Vulnerability Name:

CVE-2020-28407

Assigned:2020-11-10
Published:2020-11-10
Updated:2024-06-01
Summary:In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall.
CVSS v3 Severity:
CVSS v2 Severity:
References:Source: MITRE
Type: CNA
CVE-2020-28407

Oval Definitions
Definition IDClassTitleLast Modified
oval:org.opensuse.security:def:630
P
Security update for exiv2 (Important) (in QA)
2022-09-29
oval:org.opensuse.security:def:3530
P
jakarta-taglibs-standard-1.1.1-255.2 on GA media (Moderate)
2022-06-28
oval:org.opensuse.security:def:95160
P
swtpm-0.5.3-150300.3.3.1 on GA media (Moderate)
2022-06-22
oval:org.opensuse.security:def:366
P
swtpm-0.5.3-150300.3.3.1 on GA media (Moderate)
2022-06-10
oval:org.opensuse.security:def:113471
P
swtpm-0.6.1-1.1 on GA media (Moderate)
2022-01-17
oval:org.opensuse.security:def:106868
P
swtpm-0.6.1-1.1 on GA media (Moderate)
2021-10-01
oval:org.opensuse.security:def:101406
P
swtpm-0.5.2-1.20 on GA media (Moderate)
2021-08-10
oval:org.opensuse.security:def:2291
P
swtpm-0.5.2-1.20 on GA media (Moderate)
2021-08-10
oval:org.opensuse.security:def:63380
P
swtpm-0.5.2-1.20 on GA media (Moderate)
2021-08-10
BACK