CVE-2020-15397 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Privilege escalation
Description	HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the uucp account). This allows these users to execute code in the context of the user calling these binaries (often root).

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1447	hylafax	6.0.7-4		Medium	Unknown	FS#69314

References
https://sourceforge.net/p/hylafax/HylaFAX+/2534/