Known Vulnerabilities for products from Yubico
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Yubico".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-24584 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.5 - MEDIUM | 2022-05-11 | 2023-11-07 |
| CVE-2021-43399 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2021-12-08 | 2022-04-04 |
| CVE-2021-32489 | An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3. The function does not corre... | 4.4 - MEDIUM | 2021-05-10 | 2021-05-19 |
| CVE-2021-31924 | Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could le... | 6.8 - MEDIUM | 2021-05-26 | 2023-11-07 |
| CVE-2021-28484 | An issue was discovered in the /api/connector endpoint handler in Yubico yubihsm-connector before 3.0.1 (in YubiHSM SDK befor... | 7.5 - HIGH | 2021-04-14 | 2023-11-07 |
| CVE-2021-27217 | An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3. The function does not corre... | 4.4 - MEDIUM | 2021-03-04 | 2021-03-26 |
| CVE-2021-3011 | An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrollers and A7x secure authe... | 4.2 - MEDIUM | 2021-01-07 | 2023-07-20 |
| CVE-2020-24388 | An issue was discovered in the _send_secure_msg() function of yubihsm-shell through 2.0.2. The function does not validate the... | 7.5 - HIGH | 2020-10-19 | 2023-11-07 |
| CVE-2020-24387 | An issue was discovered in the yh_create_session() function of yubihsm-shell through 2.0.2. The function does not explicitly ... | 7.5 - HIGH | 2020-10-19 | 2023-11-07 |
| CVE-2020-15001 | An information leak was discovered on Yubico YubiKey 5 NFC devices 5.0.0 to 5.2.6 and 5.3.0 to 5.3.1. The OTP application all... | 5.3 - MEDIUM | 2020-07-09 | 2021-07-21 |
| CVE-2020-15000 | A PIN management problem was discovered on Yubico YubiKey 5 devices 5.2.0 to 5.2.6. OpenPGP has three passwords: Admin PIN, R... | 5.9 - MEDIUM | 2020-07-09 | 2020-07-21 |
| CVE-2020-13132 | An issue was discovered in Yubico libykpiv before 2.1.0. An attacker can trigger an incorrect free() in the ykpiv_util_genera... | 4.6 - MEDIUM | 2020-07-09 | 2021-07-21 |
| CVE-2020-13131 | An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in this library (which is included in yubico-piv-tool) do... | 4.3 - MEDIUM | 2020-07-09 | 2020-07-16 |
| CVE-2020-10185 | The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is pote... | 8.6 - HIGH | 2020-03-05 | 2020-03-12 |
| CVE-2020-10184 | The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote at... | 7.5 - HIGH | 2020-03-05 | 2020-03-12 |
| CVE-2019-12210 | In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debug_file, that file descriptor... | 8.1 - HIGH | 2019-06-04 | 2020-08-24 |
| CVE-2019-12209 | Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (default $HOME/.config/Yubico/u2f_keys) as root (unless open... | 7.5 - HIGH | 2019-06-04 | 2023-11-07 |
| CVE-2019-9578 | In devs.c in Yubico libu2f-host before 1.1.8, the response to init is misparsed, leaking uninitialized stack memory back to t... | 7.5 - HIGH | 2019-03-05 | 2023-11-07 |
| CVE-2018-20340 | Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which could enable a malicious token to exploit a buffer overf... | 6.8 - MEDIUM | 2019-03-21 | 2019-12-05 |
| CVE-2018-14780 | An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the follow... | 4.6 - MEDIUM | 2018-08-15 | 2020-02-25 |
Known software with vulnerabilities from Yubico
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Yubico | Libu2f-host | 0.0 |
| Application | Yubico | Libykpiv | 2.1.0 |
| Application | Yubico | Pam Module | 1.0 |
| Application | Yubico | Pam-u2f | 0.0.0 |
| Application | Yubico | Piv Manager | 1.0.0 |
| Application | Yubico | Piv Tool | 0.0.1 |
| Application | Yubico | Piv Tool Manager | 2.0.0 |
| Application | Yubico | Smart Card Minidriver | 3.7.0.152 |
| Application | Yubico | Yubihsm-shell | 2.0.0 |
| Application | Yubico | Yubikey One Time Password Validation Server | 1.1 |
| Application | Yubico | Yubikey Smart Card Minidriver | 4.1.0.172 |