Search
Search Results (3 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-45678 | 1 Yubico | 36 Security Key C Nfc By Yubico, Security Key C Nfc By Yubico Firmware, Security Key Nfc By Yubico and 33 more | 2025-03-17 | 4.2 Medium |
| Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack (that requires physical access and expensive equipment) in which an electromagnetic side channel is present because of a non-constant-time modular inversion for the Extended Euclidean Algorithm, aka the EUCLEAK issue. Other uses of an Infineon cryptographic library may also be affected. | ||||
| CVE-2023-39908 | 1 Yubico | 1 Yubihsm 2 Sdk | 2024-11-21 | 7.5 High |
| The PKCS11 module of the YubiHSM 2 SDK through 2023.01 does not properly validate the length of specific read operations on object metadata. This may lead to disclosure of uninitialized and previously used memory. | ||||
| CVE-2021-43399 | 1 Yubico | 1 Yubihsm 2 Software Development Kit | 2024-11-21 | 7.5 High |
| The Yubico YubiHSM YubiHSM2 library 2021.08, included in the yubihsm-shell project, does not properly validate the length of some operations including SSH signing requests, and some data operations received from a YubiHSM 2 device. | ||||
Page 1 of 1.