Known Vulnerabilities for products from Yubico
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Yubico".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-40947 json | Not Provided | 2026-04-16 | 2026-04-16 | |
| CVE-2023-39908 json | The PKCS11 module of the YubiHSM 2 SDK through 2023.01 does not properly validate the length of specific read operations on o... | 7.5 - HIGH | 2023-08-14 | 2023-08-25 |
| CVE-2022-24584 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.5 - MEDIUM | 2022-05-11 | 2023-11-07 |
| CVE-2021-43399 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2021-12-08 | 2022-04-04 |
| CVE-2021-32489 json | An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3. The function does not corre... | 4.4 - MEDIUM | 2021-05-10 | 2021-05-19 |
| CVE-2021-31924 json | Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could le... | 6.8 - MEDIUM | 2021-05-26 | 2023-11-07 |
| CVE-2021-28484 json | An issue was discovered in the /api/connector endpoint handler in Yubico yubihsm-connector before 3.0.1 (in YubiHSM SDK befor... | 7.5 - HIGH | 2021-04-14 | 2023-11-07 |
| CVE-2021-27217 json | An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3. The function does not corre... | 4.4 - MEDIUM | 2021-03-04 | 2021-03-26 |
| CVE-2021-3011 json | An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrollers and A7x secure authe... | 4.2 - MEDIUM | 2021-01-07 | 2023-07-20 |
| CVE-2020-24388 json | An issue was discovered in the _send_secure_msg() function of yubihsm-shell through 2.0.2. The function does not validate the... | 7.5 - HIGH | 2020-10-19 | 2023-11-07 |
| CVE-2020-24387 json | An issue was discovered in the yh_create_session() function of yubihsm-shell through 2.0.2. The function does not explicitly ... | 7.5 - HIGH | 2020-10-19 | 2023-11-07 |
| CVE-2020-15001 json | An information leak was discovered on Yubico YubiKey 5 NFC devices 5.0.0 to 5.2.6 and 5.3.0 to 5.3.1. The OTP application all... | 5.3 - MEDIUM | 2020-07-09 | 2021-07-21 |
| CVE-2020-15000 json | A PIN management problem was discovered on Yubico YubiKey 5 devices 5.2.0 to 5.2.6. OpenPGP has three passwords: Admin PIN, R... | 5.9 - MEDIUM | 2020-07-09 | 2020-07-21 |
| CVE-2020-13132 json | An issue was discovered in Yubico libykpiv before 2.1.0. An attacker can trigger an incorrect free() in the ykpiv_util_genera... | 4.6 - MEDIUM | 2020-07-09 | 2021-07-21 |
| CVE-2020-13131 json | An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in this library (which is included in yubico-piv-tool) do... | 4.3 - MEDIUM | 2020-07-09 | 2020-07-16 |
| CVE-2020-10185 json | The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is pote... | 8.6 - HIGH | 2020-03-05 | 2020-03-12 |
| CVE-2020-10184 json | The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote at... | 7.5 - HIGH | 2020-03-05 | 2020-03-12 |
| CVE-2019-12210 json | In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debug_file, that file descriptor... | 8.1 - HIGH | 2019-06-04 | 2020-08-24 |
| CVE-2019-12209 json | Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (default $HOME/.config/Yubico/u2f_keys) as root (unless open... | 7.5 - HIGH | 2019-06-04 | 2023-11-07 |
| CVE-2019-9578 json | In devs.c in Yubico libu2f-host before 1.1.8, the response to init is misparsed, leaking uninitialized stack memory back to t... | 7.5 - HIGH | 2019-03-05 | 2023-11-07 |
Known software with vulnerabilities from Yubico
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Yubico | Libu2f-host | 0.0 |
| Application | Yubico | Libykpiv | 2.1.0 |
| Application | Yubico | Pam-u2f | 0.0.0 |
| Application | Yubico | Pam Module | 1.0 |
| Application | Yubico | Piv Manager | 1.0.0 |
| Application | Yubico | Piv Tool | 0.0.1 |
| Application | Yubico | Piv Tool Manager | 2.0.0 |
| Application | Yubico | Smart Card Minidriver | 3.7.0.152 |
| Application | Yubico | Yubihsm-shell | 2.0.0 |
| Application | Yubico | Yubikey One Time Password Validation Server | 1.1 |
| Application | Yubico | Yubikey Smart Card Minidriver | 4.1.0.172 |