AVG-1447 log

Package hylafax
Status Vulnerable
Severity Medium
Type privilege escalation
Affected 6.0.7-3
Fixed Unknown
Current 6.0.7-3 [extra]
Ticket FS#69314
Created Wed Jan 13 21:01:03 2021
Issue Severity Remote Type Description
CVE-2020-15397 Medium No Privilege escalation
HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under...
CVE-2020-15396 Medium No Privilege escalation
In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker...