45 matches found
EUVD-2018-6664
Malware in sbrugna...
EUVD-2018-6663
Malware in sbrugna...
Ubuntu 16.04 ESM : Yubico PIV Tool vulnerabilities (USN-4846-1)
The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4846-1 advisory. It was discovered that libykpiv, a supporting library of the Yubico PIV tool and YubiKey PIV Manager, mishandled specially crafted input. An attacker wit...
SUSE CVE-2018-14780
An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function ykpivfetchobject: % highlight c % ifsw == SWSUCCESS sizet outlen; int offs = ykpivgetlengthdata + 1, &outlen; ifoffs == 0 return YKPIVSIZEERROR;...
SUSE CVE-2018-14779
A buffer overflow issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function ykpivtransferdata: % highlight c % ifoutlen + recvlen - 2 maxout fprintfstderr, "Output buffer to small, wanted to write %lu, max was %lu.", outlen +...
Ubuntu: Security Advisory (USN-4846-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2019:1123-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-4846-1: Yubico PIV Tool vulnerabilities
It was discovered that libykpiv, a supporting library of the Yubico PIV tool and YubiKey PIV Manager, mishandled specially crafted input. An attacker with a custom-made, malicious USB device could potentially execute arbitrary code on a computer running the Yubico PIV Tool or Yubikey PIV Manager...
CVE-2020-13131
An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in this library which is included in yubico-piv-tool does not properly check embedded length fields during device communication. A malicious PIV token can misreport the returned length fields during RSA key generation. This will...
Ubuntu 18.04 LTS : Yubico PIV Tool vulnerabilities (USN-4276-1)
The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4276-1 advisory. It was discovered that libykpiv, a supporting library of the Yubico PIV Tool and YubiKey PIV Manager, mishandled specially crafted input. An attacker wit...
Ubuntu: Security Advisory (USN-4276-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-4276-1: Yubico PIV Tool vulnerabilities
It was discovered that libykpiv, a supporting library of the Yubico PIV Tool and YubiKey PIV Manager, mishandled specially crafted input. An attacker with a custom-made, malicious USB device could potentially execute arbitrary code on a computer running the Yubico PIV Tool or Yubikey PIV Manager...
openSUSE: Security Advisory for yubico-piv-tool (openSUSE-SU-2019:1341-1)
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE Security Update : yubico-piv-tool (openSUSE-2019-1341)
This update for yubico-piv-tool fixes the following issues : Security issues fixed : - Fixed an buffer overflow and an out of bounds memory read in ykpivtransferdata, which could be triggered by a malicious token. CVE-2018-14779, bsc1104809, YSA-2018-03 - Fixed an buffer overflow and an out of...
Security update for yubico-piv-tool (low)
openSUSE Security Update: Security update for yubico-piv-tool Announcement ID: openSUSE-SU-2019:1341-1 Rating: low References: 1104809 1104811 Cross-References: CVE-2018-14779 CVE-2018-14780 Affected Products: openSUSE Leap 15.0 An update that fixes two vulnerabilities is now available...
SUSE SLED15 / SLES15 Security Update : yubico-piv-tool (SUSE-SU-2019:1123-1)
This update for yubico-piv-tool fixes the following issues : Security issues fixed : Fixed an buffer overflow and an out of bounds memory read in ykpivtransferdata, which could be triggered by a malicious token. CVE-2018-14779, bsc1104809, YSA-2018-03 Fixed an buffer overflow and an out of bounds...
SUSE-SU-2019:1123-1 Security update for yubico-piv-tool
This update for yubico-piv-tool fixes the following issues: Security issues fixed: - Fixed an buffer overflow and an out of bounds memory read in ykpivtransferdata, which could be triggered by a malicious token. CVE-2018-14779, bsc1104809, YSA-2018-03 - Fixed an buffer overflow and an out of boun...
Fedora 28 : yubico-piv-tool (2018-15da5380b5)
New upstream release fixing YSA-2018-03 1613863 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
openSUSE: Security Advisory for yubico-piv-tool (openSUSE-SU-2018:2623-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE Security Update : yubico-piv-tool (openSUSE-2018-969)
This update for yubico-piv-tool fixes the following issues : Security issues fixed : - CVE-2018-14779: Fixed an buffer overflow and an out of bounds memory read in ykpivtransferdata, which could be triggered by a malicious token. boo1104809, YSA-2018-03 - CVE-2018-14780: Fixed an buffer overflow...