Ifax

ifax

3 CVEs • 2 products

Products (2)

Click to collapse

Toggle

Hylafax Enterprise

hylafax_enterprise

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-15397 2Hylafax+ Project Ifax 2Hylafax+ Hylafax Enterprise Nov 21, 2024 Jun 30, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the uucp account). This allo...Show more HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the uucp account). This allows these users to execute code in the context of the user calling these binaries (often root).Show less
CVE-2020-15396 4Fedoraproject Hylafax+ ProjectIfax+1 more 5Backports Sle FedoraHylafax++2 more Nov 21, 2024 Jun 30, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root.
CVE-2020-11766 2Avantfax Ifax 2Avantfax Hylafax Nov 21, 2024 May 19, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 sendfax.php in iFAX AvantFAX before 3.3.6 and HylaFAX Enterprise Web Interface before 0.2.5 allows authenticated Command Injection.