Vulnerabilities > Yubico

DATE CVE VULNERABILITY TITLE RISK
2019-06-04 CVE-2019-12209 Link Following vulnerability in Yubico Pam-U2F 1.0.7
Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (default $HOME/.config/Yubico/u2f_keys) as root (unless openasuser was enabled), and does not properly verify that the path lacks symlinks pointing to other files on the system owned by root.
network
low complexity
yubico CWE-59
7.5
2019-03-21 CVE-2018-20340 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which could enable a malicious token to exploit a buffer overflow.
low complexity
yubico debian CWE-119
6.8
2019-03-05 CVE-2019-9578 Use of Uninitialized Resource vulnerability in Yubico Libu2F-Host
In devs.c in Yubico libu2f-host before 1.1.8, the response to init is misparsed, leaking uninitialized stack memory back to the device.
network
low complexity
yubico CWE-908
7.5
2018-08-15 CVE-2018-14780 Out-of-bounds Read vulnerability in Yubico PIV Manager, PIV Tool and Smart Card Minidriver
An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver.
low complexity
yubico CWE-125
4.6
2018-08-15 CVE-2018-14779 Out-of-bounds Write vulnerability in Yubico PIV Manager, PIV Tool and Smart Card Minidriver
A buffer overflow issue was discovered in the Yubico-Piv 1.5.0 smartcard driver.
low complexity
yubico CWE-787
6.8
2018-04-04 CVE-2018-9275 Information Exposure vulnerability in Yubico PAM
In check_user_token in util.c in the Yubico PAM module (aka pam_yubico) 2.18 through 2.25, successful logins can leak file descriptors to the auth mapping file, which can lead to information disclosure (serial number of a device) and/or DoS (reaching the maximum number of file descriptors).
network
low complexity
yubico CWE-200
8.2