Vulnerabilities > Yubico > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-14 | CVE-2023-39908 | Out-of-bounds Read vulnerability in Yubico Yubihsm 2 SDK The PKCS11 module of the YubiHSM 2 SDK through 2023.01 does not properly validate the length of specific read operations on object metadata. | 7.5 |
| 2021-12-08 | CVE-2021-43399 | Out-of-bounds Write vulnerability in Yubico Yubihsm 2 Software Development KIT The Yubico YubiHSM YubiHSM2 library 2021.08, included in the yubihsm-shell project, does not properly validate the length of some operations including SSH signing requests, and some data operations received from a YubiHSM 2 device. | 7.8 |
| 2021-04-14 | CVE-2021-28484 | Infinite Loop vulnerability in multiple products An issue was discovered in the /api/connector endpoint handler in Yubico yubihsm-connector before 3.0.1 (in YubiHSM SDK before 2021.04). | 7.5 |
| 2020-10-19 | CVE-2020-24388 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in the _send_secure_msg() function of yubihsm-shell through 2.0.2. | 7.5 |
| 2020-10-19 | CVE-2020-24387 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in the yh_create_session() function of yubihsm-shell through 2.0.2. | 7.5 |
| 2019-11-26 | CVE-2011-4120 | Improper Input Validation vulnerability in multiple products Yubico PAM Module before 2.10 performed user authentication when 'use_first_pass' PAM configuration option was not used and the module was configured as 'sufficient' in the PAM configuration. | 7.5 |
| 2019-06-04 | CVE-2019-12209 | Link Following vulnerability in Yubico Pam-U2F 1.0.7 Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (default $HOME/.config/Yubico/u2f_keys) as root (unless openasuser was enabled), and does not properly verify that the path lacks symlinks pointing to other files on the system owned by root. | 7.5 |
| 2019-03-05 | CVE-2019-9578 | Use of Uninitialized Resource vulnerability in Yubico Libu2F-Host In devs.c in Yubico libu2f-host before 1.1.8, the response to init is misparsed, leaking uninitialized stack memory back to the device. | 7.5 |
| 2018-08-15 | CVE-2018-14779 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Yubico PIV Manager, PIV Tool and Smart Card Minidriver A buffer overflow issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. | 7.2 |