VYPR

rpm package

opensuse/hylafax+&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/hylafax+&distro=openSUSE%20Tumbleweed

Vulnerabilities (4)

  • CVE-2020-15397Jun 30, 2020
    affected < 7.0.3-5.1fixed 7.0.3-5.1

    HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the uucp account). This allows these users to execute code in the context of the user ca

  • CVE-2020-15396Jun 30, 2020
    affected < 7.0.3-5.1fixed 7.0.3-5.1

    In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root.

  • CVE-2020-8024Jun 29, 2020
    affected < 7.0.3-5.1fixed 7.0.3-5.1

    A Incorrect Default Permissions vulnerability in the packaging of hylafax+ of openSUSE Leap 15.2, openSUSE Leap 15.1, openSUSE Factory allows local attackers to escalate from user uucp to users calling hylafax binaries. This issue affects: openSUSE Leap 15.2 hylafax+ versions pri

  • CVE-2018-17141CriSep 21, 2018
    affected < 7.0.3-5.1fixed 7.0.3-5.1

    HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute arbitrary code via a dial-in session that provides a FAX page with the JPEG bit enabled, which is mishandled in FaxModem::writeECMData() in the faxd/CopyQuality.c++ file.