Vulnerabilities > Yubico

DATE CVE VULNERABILITY TITLE RISK
2020-10-19 CVE-2020-24388 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in the _send_secure_msg() function of yubihsm-shell through 2.0.2.
network
low complexity
yubico fedoraproject CWE-787
7.5
2020-10-19 CVE-2020-24387 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in the yh_create_session() function of yubihsm-shell through 2.0.2.
network
low complexity
yubico fedoraproject CWE-787
7.5
2020-07-09 CVE-2020-15001 Missing Authorization vulnerability in Yubico Yubikey 5 NFC Firmware
An information leak was discovered on Yubico YubiKey 5 NFC devices 5.0.0 to 5.2.6 and 5.3.0 to 5.3.1.
high complexity
yubico CWE-862
5.3
2020-07-09 CVE-2020-15000 Unspecified vulnerability in Yubico Yubikey 5 NFC Firmware 5.2.0/5.2.6
A PIN management problem was discovered on Yubico YubiKey 5 devices 5.2.0 to 5.2.6.
network
high complexity
yubico
5.9
2020-07-09 CVE-2020-13132 Release of Invalid Pointer or Reference vulnerability in Yubico products
An issue was discovered in Yubico libykpiv before 2.1.0.
low complexity
yubico CWE-763
4.6
2020-07-09 CVE-2020-13131 Out-of-bounds Read vulnerability in Yubico products
An issue was discovered in Yubico libykpiv before 2.1.0.
low complexity
yubico CWE-125
4.3
2020-03-05 CVE-2020-10185 Authentication Bypass by Capture-replay vulnerability in Yubico Yubikey ONE Time Password Validation Server
The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP.
network
low complexity
yubico CWE-294
8.6
2020-03-05 CVE-2020-10184 SQL Injection vulnerability in Yubico Yubikey ONE Time Password Validation Server
The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a denial of service, aka SQL injection.
network
low complexity
yubico CWE-89
7.5
2019-11-26 CVE-2011-4120 Improper Input Validation vulnerability in multiple products
Yubico PAM Module before 2.10 performed user authentication when 'use_first_pass' PAM configuration option was not used and the module was configured as 'sufficient' in the PAM configuration.
network
low complexity
yubico debian CWE-20
critical
9.8
2019-06-04 CVE-2019-12210 Unspecified vulnerability in Yubico Pam-U2F 1.0.7
In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debug_file, that file descriptor is not closed when a new process is spawned.
network
low complexity
yubico
8.1