Vulnerabilities > Yubico > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-11 | CVE-2022-24584 | Incorrect Authorization vulnerability in Yubico OTP Incorrect access control in Yubico OTP functionality of the YubiKey hardware tokens along with the Yubico OTP validation server. | 6.5 |
| 2022-03-30 | CVE-2015-3298 | Improper Verification of Cryptographic Signature vulnerability in Yubico Ykneo-Openpgp Yubico ykneo-openpgp before 1.0.10 has a typo in which an invalid PIN can be used. | 5.8 |
| 2021-05-26 | CVE-2021-31924 | Improper Authentication vulnerability in multiple products Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. | 6.8 |
| 2021-01-07 | CVE-2021-3011 | Always-Incorrect Control Flow Implementation vulnerability in multiple products An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrollers and A7x secure authentication microcontrollers, with CryptoLib through v2.9. | 4.2 |
| 2020-07-09 | CVE-2020-15000 | Unspecified vulnerability in Yubico Yubikey 5 NFC Firmware A PIN management problem was discovered on Yubico YubiKey 5 devices 5.2.0 to 5.2.6. network yubico | 4.3 |
| 2020-03-05 | CVE-2020-10185 | Authentication Bypass by Capture-replay vulnerability in Yubico Yubikey ONE Time Password Validation Server The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. | 6.8 |
| 2020-03-05 | CVE-2020-10184 | SQL Injection vulnerability in Yubico Yubikey ONE Time Password Validation Server The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a denial of service, aka SQL injection. | 5.0 |
| 2019-06-04 | CVE-2019-12210 | Unspecified vulnerability in Yubico Pam-U2F 1.0.7 In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debug_file, that file descriptor is not closed when a new process is spawned. | 5.5 |
| 2019-03-21 | CVE-2018-20340 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which could enable a malicious token to exploit a buffer overflow. | 4.6 |
| 2018-04-04 | CVE-2018-9275 | Information Exposure vulnerability in Yubico PAM In check_user_token in util.c in the Yubico PAM module (aka pam_yubico) 2.18 through 2.25, successful logins can leak file descriptors to the auth mapping file, which can lead to information disclosure (serial number of a device) and/or DoS (reaching the maximum number of file descriptors). | 6.4 |