Lucene search
K

38 matches found

CNVD
CNVD
added 2020/03/09 12:0 a.m.3 views

Yubico YubiKey Validation Server SQL Injection Vulnerability (CNVD-2020-16073)

Yubico YubiKey Validation Server is an authentication server from the Swedish company Yubico. A SQL injection vulnerability exists in YubiKey Validation Server versions prior to 2.40. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based...

7.5CVSS8.2AI score0.01504EPSS
Exploits1References1
CNVD
CNVD
added 2020/03/09 12:0 a.m.3 views

Unspecified Vulnerability in Yubico YubiKey Validation Server

Yubico YubiKey Validation Server is an authentication server from the Swedish company Yubico. A security vulnerability exists in the sync endpoint in YubiKey Validation Server versions prior to 2.40. A remote attacker could exploit the vulnerability to conduct replay attacks using previously used...

8.6CVSS7AI score0.0145EPSS
Exploits1References1
NVD
NVD
added 2020/03/05 11:15 p.m.15 views

CVE-2020-10184

The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a denial of service, aka SQL injection. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service...

7.5CVSS7.9AI score0.01504EPSS
Exploits1References3
NVD
NVD
added 2020/03/05 11:15 p.m.15 views

CVE-2020-10185

The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool; the issue does NOT...

8.6CVSS8.4AI score0.0145EPSS
Exploits1References3
OSV
OSV
added 2020/03/05 11:15 p.m.12 views

CVE-2020-10184

The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a denial of service, aka SQL injection. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service...

7.5CVSS8.6AI score
Exploits0References3
OSV
OSV
added 2020/03/05 11:15 p.m.11 views

CVE-2020-10185

The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool; the issue does NOT...

8.6CVSS8.3AI score
Exploits0References3
OSV
OSV
added 2020/03/05 11:15 p.m.3 views

UBUNTU-CVE-2020-10185

The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool; the issue does NOT...

8.6CVSS5.8AI score0.0145EPSS
Exploits1References5
Prion
Prion
added 2020/03/05 11:15 p.m.17 views

Sql injection

The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a denial of service, aka SQL injection. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service...

5CVSS7.8AI score0.01504EPSS
Exploits1References3Affected Software1
UbuntuCve
UbuntuCve
added 2020/03/05 11:15 p.m.16 views

CVE-2020-10184

The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a denial of service, aka SQL injection. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service...

7.5CVSS7.2AI score0.01504EPSS
Exploits1References4
Prion
Prion
added 2020/03/05 11:15 p.m.12 views

Default configuration

The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool; the issue does NOT...

6.8CVSS8.3AI score0.0145EPSS
Exploits1References3Affected Software1
UbuntuCve
UbuntuCve
added 2020/03/05 11:15 p.m.13 views

CVE-2020-10185

The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool; the issue does NOT...

8.6CVSS7.2AI score0.0145EPSS
Exploits1References4
OSV
OSV
added 2020/03/05 11:15 p.m.2 views

UBUNTU-CVE-2020-10184

The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a denial of service, aka SQL injection. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service...

7.5CVSS5.9AI score0.01504EPSS
Exploits1References5
Cvelist
Cvelist
added 2020/03/05 10:48 p.m.16 views

CVE-2020-10184

The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a denial of service, aka SQL injection. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service...

8.1AI score0.01504EPSS
Exploits1References3
CVE
CVE
added 2020/03/05 10:48 p.m.147 views

CVE-2020-10184

CVE-2020-10184 affects YubiKey Validation Server’s verify endpoint (pre-2.40), allowing remote SQL injection to cause DoS on self-hosted OTP validation services (not YubiCloud). Remediation per sources: upgrade to 2.40+; Debian advisory notes fixed in 2.27-1+deb8u1 for Jessie.

7.5CVSS7.8AI score0.01504EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVE
added 2020/03/05 10:48 p.m.20 views

CVE-2020-10184

Removed by vendor...

7.5CVSS7.5AI score0.01504EPSS
Exploits1
CVE
CVE
added 2020/03/05 10:48 p.m.156 views

CVE-2020-10185

CVE-2020-10185 affects the YubiKey Validation Server (YubiVal) prior to version 2.40. The vulnerability resides in the sync endpoint, which can be abused by remote attackers to replay previously used one-time passwords. This issue does not affect YubiCloud. The Debian/OSS advisories note fixes im...

8.6CVSS8.2AI score0.0145EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVE
added 2020/03/05 10:48 p.m.20 views

CVE-2020-10185

Removed by vendor...

8.6CVSS8.6AI score0.0145EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2015/11/20 12:0 a.m.33 views

Debian DLA-345-1 : strongswan security update

Tobias Brunner found an authentication bypass vulnerability in strongSwan, an IKE/IPsec suite. Due to insufficient validation of its local state the server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin can be tricked into successfully concluding the authentication without...

5CVSS7.4AI score0.02582EPSS
Exploits0References3
Rows per page
Query Builder