Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
yubico yubihsm-shell vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2021-43399
The Yubico YubiHSM YubiHSM2 library 2021.08, included in the yubihsm-shell project, does not properly validate the length of some operations including SSH signing requests, and some data operations received from a YubiHSM 2 device.
Yubico Yubihsm 2 Software Development Kit
4.4
CVSSv3
CVE-2021-32489
An issue exists in the _send_secure_msg() function of Yubico yubihsm-shell up to and including 2.0.3. The function does not correctly validate the embedded length field of an authenticated message received from the device because response_msg.st.len=8 can be accepted but triggers...
4.4
CVSSv3
CVE-2021-27217
An issue exists in the _send_secure_msg() function of Yubico yubihsm-shell up to and including 2.0.3. The function does not correctly validate the embedded length field of an authenticated message received from the device. Out-of-bounds reads performed by aes_remove_padding() can...
Yubico Yubihsm-shell
7.5
CVSSv3
CVE-2020-24388
An issue exists in the _send_secure_msg() function of yubihsm-shell up to and including 2.0.2. The function does not validate the embedded length field of a message received from the device. This could lead to an oversized memcpy() call that will crash the running process. This c...
Yubico Yubihsm-shell
Fedoraproject Fedora 33
7.5
CVSSv3
CVE-2020-24387
An issue exists in the yh_create_session() function of yubihsm-shell up to and including 2.0.2. The function does not explicitly check the returned session id from the device. An invalid session id would lead to out-of-bounds read and write operations in the session array. This c...
Yubico Yubihsm-shell
Fedoraproject Fedora 33
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started