136 matches found
CVE-2026-40947
Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path...
SUSE CVE-2026-40947
Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path...
CVE-2026-40947
Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path...
CVE-2026-40947
Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path...
Yubico多款产品 安全漏洞
Libfido2 and others are products open-sourced by Yubico. Libfido2 is a FIDO device communication library. Python-Fido2 is a library for implementing FIDO2 protocol clients and servers. YubiKey-Manager is a configuration management tool for YubiKeys. Several Yubico products have security...
CVE-2026-40947
Affected software components are Yubico libfido2 (before 1.17.0), python-fido2 (before 2.2.0), and yubikey-manager (before 5.9.1). The issue is an unintended DLL search path, as described in CVE-2026-40947. The CVSS vector is CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N, with a base score of 2.9 ...
CVE-2026-40947
Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path...
CVE-2026-40947
Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path...
CVE-2026-40947
Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path...
CVE-2026-40947
Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path...
PT-2026-33184
Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path...
fido2-lib is vulnerable to DoS via cbor-extract heap buffer over-read in CBOR attestation parsing
Summary fido2-lib v3.x depends on cbor-x 1.6.0, which optionally pulls in cbor-extract C++ native addon. cbor-extract = 2.2.0 has a heap buffer over-read in extractStrings — a 5-byte CBOR payload crashes Node.js with SIGSEGV. No JS exception, no try/catch, process dead. The crash triggers during...
GHSA-G3QJ-J598-CXMQ fido2-lib is vulnerable to DoS via cbor-extract heap buffer over-read in CBOR attestation parsing
Summary fido2-lib v3.x depends on cbor-x 1.6.0, which optionally pulls in cbor-extract C++ native addon. cbor-extract = 2.2.0 has a heap buffer over-read in extractStrings — a 5-byte CBOR payload crashes Node.js with SIGSEGV. No JS exception, no try/catch, process dead. The crash triggers during...
YSA-2026-01 | Yubico
Security updates which resolve a DLL search path vulnerability on Windows are available for three Yubico open source software projects: libfido2, YubiKey Manager, and python-fido2. If an attacker is able to place a malicious file in the directory where the affected software or Python is installed...
EUVD-2021-22989
Malware in sbrugna...
EUVD-2020-19727
Malware in sbrugna...
EUVD-2021-18797
Malware in sbrugna...
EUVD-2021-1997
Malware in sbrugna...
EUVD-2023-53212
Malicious code in bioql PyPI...
EUVD-2021-27982
Malicious code in bioql PyPI...