Vulnerabilities > Yubico

DATE CVE VULNERABILITY TITLE RISK
2022-05-11 CVE-2022-24584 Incorrect Authorization vulnerability in Yubico OTP
** DISPUTED ** Incorrect access control in Yubico OTP functionality of the YubiKey hardware tokens along with the Yubico OTP validation server.
network
low complexity
yubico CWE-863
4.0
2022-03-30 CVE-2015-3298 Improper Verification of Cryptographic Signature vulnerability in Yubico Ykneo-Openpgp
Yubico ykneo-openpgp before 1.0.10 has a typo in which an invalid PIN can be used.
low complexity
yubico CWE-347
5.8
2021-12-08 CVE-2021-43399 Out-of-bounds Write vulnerability in Yubico Yubihsm 2 Software Development KIT
The Yubico YubiHSM YubiHSM2 library 2021.08, included in the yubihsm-shell project, does not properly validate the length of some operations including SSH signing requests, and some data operations received from a YubiHSM 2 device.
network
low complexity
yubico CWE-787
7.8
2021-05-26 CVE-2021-31924 Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass.
local
low complexity
yubico fedoraproject
4.6
2021-05-10 CVE-2021-32489 Integer Overflow or Wraparound vulnerability in Yubico Yubihsm-Shell
An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3.
network
yubico CWE-190
3.5
2021-04-14 CVE-2021-28484 Infinite Loop vulnerability in multiple products
An issue was discovered in the /api/connector endpoint handler in Yubico yubihsm-connector before 3.0.1 (in YubiHSM SDK before 2021.04).
network
low complexity
yubico fedoraproject CWE-835
5.0
2021-03-04 CVE-2021-27217 Out-of-bounds Read vulnerability in Yubico Yubihsm-Shell
An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3.
network
yubico CWE-125
3.5
2021-01-07 CVE-2021-3011 Information Exposure Through Discrepancy vulnerability in multiple products
An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrollers and A7x secure authentication microcontrollers, with CryptoLib through v2.9.
1.9
2020-10-19 CVE-2020-24388 Improper Input Validation vulnerability in multiple products
An issue was discovered in the _send_secure_msg() function of yubihsm-shell through 2.0.2.
network
low complexity
yubico fedoraproject CWE-20
5.0
2020-10-19 CVE-2020-24387 Insufficient Session Expiration vulnerability in multiple products
An issue was discovered in the yh_create_session() function of yubihsm-shell through 2.0.2.
network
low complexity
yubico fedoraproject CWE-613
5.0