2 results (0.004 seconds)

CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1

CVE-2020-15396 – Gentoo Linux Security Advisory 202007-06

https://notcve.org/view.php?id=CVE-2020-15396

30 Jun 2020 — In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root. En HylaFAX+ versiones hasta 7.0.2 y HylaFAX Enterprise, la utilidad de configuración del fax llama chown sobre archivos en directorios propiedad del usuario. Al ganar una carrera, un atacante local podría usar esto para escalar sus privilegios para root Multiple vulnerabilities have been found in HylaFAX,... • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00039.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0

CVE-2020-8024 – Problematic permissions in hylafax+ packaging allow escalation from uucp to other users

https://notcve.org/view.php?id=CVE-2020-8024

29 Jun 2020 — A Incorrect Default Permissions vulnerability in the packaging of hylafax+ of openSUSE Leap 15.2, openSUSE Leap 15.1, openSUSE Factory allows local attackers to escalate from user uucp to users calling hylafax binaries. This issue affects: openSUSE Leap 15.2 hylafax+ versions prior to 7.0.2-lp152.2.1. openSUSE Leap 15.1 hylafax+ version 5.6.1-lp151.3.7 and prior versions. openSUSE Factory hylafax+ versions prior to 7.0.2-2.1. Una vulnerabilidad de Permisos Predeterminados Incorrectos en el paquete de hylafa... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00022.html • CWE-276: Incorrect Default Permissions •