Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
trusted platform module vulnerabilities and exploits
(subscribe to this query)
1.9
CVSSv2
CVE-2020-25082
An attacker with physical access to Nuvoton Trusted Platform Module (NPCT75x 7.2.x prior to 7.2.2.0) could extract an Elliptic Curve Cryptography (ECC) private key via a side-channel attack against ECDSA, because of an Observable Timing Discrepancy.
Nuvoton Npct75x Firmware
1.9
CVSSv2
CVE-2022-26355
Citrix Federated Authentication Service (FAS) 7.17 - 10.6 causes deployments that have been configured to store a registration authority certificate's private key in a Trusted Platform Module (TPM) to incorrectly store that key in the Microsoft Software Key Storage Provider ...
Citrix Federated Authentication Service
2.1
CVSSv2
CVE-2020-5851
On impacted versions and platforms the Trusted Platform Module (TPM) system integrity check cannot detect modifications to specific system components. This issue only impacts specific engineering hotfixes and platforms. NOTE: This vulnerability does not affect any of the BIG-IP m...
F5 Big-ip Local Traffic Manager 14.1.0.2.0.45.4
F5 Big-ip Local Traffic Manager 14.1.0.2.0.62.4
F5 Big-ip Advanced Firewall Manager 14.1.0.2.0.45.4
F5 Big-ip Advanced Firewall Manager 14.1.0.2.0.62.4
F5 Big-ip Application Acceleration Manager 14.1.0.2.0.45.4
F5 Big-ip Application Acceleration Manager 14.1.0.2.0.62.4
F5 Big-ip Analytics 14.1.0.2.0.45.4
F5 Big-ip Analytics 14.1.0.2.0.62.4
F5 Big-ip Access Policy Manager 14.1.0.2.0.45.4
F5 Big-ip Access Policy Manager 14.1.0.2.0.62.4
F5 Big-ip Application Security Manager 14.1.0.2.0.45.4
F5 Big-ip Application Security Manager 14.1.0.2.0.62.4
F5 Big-ip Edge Gateway 14.1.0.2.0.45.4
F5 Big-ip Edge Gateway 14.1.0.2.0.62.4
F5 Big-ip Fraud Protection Service 14.1.0.2.0.45.4
F5 Big-ip Fraud Protection Service 14.1.0.2.0.62.4
F5 Big-ip Global Traffic Manager 14.1.0.2.0.45.4
F5 Big-ip Global Traffic Manager 14.1.0.2.0.62.4
F5 Big-ip Link Controller 14.1.0.2.0.45.4
F5 Big-ip Link Controller 14.1.0.2.0.62.4
F5 Big-ip Policy Enforcement Manager 14.1.0.2.0.45.4
F5 Big-ip Policy Enforcement Manager 14.1.0.2.0.62.4
4.3
CVSSv2
CVE-2017-15361
The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions prior to 0000000000000422 - 4.34, prior to 000000000000062b - 6.43, and prior to 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for malicious us...
Infineon Trusted Platform Firmware 6.40
Infineon Trusted Platform Firmware 133.32
Infineon Trusted Platform Firmware 4.31
Infineon Trusted Platform Firmware 4.32
Infineon Rsa Library
13 Github repositories
2 Articles
NA
CVE-2023-22745
tpm2-tss is an open source software implementation of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2 Software Stack (TSS2). In affected versions `Tss2_RC_SetHandler` and `Tss2_RC_Decode` both index into `layer_handler` with an 8 bit layer number, but the array ...
Tpm2 Software Stack Project Tpm2 Software Stack
2.1
CVSSv2
CVE-2017-10606
Version 4.40 of the TPM (Trusted Platform Module) firmware on Juniper Networks SRX300 Series has a weakness in generating cryptographic keys that may allow an malicious user to decrypt sensitive information in SRX300 Series products. The TPM is used in the SRX300 Series to encryp...
Juniper Trusted Platform Module Firmware 4.40
2.1
CVSSv2
CVE-2019-1589
A vulnerability in the Trusted Platform Module (TPM) functionality of software for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, local attacker with physical access to view sensitive information on an affe...
Cisco Nx-os 8.3\\(0\\)sk\\(0.39\\)
9.3
CVSSv2
CVE-2021-44228
Apache Log4j2 2.0-beta9 up to and including 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can contr...
Apache Log4j 2.0
Apache Log4j
Siemens Sppa-t3000 Ses3000 Firmware
Siemens Logo\\! Soft Comfort
Siemens Spectrum Power 4 4.70
Siemens Spectrum Power 4
Siemens Siveillance Control Pro
Siemens Energyip Prepay 3.7
Siemens Energyip Prepay 3.8
Siemens Siveillance Identity 1.6
Siemens Siveillance Identity 1.5
Siemens Siveillance Command
Siemens Sipass Integrated 2.85
Siemens Sipass Integrated 2.80
Siemens Head-end System Universal Device Integration System
Siemens Gma-manager
Siemens Energyip 8.5
Siemens Energyip 8.6
Siemens Energyip 8.7
Siemens Energyip 9.0
Siemens Energy Engage 3.1
Siemens E-car Operation Center
2 Metasploit modules
1155 Github repositories
28 Articles
5
CVSSv2
CVE-2019-9636
Python 2.7.x up to and including 2.7.16 and 3.x up to and including 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given ...
Python Python
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Opensuse Leap 42.3
Opensuse Leap 15.0
Opensuse Leap 15.1
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Server Aus 7.4
Redhat Enterprise Linux 7.5
Redhat Enterprise Linux Server Tus 7.4
Redhat Enterprise Linux Eus 7.5
1 Article
4.9
CVSSv2
CVE-2021-4203
A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.
Linux Linux Kernel 5.15
Linux Linux Kernel
Netapp Element Software -
Netapp Solidfire -
Netapp Hci Management Node -
Netapp Active Iq Unified Manager -
Netapp E-series Santricity Os Controller
Netapp Bootstrap Os -
Netapp A700s Firmware -
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H410s Firmware -
Netapp H410c Firmware -
Oracle Communications Cloud Native Core Binding Support Function 22.1.3
Oracle Communications Cloud Native Core Policy 22.2.0
Oracle Communications Cloud Native Core Network Exposure Function 22.1.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2024-34413
CVE-2024-34089
CVE-2024-33408
local
SQL
CVE-2024-0402
CVE-2024-33910
CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »