{"vulnerability": "CVE-2020-1497", "sightings": [{"uuid": "deafb711-41f3-4d24-aed8-067cea194ef8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14979", "type": "seen", "source": "https://t.me/thehackernews/8468", "content": "\u26a0\ufe0f Researchers uncovered a cryptojacking campaign hiding in pirated software bundles \ud83c\udff4\u200d\u2620\ufe0f It drops a custom XMRig miner and abuses a flawed driver (CVE-2020-14979) to boost hashrate by 15\u201350%.\n\nIt can spread via USB drives, even into air-gapped systems.\n\n\ud83d\udd17 Details \u2192 https://thehackernews.com/2026/02/wormable-xmrig-campaign-uses-byovd.html", "creation_timestamp": "2026-02-23T18:46:36.000000Z"}, {"uuid": "8823443b-648c-4a21-944b-03af9af051fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14975", "type": "seen", "source": "https://t.me/arpsyndicate/1972", "content": "#ExploitObserverAlert\n\nCVE-2020-14975\n\nDESCRIPTION: Exploit Observer has 2 entries related to CVE-2020-14975. The driver in IOBit Unlocker 1.1.2 allows a low-privileged user to delete, move, or copy arbitrary files via IOCTL code 0x222124.\n\nFIRST-EPSS: 0.000510000\nNVD-IS: 5.9\nNVD-ES: 1.8", "creation_timestamp": "2023-12-18T11:25:36.000000Z"}, {"uuid": "a190bc1f-7deb-4bcf-aa37-17a4ef93c40e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14979", "type": "seen", "source": "https://t.me/arpsyndicate/1986", "content": "#ExploitObserverAlert\n\nCVE-2020-14979\n\nDESCRIPTION: Exploit Observer has 5 entries related to CVE-2020-14979. The WinRing0.sys and WinRing0x64.sys drivers 1.2.0 in EVGA Precision X1 through 1.0.6 allow local users, including low integrity processes, to read and write to arbitrary memory locations. This allows any user to gain NT AUTHORITY\\SYSTEM privileges by mapping \\Device\\PhysicalMemory into the calling process.\n\nFIRST-EPSS: 0.000420000\nNVD-IS: 5.9\nNVD-ES: 1.8", "creation_timestamp": "2023-12-18T12:44:59.000000Z"}, {"uuid": "42007ebf-9ba6-45db-be19-e0dc809658c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14977", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/1258", "content": "#Threat_Research \nSecure coding XPC Services\nPart 1 - Why EvenBetterAuthorization is not enough? (PoC for CVE-2019-20057)\nhttps://theevilbit.github.io/posts/secure_coding_xpc_part1\nPart 2 - Checking CS (CodeSigning) flags of the client\nhttps://theevilbit.github.io/posts/secure_coding_xpc_part2\nPart 3 - Incorrect client verification (PoC for CVE-2020-0984)\nhttps://theevilbit.github.io/posts/secure_coding_xpc_part3\nPart 4 - Improved client authorization (PoC for CVE-2020-14978)\nhttps://theevilbit.github.io/posts/secure_coding_xpc_part4\nPart 5 - PID reuse attacks (PoC for CVE-2020-14977)\nhttps://theevilbit.github.io/posts/secure_coding_xpc_part5", "creation_timestamp": "2021-01-28T15:59:56.000000Z"}, {"uuid": "9877fe50-dfed-40c5-869f-3b9493561295", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14974", "type": "seen", "source": "https://t.me/arpsyndicate/1958", "content": "#ExploitObserverAlert\n\nCVE-2020-14974\n\nDESCRIPTION: Exploit Observer has 2 entries related to CVE-2020-14974. The driver in IOBit Unlocker 1.1.2 allows a low-privileged user to unlock a file and kill processes (even ones running as SYSTEM) that hold a handle, via IOCTL code 0x222124.\n\nFIRST-EPSS: 0.000440000\nNVD-IS: 5.2\nNVD-ES: 1.8", "creation_timestamp": "2023-12-18T09:50:25.000000Z"}, {"uuid": "4e81f607-841c-4191-a402-4625f1695ea8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14978", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/1258", "content": "#Threat_Research \nSecure coding XPC Services\nPart 1 - Why EvenBetterAuthorization is not enough? (PoC for CVE-2019-20057)\nhttps://theevilbit.github.io/posts/secure_coding_xpc_part1\nPart 2 - Checking CS (CodeSigning) flags of the client\nhttps://theevilbit.github.io/posts/secure_coding_xpc_part2\nPart 3 - Incorrect client verification (PoC for CVE-2020-0984)\nhttps://theevilbit.github.io/posts/secure_coding_xpc_part3\nPart 4 - Improved client authorization (PoC for CVE-2020-14978)\nhttps://theevilbit.github.io/posts/secure_coding_xpc_part4\nPart 5 - PID reuse attacks (PoC for CVE-2020-14977)\nhttps://theevilbit.github.io/posts/secure_coding_xpc_part5", "creation_timestamp": "2021-01-28T15:59:56.000000Z"}, {"uuid": "848fbf40-3037-46c4-8aa6-7e6a787b65b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14976", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/271", "content": "#exploit\n1. CVE-2020-14976:\nGNS3 ubridge SETUID bit - arbitrary file read\nhttps://theevilbit.github.io/posts/gns3_ubridge_setuid_bit_arbitrary_file_read\n\n2. CVE-2018-15664: \nDocker (all versions) is vulnerable to a symlink-race attack\nhttps://seclists.org/oss-sec/2019/q2/131", "creation_timestamp": "2024-05-06T09:57:50.000000Z"}]}