Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
trusted platform module vulnerabilities and exploits
(subscribe to this query)
321
VMScore
CVE-2018-6622
An issue exists that affects all producers of BIOS firmware who make a certain realistic interpretation of an obscure portion of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2.0 specification. An abnormal case is not handled properly by this firmware while S3 s...
Trustedcomputinggroup Trusted Platform Module 2.0
3 Github repositories
320
VMScore
CVE-2020-26933
Trusted Computing Group (TCG) Trusted Platform Module Library Family 2.0 Library Specification Revisions 1.38 up to and including 1.59 has Incorrect Access Control during a non-orderly TPM shut-down that uses USE_DA_USED. Improper initialization of this shut-down may result in su...
Trustedcomputinggroup Trusted Platform Module 2.0
383
VMScore
CVE-2019-11090
Cryptographic timing conditions in the subsystem for Intel(R) PTT prior to 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0 and 14.0.10; Intel(R) TXE 3.1.70 and 4.0.20; Intel(R) SPS prior to SPS_E5_04.01.04.305.0, SPS_SoC-X_04.00.04.108.0, SPS_SoC-A_04.00.04.191.0, SPS_E3_04.01.04.08...
Intel Platform Trust Technology Firmware
Intel Server Platform Services Firmware
Intel Trusted Execution Engine Firmware
1 Github repository
1 Article
409
VMScore
CVE-2017-16837
Certain function pointers in Trusted Boot (tboot) up to and including 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module (TPM) by hooking these function pointers.
Trusted Boot Project Trusted Boot 1.9.6
NA
CVE-2023-1017
An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashin...
Trustedcomputinggroup Trusted Platform Module 2.0
Microsoft Windows 10 1809
Microsoft Windows 10 20h2
Microsoft Windows 11 21h2
Microsoft Windows 10 21h2
Microsoft Windows 10 22h2
Microsoft Windows 10 1607
Microsoft Windows 10 1507
Microsoft Windows Server 2016
Microsoft Windows 11 22h2
Microsoft Windows Server 2019
Microsoft Windows Server 2022
2 Github repositories
1 Article
NA
CVE-2023-1018
An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the ...
Trustedcomputinggroup Trusted Platform Module 2.0
Microsoft Windows 10 1809
Microsoft Windows 10 20h2
Microsoft Windows 11 21h2
Microsoft Windows 10 21h2
Microsoft Windows 10 22h2
Microsoft Windows 10 1607
Microsoft Windows 10 1507
Microsoft Windows Server 2016
Microsoft Windows 11 22h2
Microsoft Windows Server 2019
Microsoft Windows Server 2022
2 Github repositories
1 Article
383
VMScore
CVE-2019-16863
STMicroelectronics ST33TPHF2ESPI TPM devices prior to 2019-09-12 allow malicious users to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL.
St St33tphf2espi Firmware 71.0
St St33tphf2espi Firmware 71.4
St St33tphf2espi Firmware 71.12
St St33tphf2espi Firmware 73.0
St St33tphf2espi Firmware 73.4
St St33tphf2espi Firmware 73.8
St St33tphf2ei2c Firmware 73.5
St St33tphf2ei2c Firmware 73.9
St St33tphf20spi Firmware 74.0
St St33tphf20spi Firmware 74.4
St St33tphf20spi Firmware 74.8
St St33tphf20spi Firmware 74.16
St St33tphf20i2c Firmware 74.5
St St33tphf20i2c Firmware 74.9
1 Github repository
1 Article
NA
CVE-2023-36717
Windows Virtual Trusted Platform Module Denial of Service Vulnerability
Microsoft Windows Server 2016 -
Microsoft Windows Server 2019 -
Microsoft Windows Server 2022 -
Microsoft Windows 10 1507
Microsoft Windows 10 1809
Microsoft Windows 11 21h2
Microsoft Windows 11 22h2
Microsoft Windows 10 1607
Microsoft Windows 10 21h2
Microsoft Windows 10 22h2
NA
CVE-2023-36718
Microsoft Virtual Trusted Platform Module Remote Code Execution Vulnerability
Microsoft Windows Server 2016 -
Microsoft Windows Server 2019 -
Microsoft Windows Server 2022 -
Microsoft Windows 10 1507
Microsoft Windows 10 1809
Microsoft Windows 11 21h2
Microsoft Windows 11 22h2
Microsoft Windows 10 1607
Microsoft Windows 10 21h2
Microsoft Windows 10 22h2
694
VMScore
CVE-2019-9517
Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually writ...
Apple Swiftnio
Apache Traffic Server
Apache Http Server
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Synology Skynas -
Synology Diskstation Manager 6.2
Synology Vs960hd Firmware -
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Opensuse Leap 15.0
Opensuse Leap 15.1
Redhat Software Collections 1.0
Redhat Jboss Core Services 1.0
Redhat Enterprise Linux 8.0
Redhat Jboss Enterprise Application Platform 7.2.0
Redhat Quay 3.0.0
Redhat Openshift Service Mesh 1.0
Redhat Jboss Enterprise Application Platform 7.3.0
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »