{"vulnerability": "CVE-2020-1381", "sightings": [{"uuid": "0edbf4e3-9217-4ce9-ade4-a4a39a3fc4b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2020-13817", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "e0b31af3-ff7f-4b7f-b799-cc6949474dc1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13817", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14933", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2020-13817\n\ud83d\udd25 CVSS Score: 5.9 (cvssV3_0, Vector: CVSS:3.0/AC:H/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N)\n\ud83d\udd39 Description: ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.\n\ud83d\udccf Published: 2020-06-04T12:31:55.000Z\n\ud83d\udccf Modified: 2025-05-05T17:07:58.872Z\n\ud83d\udd17 References:\n1. http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html\n2. http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html\n3. https://security.gentoo.org/glsa/202007-12\n4. https://www.oracle.com/security-alerts/cpujan2022.html\n5. http://support.ntp.org/bin/view/Main/NtpBug3596\n6. https://bugs.ntp.org/show_bug.cgi?id=3596\n7. https://security.netapp.com/advisory/ntap-20200625-0004/", "creation_timestamp": "2025-05-05T17:20:22.000000Z"}, {"uuid": "58b384b1-d4bf-4872-8df5-9656868fc8a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1381", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/3299", "content": "#Threat_Research\n1. Privilege Escalation Via a UaF Vulnerability in win32k (PoC for CVE-2021-26900, CVE-2020-1381)\nhttps://www.zerodayinitiative.com/blog/2021/5/3/cve-2021-26900-privilege-escalation-via-a-use-after-free-vulnerability-in-win32k\n2. Authentication bypass flaw affects HPE Edgeline Infrastructure Manager (EIM) ver.1.21\nhttps://securityaffairs.co/wordpress/117513/security/hpe-edgeline-infrastructure-manager-flaw.html\n3. Anatomy of a Java Bytecode Exploit\nhttps://blog.polybdenum.com/2021/05/05/how-i-hacked-google-app-engine-anatomy-of-a-java-bytecode-exploit.html", "creation_timestamp": "2024-05-07T14:22:54.000000Z"}, {"uuid": "0a3127f5-57d4-45ad-9b38-c3008fcbb66f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13819", "type": "seen", "source": "https://t.me/cibsecurity/13892", "content": "ATENTION\u203c New - CVE-2020-13819\n\nExtreme EAC Appliance 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-08-05T18:55:24.000000Z"}]}