size When tpmreadlogefi is called multiple times, which happens when one loads and unloads a TPM2 driver multiple times, then the global variable efitpmfinallogsize will at...

5.5CVSS5.4AI score0.00016EPSS

OSV•added 2023/09/21 3:30 p.m.•1 views

GHSA-VPJR-H6FH-MW4P Duplicate Advisory: EVE Freely Allocates Buffer on The Stack With Data From Socket

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-phcg-h58r-gmcq. This link is maintained to preserve external references. Original Description As noted in the “VTPM.md” file in the eve documentation, “VTPM is a server listening on port 8877 in EVE, exposing...

9CVSS5.5AI score0.00072EPSS