79 matches found
Yubico YubiHSM 2 SDK YubiHSM Shell 2.4.0 Uninitialized Memory Read (YSA-2023-01)
The version of Yubico YubiHSM Shell, a component of YubiHSM 2 SDK, installed on the remote host is 2.4.0. It is, therefore, affected by an uninitlized memory read vulnerability: - The PKCS11 module of the YubiHSM 2 SDK through 2023.01 does not properly validate the length of specific read...
EUVD-2021-13982
Malware in sbrugna...
EUVD-2021-19335
Malware in sbrugna...
EUVD-2020-17119
Malware in sbrugna...
EUVD-2020-17120
Malware in sbrugna...
EUVD-2023-43608
Malicious code in bioql PyPI...
EUVD-2021-30334
Malicious code in bioql PyPI...
EUVD-2024-41550
Malicious code in bioql PyPI...
EUVD-2022-0921
Malicious code in bioql PyPI...
CVE-2024-45678
Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack that requires physical access and expensive equipment in which an electromagnetic side channel is present because of a non-constant-time modular...
CVE-2023-39908
The PKCS11 module of the YubiHSM 2 SDK through 2023.01 does not properly validate the length of specific read operations on object metadata. This may lead to disclosure of uninitialized and previously used memory...
CVE-2021-32489
An issue was discovered in the sendsecuremsg function of Yubico yubihsm-shell through 2.0.3. The function does not correctly validate the embedded length field of an authenticated message received from the device because responsemsg.st.len=8 can be accepted but triggers an integer overflow, which...
CVE-2021-27217
An issue was discovered in the sendsecuremsg function of Yubico yubihsm-shell through 2.0.3. The function does not correctly validate the embedded length field of an authenticated message received from the device. Out-of-bounds reads performed by aesremovepadding can crash the running process,...
CVE-2024-45678
Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack that requires physical access and expensive equipment in which an electromagnetic side channel is present because of a non-constant-time modular...
CVE-2024-45678
Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack that requires physical access and expensive equipment in which an electromagnetic side channel is present because of a non-constant-time modular...
CVE-2024-45678
Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack that requires physical access and expensive equipment in which an electromagnetic side channel is present because of a non-constant-time modular...
Yubico YubiKey 5 安全漏洞
Yubico YubiKey 5 is a multi-protocol secure secret key device from Yubico. A security vulnerability exists in Yubico YubiKey 5 versions prior to 5.7.0 and YubiHSM 2 versions prior to 2.4.0, which stems from an electromagnetic side channel due to a non-constant time modulo inversion in the Extende...
CVE-2024-45678
Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack that requires physical access and expensive equipment in which an electromagnetic side channel is present because of a non-constant-time modular...
PT-2024-31724
Name of the Vulnerable Software and Affected Versions: Yubico YubiKey 5 Series devices with firmware before 5.7.0 YubiHSM 2 devices with firmware before 2.4.0 Description: The issue allows an ECDSA secret-key extraction attack that requires physical access and expensive equipment. This attack is...
CVE-2024-45678
The CVE-2024-45678 EYCL EAK issue affects Yubico YubiKey 5 Series firmware < 5.7.0 and YubiHSM 2 firmware