Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
trusted platform module vulnerabilities and exploits
(subscribe to this query)
169
VMScore
CVE-2020-25082
An attacker with physical access to Nuvoton Trusted Platform Module (NPCT75x 7.2.x prior to 7.2.2.0) could extract an Elliptic Curve Cryptography (ECC) private key via a side-channel attack against ECDSA, because of an Observable Timing Discrepancy.
Nuvoton Npct75x Firmware
169
VMScore
CVE-2022-26355
Citrix Federated Authentication Service (FAS) 7.17 - 10.6 causes deployments that have been configured to store a registration authority certificate's private key in a Trusted Platform Module (TPM) to incorrectly store that key in the Microsoft Software Key Storage Provider ...
Citrix Federated Authentication Service
187
VMScore
CVE-2020-5851
On impacted versions and platforms the Trusted Platform Module (TPM) system integrity check cannot detect modifications to specific system components. This issue only impacts specific engineering hotfixes and platforms. NOTE: This vulnerability does not affect any of the BIG-IP m...
F5 Big-ip Local Traffic Manager 14.1.0.2.0.45.4
F5 Big-ip Local Traffic Manager 14.1.0.2.0.62.4
F5 Big-ip Advanced Firewall Manager 14.1.0.2.0.45.4
F5 Big-ip Advanced Firewall Manager 14.1.0.2.0.62.4
F5 Big-ip Application Acceleration Manager 14.1.0.2.0.45.4
F5 Big-ip Application Acceleration Manager 14.1.0.2.0.62.4
F5 Big-ip Analytics 14.1.0.2.0.45.4
F5 Big-ip Analytics 14.1.0.2.0.62.4
F5 Big-ip Access Policy Manager 14.1.0.2.0.45.4
F5 Big-ip Access Policy Manager 14.1.0.2.0.62.4
F5 Big-ip Application Security Manager 14.1.0.2.0.45.4
F5 Big-ip Application Security Manager 14.1.0.2.0.62.4
F5 Big-ip Edge Gateway 14.1.0.2.0.45.4
F5 Big-ip Edge Gateway 14.1.0.2.0.62.4
F5 Big-ip Fraud Protection Service 14.1.0.2.0.45.4
F5 Big-ip Fraud Protection Service 14.1.0.2.0.62.4
F5 Big-ip Global Traffic Manager 14.1.0.2.0.45.4
F5 Big-ip Global Traffic Manager 14.1.0.2.0.62.4
F5 Big-ip Link Controller 14.1.0.2.0.45.4
F5 Big-ip Link Controller 14.1.0.2.0.62.4
F5 Big-ip Policy Enforcement Manager 14.1.0.2.0.45.4
F5 Big-ip Policy Enforcement Manager 14.1.0.2.0.62.4
387
VMScore
CVE-2017-15361
The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions prior to 0000000000000422 - 4.34, prior to 000000000000062b - 6.43, and prior to 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for malicious us...
Infineon Trusted Platform Firmware 6.40
Infineon Trusted Platform Firmware 133.32
Infineon Trusted Platform Firmware 4.31
Infineon Trusted Platform Firmware 4.32
Infineon Rsa Library
13 Github repositories
2 Articles
NA
CVE-2023-22745
tpm2-tss is an open source software implementation of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2 Software Stack (TSS2). In affected versions `Tss2_RC_SetHandler` and `Tss2_RC_Decode` both index into `layer_handler` with an 8 bit layer number, but the array ...
Tpm2 Software Stack Project Tpm2 Software Stack
187
VMScore
CVE-2017-10606
Version 4.40 of the TPM (Trusted Platform Module) firmware on Juniper Networks SRX300 Series has a weakness in generating cryptographic keys that may allow an malicious user to decrypt sensitive information in SRX300 Series products. The TPM is used in the SRX300 Series to encryp...
Juniper Trusted Platform Module Firmware 4.40
187
VMScore
CVE-2019-1589
A vulnerability in the Trusted Platform Module (TPM) functionality of software for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, local attacker with physical access to view sensitive information on an affe...
Cisco Nx-os 8.3\\(0\\)sk\\(0.39\\)
1000
VMScore
CVE-2021-44228
Apache Log4j2 2.0-beta9 up to and including 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can contr...
Apache Log4j 2.0
Apache Log4j
Siemens Sppa-t3000 Ses3000 Firmware
Siemens Logo\\! Soft Comfort
Siemens Spectrum Power 4 4.70
Siemens Spectrum Power 4
Siemens Siveillance Control Pro
Siemens Energyip Prepay 3.7
Siemens Energyip Prepay 3.8
Siemens Siveillance Identity 1.6
Siemens Siveillance Identity 1.5
Siemens Siveillance Command
Siemens Sipass Integrated 2.85
Siemens Sipass Integrated 2.80
Siemens Head-end System Universal Device Integration System
Siemens Gma-manager
Siemens Energyip 8.5
Siemens Energyip 8.6
Siemens Energyip 8.7
Siemens Energyip 9.0
Siemens Energy Engage 3.1
Siemens E-car Operation Center
2 Metasploit modules
1162 Github repositories
28 Articles
445
VMScore
CVE-2019-9636
Python 2.7.x up to and including 2.7.16 and 3.x up to and including 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given ...
Python Python
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Opensuse Leap 42.3
Opensuse Leap 15.0
Opensuse Leap 15.1
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Server Aus 7.4
Redhat Enterprise Linux 7.5
Redhat Enterprise Linux Server Tus 7.4
Redhat Enterprise Linux Eus 7.5
1 Article
436
VMScore
CVE-2021-4203
A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.
Linux Linux Kernel 5.15
Linux Linux Kernel
Netapp Element Software -
Netapp Solidfire -
Netapp Hci Management Node -
Netapp Active Iq Unified Manager -
Netapp E-series Santricity Os Controller
Netapp Bootstrap Os -
Netapp A700s Firmware -
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H410s Firmware -
Netapp H410c Firmware -
Oracle Communications Cloud Native Core Binding Support Function 22.1.3
Oracle Communications Cloud Native Core Policy 22.2.0
Oracle Communications Cloud Native Core Network Exposure Function 22.1.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »