Ubuntu 16.04 ESM : Yubico PIV Tool vulnerabilities (USN-4846-1)

The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4846-1 advisory. It was discovered that libykpiv, a supporting library of the Yubico PIV tool and YubiKey PIV Manager, mishandled specially crafted input. An attacker wit...

Google Android System elevation of privilege vulnerability (CNVD-2021-14780)

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. An elevation of privilege vulnerability exists in the System component of Google Android 8.1, 9, 10, and 11. No details of the vulnerability are provided at this ti...

CVE-2020-14780

Affected product: Oracle Fusion Middleware BI Publisher (BI Publisher Security) in Oracle BI Publisher/Oracle Analytics Server 5.5, 11.1.1.9.x, 12.2.1.3.x, 12.2.1.4.x. Root cause: unspecified in the summary, but the CVSS 3.1 base score is 7.1 with high confidentiality impact and low integrity imp...

ZOHO ManageEngine Applications Manager Authentication Bypass Vulnerability

ZOHO ManageEngine Application Manager is a set of application monitoring and management system of the United States ZhuoHao ZOHO company. The system is mainly used to monitor server and application performance. A security vulnerability exists in Zoho ManageEngine application Manager versions prio...

SUSE SLED15 / SLES15 Security Update : yubico-piv-tool (SUSE-SU-2019:1123-1)

This update for yubico-piv-tool fixes the following issues : Security issues fixed : Fixed an buffer overflow and an out of bounds memory read in ykpivtransferdata, which could be triggered by a malicious token. CVE-2018-14779, bsc1104809, YSA-2018-03 Fixed an buffer overflow and an out of bounds...

openSUSE: Security Advisory for yubico-piv-tool (openSUSE-SU-2018:2623-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : yubico-piv-tool (openSUSE-2018-969)

This update for yubico-piv-tool fixes the following issues : Security issues fixed : - CVE-2018-14779: Fixed an buffer overflow and an out of bounds memory read in ykpivtransferdata, which could be triggered by a malicious token. boo1104809, YSA-2018-03 - CVE-2018-14780: Fixed an buffer overflow...

Yubico PIV Tool 1.5.0 Buffer Overflow Vulnerability

A buffer overflow and an out of bounds memory read were identified in the yubico-piv-tool-1.5.0, these can be triggered by a malicious token. Multiple Vulnerabilities in Yubico Piv ====================================== Overview - -------- Confirmed Affected Versions: 1.5.0 Confirmed Patched...

CVE-2018-14780

An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function ykpivfetchobject: % highlight c % ifsw == SWSUCCESS sizet outlen; int offs = ykpivgetlengthdata + 1, &outlen; ifoffs == 0 return YKPIVSIZEERROR;...

CVE-2018-14780

The CVE-2018-14780 issue affects the Yubico-PIV library (libykpiv) used by the YubiKey PIV tools. A bounds-check gap in _ykpiv_fetch_object() allows a length value extracted from APDU data to drive memmove without validating it against the actual APDU buffer, enabling a potential out-of-bounds co...

CVE-2017-14780

...