Hylafax+ Project

hylafax+_project

2 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Hylafax+

hylafax+

2 CVEs

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-15397 2Hylafax+ Project Ifax 2Hylafax+ Hylafax Enterprise Nov 21, 2024 Jun 30, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the uucp account). This allo...Show more HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the uucp account). This allows these users to execute code in the context of the user calling these binaries (often root).Show less
CVE-2020-15396 4Fedoraproject Hylafax+ ProjectIfax+1 more 5Backports Sle FedoraHylafax++2 more Nov 21, 2024 Jun 30, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root.

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2020-15397

2Hylafax+ Project

Ifax

2Hylafax+

Hylafax Enterprise

Nov 21, 2024

Jun 30, 2020

N/A· v4

7.8 HIGH· v3

7.2 HIGH· v2

HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the uucp account). This allo...Show more

CVE-2020-15396

4Fedoraproject

Hylafax+ ProjectIfax+1 more

5Backports Sle

FedoraHylafax++2 more

Nov 21, 2024

Jun 30, 2020

N/A· v4

7.8 HIGH· v3

7.2 HIGH· v2

In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root.