Vulnerabilities > Yubico > High

DATE CVE VULNERABILITY TITLE RISK
2023-08-14 CVE-2023-39908 Out-of-bounds Read vulnerability in Yubico Yubihsm 2 SDK
The PKCS11 module of the YubiHSM 2 SDK through 2023.01 does not properly validate the length of specific read operations on object metadata.
network
low complexity
yubico CWE-125
7.5
2021-12-08 CVE-2021-43399 Out-of-bounds Write vulnerability in Yubico Yubihsm 2 Software Development KIT
The Yubico YubiHSM YubiHSM2 library 2021.08, included in the yubihsm-shell project, does not properly validate the length of some operations including SSH signing requests, and some data operations received from a YubiHSM 2 device.
network
low complexity
yubico CWE-787
7.8
2021-04-14 CVE-2021-28484 Infinite Loop vulnerability in multiple products
An issue was discovered in the /api/connector endpoint handler in Yubico yubihsm-connector before 3.0.1 (in YubiHSM SDK before 2021.04).
network
low complexity
yubico fedoraproject CWE-835
7.5
2020-10-19 CVE-2020-24388 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in the _send_secure_msg() function of yubihsm-shell through 2.0.2.
network
low complexity
yubico fedoraproject CWE-787
7.5
2020-10-19 CVE-2020-24387 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in the yh_create_session() function of yubihsm-shell through 2.0.2.
network
low complexity
yubico fedoraproject CWE-787
7.5
2019-11-26 CVE-2011-4120 Improper Input Validation vulnerability in multiple products
Yubico PAM Module before 2.10 performed user authentication when 'use_first_pass' PAM configuration option was not used and the module was configured as 'sufficient' in the PAM configuration.
network
low complexity
yubico linux debian CWE-20
7.5
2019-06-04 CVE-2019-12209 Link Following vulnerability in Yubico Pam-U2F 1.0.7
Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (default $HOME/.config/Yubico/u2f_keys) as root (unless openasuser was enabled), and does not properly verify that the path lacks symlinks pointing to other files on the system owned by root.
network
low complexity
yubico CWE-59
7.5
2019-03-05 CVE-2019-9578 Use of Uninitialized Resource vulnerability in Yubico Libu2F-Host
In devs.c in Yubico libu2f-host before 1.1.8, the response to init is misparsed, leaking uninitialized stack memory back to the device.
network
low complexity
yubico CWE-908
7.5
2018-08-15 CVE-2018-14779 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Yubico PIV Manager, PIV Tool and Smart Card Minidriver
A buffer overflow issue was discovered in the Yubico-Piv 1.5.0 smartcard driver.
local
low complexity
yubico CWE-119
7.2