Vulnerabilities > Yubico > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-09-03 CVE-2024-45678 Information Exposure Through Discrepancy vulnerability in Yubico products
Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack (that requires physical access and expensive equipment) in which an electromagnetic side channel is present because of a non-constant-time modular inversion for the Extended Euclidean Algorithm, aka the EUCLEAK issue.
high complexity
yubico CWE-203
4.2
2022-05-11 CVE-2022-24584 Incorrect Authorization vulnerability in Yubico OTP
Incorrect access control in Yubico OTP functionality of the YubiKey hardware tokens along with the Yubico OTP validation server.
network
low complexity
yubico CWE-863
6.5
2021-05-26 CVE-2021-31924 Improper Authentication vulnerability in multiple products
Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass.
low complexity
yubico fedoraproject CWE-287
6.8
2021-05-10 CVE-2021-32489 Integer Overflow or Wraparound vulnerability in Yubico Yubihsm-Shell
An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3.
network
high complexity
yubico CWE-190
4.4
2021-03-04 CVE-2021-27217 Out-of-bounds Read vulnerability in Yubico Yubihsm-Shell
An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3.
network
high complexity
yubico CWE-125
4.4
2021-01-07 CVE-2021-3011 Always-Incorrect Control Flow Implementation vulnerability in multiple products
An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrollers and A7x secure authentication microcontrollers, with CryptoLib through v2.9.
high complexity
yubico nxp ftsafe google CWE-670
4.2
2020-07-09 CVE-2020-15001 Missing Authorization vulnerability in Yubico Yubikey 5 NFC Firmware
An information leak was discovered on Yubico YubiKey 5 NFC devices 5.0.0 to 5.2.6 and 5.3.0 to 5.3.1.
high complexity
yubico CWE-862
5.3
2020-07-09 CVE-2020-15000 Unspecified vulnerability in Yubico Yubikey 5 NFC Firmware 5.2.0/5.2.6
A PIN management problem was discovered on Yubico YubiKey 5 devices 5.2.0 to 5.2.6.
network
high complexity
yubico
5.9
2020-07-09 CVE-2020-13132 Release of Invalid Pointer or Reference vulnerability in Yubico products
An issue was discovered in Yubico libykpiv before 2.1.0.
low complexity
yubico CWE-763
4.6
2020-07-09 CVE-2020-13131 Out-of-bounds Read vulnerability in Yubico products
An issue was discovered in Yubico libykpiv before 2.1.0.
low complexity
yubico CWE-125
4.3