Vulnerabilities > Yubico
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-03 | CVE-2024-45678 | Information Exposure Through Discrepancy vulnerability in Yubico products Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack (that requires physical access and expensive equipment) in which an electromagnetic side channel is present because of a non-constant-time modular inversion for the Extended Euclidean Algorithm, aka the EUCLEAK issue. | 4.2 |
| 2023-08-14 | CVE-2023-39908 | Out-of-bounds Read vulnerability in Yubico Yubihsm 2 SDK The PKCS11 module of the YubiHSM 2 SDK through 2023.01 does not properly validate the length of specific read operations on object metadata. | 7.5 |
| 2022-05-11 | CVE-2022-24584 | Incorrect Authorization vulnerability in Yubico OTP Incorrect access control in Yubico OTP functionality of the YubiKey hardware tokens along with the Yubico OTP validation server. | 6.5 |
| 2022-03-30 | CVE-2015-3298 | Improper Verification of Cryptographic Signature vulnerability in Yubico Ykneo-Openpgp Yubico ykneo-openpgp before 1.0.10 has a typo in which an invalid PIN can be used. | 5.8 |
| 2021-12-08 | CVE-2021-43399 | Out-of-bounds Write vulnerability in Yubico Yubihsm 2 Software Development KIT The Yubico YubiHSM YubiHSM2 library 2021.08, included in the yubihsm-shell project, does not properly validate the length of some operations including SSH signing requests, and some data operations received from a YubiHSM 2 device. | 7.8 |
| 2021-05-26 | CVE-2021-31924 | Improper Authentication vulnerability in multiple products Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. | 6.8 |
| 2021-05-10 | CVE-2021-32489 | Integer Overflow or Wraparound vulnerability in Yubico Yubihsm-Shell An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3. | 3.5 |
| 2021-04-14 | CVE-2021-28484 | Infinite Loop vulnerability in multiple products An issue was discovered in the /api/connector endpoint handler in Yubico yubihsm-connector before 3.0.1 (in YubiHSM SDK before 2021.04). | 7.5 |
| 2021-03-04 | CVE-2021-27217 | Out-of-bounds Read vulnerability in Yubico Yubihsm-Shell An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3. | 3.5 |
| 2021-01-07 | CVE-2021-3011 | Always-Incorrect Control Flow Implementation vulnerability in multiple products An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrollers and A7x secure authentication microcontrollers, with CryptoLib through v2.9. | 4.2 |