← Back

Hylafax+

hylafax+

Vendor: Hylafax+ Project • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-15397
2Hylafax+ Project
Ifax
2Hylafax+
Hylafax Enterprise
Nov 21, 2024
Jun 30, 2020
N/A· v4
7.8 HIGH· v3
7.2 HIGH· v2
HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the uucp account). This allo...Show more
HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the uucp account). This allows these users to execute code in the context of the user calling these binaries (often root).Show less
CVE-2020-15396
4Fedoraproject
Hylafax+ ProjectIfax+1 more
5Backports Sle
FedoraHylafax++2 more
Nov 21, 2024
Jun 30, 2020
N/A· v4
7.8 HIGH· v3
7.2 HIGH· v2
In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root.