3 matches found
Debian: Security Advisory (DLA-2141-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2141-1] yubikey-val security update
Package : yubikey-val Version : 2.27-1+deb8u1 CVE ID : CVE-2020-10184 CVE-2020-10185 The following CVEs were reported against yubikey-val. CVE-2020-10184 The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a...
CVE-2020-10184
CVE-2020-10184 affects YubiKey Validation Server’s verify endpoint (pre-2.40), allowing remote SQL injection to cause DoS on self-hosted OTP validation services (not YubiCloud). Remediation per sources: upgrade to 2.40+; Debian advisory notes fixed in 2.27-1+deb8u1 for Jessie.