Skip to main content

Hylafax

6 CVEs product

Monthly

CVE-2020-15397 HIGH POC PATCH This Week

HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Hylafax Hylafax Enterprise
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-15396 HIGH POC PATCH This Week

In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Race Condition Privilege Escalation Hylafax Hylafax Enterprise Fedora +2
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-8024 MEDIUM PATCH This Month

A Incorrect Default Permissions vulnerability in the packaging of hylafax+ of openSUSE Leap 15.2, openSUSE Leap 15.1, openSUSE Factory allows local attackers to escalate from user uucp to users. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Hylafax
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2020-11766 HIGH This Week

sendfax.php in iFAX AvantFAX before 3.3.6 and HylaFAX Enterprise Web Interface before 0.2.5 allows authenticated Command Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection PHP Hylafax Avantfax
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2018-17141 CRITICAL POC Act Now

HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute arbitrary code via a dial-in session that provides a FAX page with the JPEG bit enabled, which is mishandled in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Debian Linux Hylafax
NVD
CVSS 3.0
9.8
EPSS
5.6%
CVE-2013-5680 MEDIUM POC THREAT This Month

Heap-based buffer overflow in hfaxd in HylaFAX+ 5.2.4 through 5.5.3, when using LDAP authentication, might allow remote attackers to cause a denial of service (child hang) or execute arbitrary code. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 32.8%.

Denial Of Service RCE Buffer Overflow Hylafax
NVD Exploit-DB VulDB
CVSS 2.0
6.8
EPSS
32.8%
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Hylafax Hylafax Enterprise
NVD
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Race Condition Privilege Escalation Hylafax +4
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

A Incorrect Default Permissions vulnerability in the packaging of hylafax+ of openSUSE Leap 15.2, openSUSE Leap 15.1, openSUSE Factory allows local attackers to escalate from user uucp to users. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Hylafax
NVD
EPSS 2% CVSS 8.8
HIGH This Week

sendfax.php in iFAX AvantFAX before 3.3.6 and HylaFAX Enterprise Web Interface before 0.2.5 allows authenticated Command Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection PHP Hylafax +1
NVD
EPSS 6% CVSS 9.8
CRITICAL POC Act Now

HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute arbitrary code via a dial-in session that provides a FAX page with the JPEG bit enabled, which is mishandled in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow +2
NVD
EPSS 33% CVSS 6.8
MEDIUM POC THREAT This Month

Heap-based buffer overflow in hfaxd in HylaFAX+ 5.2.4 through 5.5.3, when using LDAP authentication, might allow remote attackers to cause a denial of service (child hang) or execute arbitrary code. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 32.8%.

Denial Of Service RCE Buffer Overflow +1
NVD Exploit-DB VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy