Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8
CVE-2020-15396
- EPSS 0.07%
- Published 30.06.2020 12:15:12
- Last modified 21.11.2024 05:05:29
In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root.
7.8
CVE-2020-15397
- EPSS 0.23%
- Published 30.06.2020 12:15:12
- Last modified 21.11.2024 05:05:29
HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the uucp account). This allows these users to execute code...
1