Vulnerabilities > Swtpm Project

DATE CVE VULNERABILITY TITLE RISK
2023-11-03 CVE-2020-28407 Link Following vulnerability in Swtpm Project Swtpm
In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall.
local
low complexity
swtpm-project CWE-59
7.1
2022-02-18 CVE-2022-23645 Out-of-bounds Read vulnerability in multiple products
swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface.
local
low complexity
swtpm-project redhat fedoraproject CWE-125
5.5