HylaFAX+ Project HylaFAX+ 5.2.1

CPE Details

HylaFAX+ Project HylaFAX+ 5.2.1
hylafax\+_project
hylafax\+
5.2.1
2020-08-17
10h34 +00:00
2020-08-17
10h34 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:hylafax\+_project:hylafax\+:5.2.1:*:*:*:*:*:*:*

Informations

Vendor

hylafax\+_project

Product

hylafax\+

Version

5.2.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2020-15397 2020-06-30 09h17 +00:00 HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the uucp account). This allows these users to execute code in the context of the user calling these binaries (often root).
7.8
High
CVE-2020-15396 2020-06-30 09h17 +00:00 In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root.
7.8
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.