Vulnerabilities > Yubico > PAM U2F > High

DATE CVE VULNERABILITY TITLE RISK
2019-06-04 CVE-2019-12210 Unspecified vulnerability in Yubico Pam-U2F 1.0.7
In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debug_file, that file descriptor is not closed when a new process is spawned.
network
low complexity
yubico
8.1
2019-06-04 CVE-2019-12209 Link Following vulnerability in Yubico Pam-U2F 1.0.7
Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (default $HOME/.config/Yubico/u2f_keys) as root (unless openasuser was enabled), and does not properly verify that the path lacks symlinks pointing to other files on the system owned by root.
network
low complexity
yubico CWE-59
7.5