Vulnerabilities > Yubico

DATE CVE VULNERABILITY TITLE RISK
2019-03-21 CVE-2018-20340 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which could enable a malicious token to exploit a buffer overflow.
local
low complexity
yubico debian CWE-119
4.6
2019-03-05 CVE-2019-9578 Use of Uninitialized Resource vulnerability in Yubico Libu2F-Host
In devs.c in Yubico libu2f-host before 1.1.8, the response to init is misparsed, leaking uninitialized stack memory back to the device.
network
low complexity
yubico CWE-908
7.5
2018-08-15 CVE-2018-14780 Out-of-bounds Read vulnerability in Yubico PIV Manager, PIV Tool and Smart Card Minidriver
An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver.
local
low complexity
yubico CWE-125
2.1
2018-08-15 CVE-2018-14779 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Yubico PIV Manager, PIV Tool and Smart Card Minidriver
A buffer overflow issue was discovered in the Yubico-Piv 1.5.0 smartcard driver.
local
low complexity
yubico CWE-119
7.2
2018-04-04 CVE-2018-9275 Information Exposure vulnerability in Yubico PAM
In check_user_token in util.c in the Yubico PAM module (aka pam_yubico) 2.18 through 2.25, successful logins can leak file descriptors to the auth mapping file, which can lead to information disclosure (serial number of a device) and/or DoS (reaching the maximum number of file descriptors).
network
low complexity
yubico CWE-200
6.4