hylafax

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	Unknown
Version	Removed

Open

Group	Affected	Fixed	Severity	Status	Ticket
AVG-1447	6.0.7-4		Medium	Unknown	FS#69314

Issue	Group	Severity	Remote	Type	Description
CVE-2020-15397	AVG-1447	Medium	No	Privilege escalation	HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under...
CVE-2020-15396	AVG-1447	Medium	No	Privilege escalation	In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker...

Issue

Group

Severity

Remote

Type

Description

CVE-2020-15397

AVG-1447

Medium

Privilege escalation

HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under...

CVE-2020-15396

AVG-1447

Medium

Privilege escalation

In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker...