Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
trusted platform module vulnerabilities and exploits
(subscribe to this query)
6
CVSSv3
CVE-2020-26933
Trusted Computing Group (TCG) Trusted Platform Module Library Family 2.0 Library Specification Revisions 1.38 up to and including 1.59 has Incorrect Access Control during a non-orderly TPM shut-down that uses USE_DA_USED. Improper initialization of this shut-down may result in su...
Trustedcomputinggroup Trusted Platform Module 2.0
7.1
CVSSv3
CVE-2018-6622
An issue exists that affects all producers of BIOS firmware who make a certain realistic interpretation of an obscure portion of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2.0 specification. An abnormal case is not handled properly by this firmware while S3 s...
Trustedcomputinggroup Trusted Platform Module 2.0
3 Github repositories
5.9
CVSSv3
CVE-2019-11090
Cryptographic timing conditions in the subsystem for Intel(R) PTT prior to 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0 and 14.0.10; Intel(R) TXE 3.1.70 and 4.0.20; Intel(R) SPS prior to SPS_E5_04.01.04.305.0, SPS_SoC-X_04.00.04.108.0, SPS_SoC-A_04.00.04.191.0, SPS_E3_04.01.04.08...
Intel Platform Trust Technology Firmware
Intel Server Platform Services Firmware
Intel Trusted Execution Engine Firmware
1 Github repository
1 Article
7.8
CVSSv3
CVE-2017-16837
Certain function pointers in Trusted Boot (tboot) up to and including 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module (TPM) by hooking these function pointers.
Trusted Boot Project Trusted Boot 1.9.6
7.8
CVSSv3
CVE-2023-1017
An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashin...
Trustedcomputinggroup Trusted Platform Module 2.0
Microsoft Windows 10 1809
Microsoft Windows 10 20h2
Microsoft Windows 11 21h2
Microsoft Windows 10 21h2
Microsoft Windows 10 22h2
Microsoft Windows 10 1607
Microsoft Windows 10 1507
Microsoft Windows Server 2016
Microsoft Windows 11 22h2
Microsoft Windows Server 2019
Microsoft Windows Server 2022
2 Github repositories
1 Article
5.5
CVSSv3
CVE-2023-1018
An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the ...
Trustedcomputinggroup Trusted Platform Module 2.0
Microsoft Windows 10 1809
Microsoft Windows 10 20h2
Microsoft Windows 11 21h2
Microsoft Windows 10 21h2
Microsoft Windows 10 22h2
Microsoft Windows 10 1607
Microsoft Windows 10 1507
Microsoft Windows Server 2016
Microsoft Windows 11 22h2
Microsoft Windows Server 2019
Microsoft Windows Server 2022
2 Github repositories
1 Article
5.9
CVSSv3
CVE-2019-16863
STMicroelectronics ST33TPHF2ESPI TPM devices prior to 2019-09-12 allow malicious users to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL.
St St33tphf2espi Firmware 71.0
St St33tphf2espi Firmware 71.4
St St33tphf2espi Firmware 71.12
St St33tphf2espi Firmware 73.0
St St33tphf2espi Firmware 73.4
St St33tphf2espi Firmware 73.8
St St33tphf2ei2c Firmware 73.5
St St33tphf2ei2c Firmware 73.9
St St33tphf20spi Firmware 74.0
St St33tphf20spi Firmware 74.4
St St33tphf20spi Firmware 74.8
St St33tphf20spi Firmware 74.16
St St33tphf20i2c Firmware 74.5
St St33tphf20i2c Firmware 74.9
1 Github repository
1 Article
6.5
CVSSv3
CVE-2023-36717
Windows Virtual Trusted Platform Module Denial of Service Vulnerability
Microsoft Windows Server 2016 -
Microsoft Windows Server 2019 -
Microsoft Windows Server 2022 -
Microsoft Windows 10 1507
Microsoft Windows 10 1809
Microsoft Windows 11 21h2
Microsoft Windows 11 22h2
Microsoft Windows 10 1607
Microsoft Windows 10 21h2
Microsoft Windows 10 22h2
7.8
CVSSv3
CVE-2023-36718
Microsoft Virtual Trusted Platform Module Remote Code Execution Vulnerability
Microsoft Windows Server 2016 -
Microsoft Windows Server 2019 -
Microsoft Windows Server 2022 -
Microsoft Windows 10 1507
Microsoft Windows 10 1809
Microsoft Windows 11 21h2
Microsoft Windows 11 22h2
Microsoft Windows 10 1607
Microsoft Windows 10 21h2
Microsoft Windows 10 22h2
7.5
CVSSv3
CVE-2019-9517
Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually writ...
Apple Swiftnio
Apache Traffic Server
Apache Http Server
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Synology Skynas -
Synology Diskstation Manager 6.2
Synology Vs960hd Firmware -
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Opensuse Leap 15.0
Opensuse Leap 15.1
Redhat Software Collections 1.0
Redhat Jboss Core Services 1.0
Redhat Enterprise Linux 8.0
Redhat Jboss Enterprise Application Platform 7.2.0
Redhat Quay 3.0.0
Redhat Openshift Service Mesh 1.0
Redhat Jboss Enterprise Application Platform 7.3.0
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »