Vulnerabilities > Ifax
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-06-30 | CVE-2020-15397 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the uucp account). | 7.8 |
2020-06-30 | CVE-2020-15396 | Race Condition vulnerability in multiple products In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. | 7.8 |
2020-05-19 | CVE-2020-11766 | OS Command Injection vulnerability in multiple products sendfax.php in iFAX AvantFAX before 3.3.6 and HylaFAX Enterprise Web Interface before 0.2.5 allows authenticated Command Injection. | 8.8 |