{"vulnerability": "CVE-2020-1435", "sightings": [{"uuid": "0f8a5703-55ce-4175-b4a4-58406f93a3af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2020-14356", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "1782301a-da66-411a-a98c-be9556626ab1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14356", "type": "seen", "source": "Telegram/pQDhEBFXbzUdJ4Hpa-mW2mVsl35TF1401FFgebTH-MQoVFc", "content": "", "creation_timestamp": "2020-09-11T18:26:57.000000Z"}, {"uuid": "71b71da2-ac79-43f7-bbdd-6774866f6387", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14359", "type": "seen", "source": "https://t.me/cibsecurity/23982", "content": "\u203c CVE-2020-14359 \u203c\n\nA vulnerability was found in all versions of keycloak, where on using lower case HTTP headers (via cURL) we can bypass our Gatekeeper. Lower case headers are also accepted by some webservers (e.g. Jetty). This means there is no protection when we put a Gatekeeper in front of a Jetty server and use lowercase headers.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-23T16:35:01.000000Z"}, {"uuid": "969a22ca-13be-4b17-9375-b84f8947fefb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14351", "type": "seen", "source": "https://t.me/cibsecurity/17106", "content": "\u203c CVE-2020-14351 \u203c\n\nA flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-03T20:26:19.000000Z"}, {"uuid": "644235dc-ffbe-4281-a3f2-5ce17ebbaee7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14356", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/1738", "content": "#Threat_Research\n1. The short story of 1 Linux Kernel Use-After-Free bug\nand 2 CVEs (CVE-2020-14356, CVE-2020-25220)\nhttp://blog.pi3.com.pl/?p=720\n2. Windows TCPIP Finger Command / C2 Channel and Bypassing Security Software\nhttps://seclists.org/fulldisclosure/2020/Sep/30", "creation_timestamp": "2021-01-02T23:08:28.000000Z"}, {"uuid": "0e7d1c02-99f5-4bfb-a715-6523162e5563", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14355", "type": "seen", "source": "https://t.me/cibsecurity/15112", "content": "\u203c CVE-2020-14355 \u203c\n\nMultiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-10-07T18:28:22.000000Z"}]}