Vulnerabilities > Yubico
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-19 | CVE-2020-24388 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in the _send_secure_msg() function of yubihsm-shell through 2.0.2. | 7.5 |
| 2020-10-19 | CVE-2020-24387 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in the yh_create_session() function of yubihsm-shell through 2.0.2. | 7.5 |
| 2020-07-09 | CVE-2020-15001 | Information Exposure vulnerability in Yubico Yubikey 5 NFC Firmware An information leak was discovered on Yubico YubiKey 5 NFC devices 5.0.0 to 5.2.6 and 5.3.0 to 5.3.1. | 2.9 |
| 2020-07-09 | CVE-2020-15000 | Unspecified vulnerability in Yubico Yubikey 5 NFC Firmware A PIN management problem was discovered on Yubico YubiKey 5 devices 5.2.0 to 5.2.6. network yubico | 4.3 |
| 2020-07-09 | CVE-2020-13132 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Yubico products An issue was discovered in Yubico libykpiv before 2.1.0. | 2.1 |
| 2020-07-09 | CVE-2020-13131 | Out-of-bounds Read vulnerability in Yubico products An issue was discovered in Yubico libykpiv before 2.1.0. | 1.9 |
| 2020-03-05 | CVE-2020-10185 | Authentication Bypass by Capture-replay vulnerability in Yubico Yubikey ONE Time Password Validation Server The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. | 6.8 |
| 2020-03-05 | CVE-2020-10184 | SQL Injection vulnerability in Yubico Yubikey ONE Time Password Validation Server The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a denial of service, aka SQL injection. | 5.0 |
| 2019-11-26 | CVE-2011-4120 | Improper Input Validation vulnerability in multiple products Yubico PAM Module before 2.10 performed user authentication when 'use_first_pass' PAM configuration option was not used and the module was configured as 'sufficient' in the PAM configuration. | 7.5 |
| 2019-06-04 | CVE-2019-12210 | Unspecified vulnerability in Yubico Pam-U2F 1.0.7 In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debug_file, that file descriptor is not closed when a new process is spawned. | 5.5 |