{"vulnerability": "CVE-2020-1266", "sightings": [{"uuid": "b9636f96-3609-4004-a570-1694abbf59f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1266", "type": "seen", "source": "MISP/f5030aca-7d5a-43a4-ae03-8f4ac8e85422", "content": "", "creation_timestamp": "2021-11-08T08:58:18.000000Z"}, {"uuid": "38207a52-65f2-4dc3-a509-efdb4365725a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1266", "type": "seen", "source": "https://t.me/arpsyndicate/1311", "content": "#ExploitObserverAlert\n\nCVE-2020-0986\n\nDESCRIPTION: Exploit Observer has 7 entries related to CVE-2020-0986. An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.\n\nFIRST-EPSS: 0.000560000\nNVD-IS: 5.9\nNVD-ES: 1.8", "creation_timestamp": "2023-12-04T21:36:18.000000Z"}, {"uuid": "ccad81ba-7ef4-4e69-a325-ba62e2987261", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-12662", "type": "seen", "source": "https://t.me/cibsecurity/17446", "content": "\u203c CVE-2020-10772 \u203c\n\nAn incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Vulnerable versions of Unbound could still amplify an incoming query into a large number of queries directed to a target, even with a lower amplification ratio compared to versions of Unbound that shipped before the mentioned erratum. This issue is about the incomplete fix for CVE-2020-12662, and it does not affect upstream versions of Unbound.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-09T07:32:10.000000Z"}, {"uuid": "24e1d702-76b4-4027-b9b0-b09dbabdfb59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-12662", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/1149", "content": "#exploit\nNXNSAttack DNS\nhttps://en.blog.nic.cz/2020/05/19/nxnsattack-upgrade-resolvers-to-stop-new-kind-of-random-subdomain-attack\n\n1. CVE-2020-8616:\nBIND does not sufficiently limit the number of fetches performed when processing referrals\nhttps://kb.isc.org/docs/cve-2020-8616\n\n2. CVE-2020-12663:\nMalformed answers from upstream name servers can be used to make Unbound unresponsive\nhttps://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt\n\n3. CVE-2020-12667:\nKnot Resolver <5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server\nhttps://www.openwall.com/lists/oss-security/2020/05/19/2\n\n4. CVE-2020-10995:\nPowerDNS Recursor 4.1 - 4.3 DoS (Security Advisory)\nhttps://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-01.html", "creation_timestamp": "2024-10-24T04:43:49.000000Z"}, {"uuid": "3d9d9cf6-723a-43d0-83b7-41276410d455", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-12667", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/1149", "content": "#exploit\nNXNSAttack DNS\nhttps://en.blog.nic.cz/2020/05/19/nxnsattack-upgrade-resolvers-to-stop-new-kind-of-random-subdomain-attack\n\n1. CVE-2020-8616:\nBIND does not sufficiently limit the number of fetches performed when processing referrals\nhttps://kb.isc.org/docs/cve-2020-8616\n\n2. CVE-2020-12663:\nMalformed answers from upstream name servers can be used to make Unbound unresponsive\nhttps://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt\n\n3. CVE-2020-12667:\nKnot Resolver <5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server\nhttps://www.openwall.com/lists/oss-security/2020/05/19/2\n\n4. CVE-2020-10995:\nPowerDNS Recursor 4.1 - 4.3 DoS (Security Advisory)\nhttps://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-01.html", "creation_timestamp": "2024-10-24T04:43:49.000000Z"}, {"uuid": "816252d9-e7b7-4160-a613-c7fb6c2a9726", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-12663", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/1149", "content": "#exploit\nNXNSAttack DNS\nhttps://en.blog.nic.cz/2020/05/19/nxnsattack-upgrade-resolvers-to-stop-new-kind-of-random-subdomain-attack\n\n1. CVE-2020-8616:\nBIND does not sufficiently limit the number of fetches performed when processing referrals\nhttps://kb.isc.org/docs/cve-2020-8616\n\n2. CVE-2020-12663:\nMalformed answers from upstream name servers can be used to make Unbound unresponsive\nhttps://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt\n\n3. CVE-2020-12667:\nKnot Resolver <5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server\nhttps://www.openwall.com/lists/oss-security/2020/05/19/2\n\n4. CVE-2020-10995:\nPowerDNS Recursor 4.1 - 4.3 DoS (Security Advisory)\nhttps://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-01.html", "creation_timestamp": "2024-10-24T04:43:49.000000Z"}]}