hylafax

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Fax Server
Version 6.0.7-3 [extra]

Open

Group Affected Fixed Severity Status Ticket
AVG-1447 6.0.7-3 Medium Vulnerable FS#69314
Issue Group Severity Remote Type Description
CVE-2020-15397 AVG-1447 Medium No Privilege escalation
HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under...
CVE-2020-15396 AVG-1447 Medium No Privilege escalation
In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker...