Vulnerabilities > Ifax

DATE CVE VULNERABILITY TITLE RISK
2020-06-30 CVE-2020-15397 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the uucp account).
local
low complexity
hylafax-project ifax CWE-732
7.8
2020-06-30 CVE-2020-15396 Race Condition vulnerability in multiple products
In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories.
7.8
2020-05-19 CVE-2020-11766 OS Command Injection vulnerability in multiple products
sendfax.php in iFAX AvantFAX before 3.3.6 and HylaFAX Enterprise Web Interface before 0.2.5 allows authenticated Command Injection.
network
low complexity
ifax avantfax CWE-78
8.8