CVE-2020-8015

by JeremyUncategorizedPosted on Comments are Disabled

A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: openSUSE Factory exim versions prior to 4.93.0.4-3.1.

CVE-2020-8015

by JeremyUncategorizedPosted on Comments are Disabled

A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: openSUSE Factory exim versions prior to 4.93.0.4-3.1.

CVE-2020-1927

by JeremyUncategorizedPosted on Comments are Disabled

In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.

CVE-2020-1927

by JeremyUncategorizedPosted on Comments are Disabled

In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.

CVE-2020-1927

by JeremyUncategorizedPosted on Comments are Disabled

In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.

CVE-2020-1927

by JeremyUncategorizedPosted on Comments are Disabled

In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.

CVE-2020-1927

by JeremyUncategorizedPosted on Comments are Disabled

In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.

CVE-2020-8145

by JeremyUncategorizedPosted on Comments are Disabled

The UniFi Video Server (Windows) web interface configuration restore functionality at the “backupâ€� and “wizardâ€� endpoints does not implement sufficient privilege checks. Low privileged users, belonging to the PUBLIC_GROUP or CUSTOM_GROUP groups, can access these endpoints and overwrite the current application configuration. This can be abused for various purposes, including adding new administrative users. Affected …

Read more “CVE-2020-8145”

CVE-2020-8145

by JeremyUncategorizedPosted on Comments are Disabled

The UniFi Video Server (Windows) web interface configuration restore functionality at the “backupâ€� and “wizardâ€� endpoints does not implement sufficient privilege checks. Low privileged users, belonging to the PUBLIC_GROUP or CUSTOM_GROUP groups, can access these endpoints and overwrite the current application configuration. This can be abused for various purposes, including adding new administrative users. Affected …

Read more “CVE-2020-8145”

CVE-2020-8145

by JeremyUncategorizedPosted on Comments are Disabled

The UniFi Video Server (Windows) web interface configuration restore functionality at the “backupâ€� and “wizardâ€� endpoints does not implement sufficient privilege checks. Low privileged users, belonging to the PUBLIC_GROUP or CUSTOM_GROUP groups, can access these endpoints and overwrite the current application configuration. This can be abused for various purposes, including adding new administrative users. Affected …

Read more “CVE-2020-8145”