CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-28484
https://notcve.org/view.php?id=CVE-2021-28484
14 Apr 2021 — An issue was discovered in the /api/connector endpoint handler in Yubico yubihsm-connector before 3.0.1 (in YubiHSM SDK before 2021.04). The handler did not validate the length of the request, which can lead to a state where yubihsm-connector becomes stuck in a loop waiting for the YubiHSM to send it data, preventing any further operations until the yubihsm-connector is restarted. An attacker can send 0, 1, or 2 bytes to trigger this. Se detectó un problema en el manejador de endpoint api/connector en Yubic... • https://github.com/Yubico/yubihsm-connector/releases • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-27217
https://notcve.org/view.php?id=CVE-2021-27217
04 Mar 2021 — An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3. The function does not correctly validate the embedded length field of an authenticated message received from the device. Out-of-bounds reads performed by aes_remove_padding() can crash the running process, depending on the memory layout. This could be used by an attacker to cause a client-side denial of service. The yubihsm-shell project is included in the YubiHSM 2 SDK product. • https://blog.inhq.net/posts/yubico-libyubihsm-vuln2 • CWE-125: Out-of-bounds Read •
CVSS: 4.2EPSS: 0%CPEs: 45EXPL: 1CVE-2021-3011
https://notcve.org/view.php?id=CVE-2021-3011
07 Jan 2021 — An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrollers and A7x secure authentication microcontrollers, with CryptoLib through v2.9. It allows attackers to extract the ECDSA private key after extensive physical access (and consequently produce a clone). This was demonstrated on the Google Titan Security Key, based on an NXP A7005a chip. Other FIDO U2F security keys are also impacted (Yubico YubiKey Neo and Feitian K9, K13, K21, and K40) as well as several NXP... • https://ninjalab.io/a-side-journey-to-titan • CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-24388
https://notcve.org/view.php?id=CVE-2020-24388
19 Oct 2020 — An issue was discovered in the _send_secure_msg() function of yubihsm-shell through 2.0.2. The function does not validate the embedded length field of a message received from the device. This could lead to an oversized memcpy() call that will crash the running process. This could be used by an attacker to cause a denial of service. Se detectó un problema en la función _send_secure_msg() de yubihsm-shell versiones hasta 2.0.2. • https://blog.inhq.net/posts/yubico-libyubihsm-vuln • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-24387
https://notcve.org/view.php?id=CVE-2020-24387
19 Oct 2020 — An issue was discovered in the yh_create_session() function of yubihsm-shell through 2.0.2. The function does not explicitly check the returned session id from the device. An invalid session id would lead to out-of-bounds read and write operations in the session array. This could be used by an attacker to cause a denial of service attack. Se detectó un problema en la función yh_create_session() de yubihsm-shell versiones hasta 2.0.2. • https://blog.inhq.net/posts/yubico-libyubihsm-vuln • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 1CVE-2020-15001
https://notcve.org/view.php?id=CVE-2020-15001
09 Jul 2020 — An information leak was discovered on Yubico YubiKey 5 NFC devices 5.0.0 to 5.2.6 and 5.3.0 to 5.3.1. The OTP application allows a user to set optional access codes on OTP slots. This access code is intended to prevent unauthorized changes to OTP configurations. The access code is not checked when updating NFC specific components of the OTP configurations. This may allow an attacker to access configured OTPs and passwords stored in slots that were not configured by the user to be read over NFC, despite a us... • https://www.yubico.com/support/security-advisories/ysa-2020-04 • CWE-862: Missing Authorization •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2020-15000
https://notcve.org/view.php?id=CVE-2020-15000
09 Jul 2020 — A PIN management problem was discovered on Yubico YubiKey 5 devices 5.2.0 to 5.2.6. OpenPGP has three passwords: Admin PIN, Reset Code, and User PIN. The Reset Code is used to reset the User PIN, but it is disabled by default. A flaw in the implementation of OpenPGP sets the Reset Code to a known value upon initialization. If the retry counter for the Reset Code is set to non-zero without changing the Reset Code, this known value can be used to reset the User PIN. • https://www.yubico.com/support/security-advisories/ysa-2020-05 •
CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 1CVE-2020-13132
https://notcve.org/view.php?id=CVE-2020-13132
09 Jul 2020 — An issue was discovered in Yubico libykpiv before 2.1.0. An attacker can trigger an incorrect free() in the ykpiv_util_generate_key() function in lib/util.c through incorrect error handling code. This could be used to cause a denial of service attack. Se detectó un problema en Yubico libykpiv versiones anteriores a 2.1.0. Un atacante puede desencadenar un free() incorrecto en la función ykpiv_util_generate_key() en la biblioteca lib/util.c por medio de un código de manejo de errores incorrecto. • https://blog.inhq.net/posts/yubico-libykpiv-vuln • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2020-13131
https://notcve.org/view.php?id=CVE-2020-13131
09 Jul 2020 — An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in this library (which is included in yubico-piv-tool) does not properly check embedded length fields during device communication. A malicious PIV token can misreport the returned length fields during RSA key generation. This will cause stack memory to be copied into heap allocated memory that gets returned to the caller. The leaked memory could include PINs, passwords, key material, and other sensitive information depending on the integrat... • https://blog.inhq.net/posts/yubico-libykpiv-vuln • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-10184
https://notcve.org/view.php?id=CVE-2020-10184
05 Mar 2020 — The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a denial of service, aka SQL injection. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service; the issue does NOT affect YubiCloud. El endpoint verify en YubiKey Validation Server versiones anteriores a 2.40, no comprueba la longitud de consultas SQL, lo que permite a atacantes remotos causar una denegación... • https://github.com/Yubico/yubikey-val/releases/tag/yubikey-val-2.40 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •