{"vulnerability": "CVE-2020-1525", "sightings": [{"uuid": "4a332468-5d67-447b-bbc4-ab308cf711cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-15251", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3m25wrqxhsx2w", "content": "", "creation_timestamp": "2025-10-01T21:02:25.934407Z"}, {"uuid": "0a07ae01-93ac-4f84-a88e-98166a598d4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-15250", "type": "seen", "source": "https://gist.github.com/yorickdowne/a564977ea8de7302d7ec82fdf6061c49", "content": "", "creation_timestamp": "2025-09-15T15:33:15.000000Z"}, {"uuid": "eddd1688-a1f7-4c29-8b2b-e950819a5cca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-15257", "type": "seen", "source": "https://gist.github.com/aw-junaid/8ab7fcee3ef7f4c33bc10ae9d90c1bca", "content": "", "creation_timestamp": "2026-01-30T18:57:00.000000Z"}, {"uuid": "ba1c2697-11da-449d-aad6-d61820704bb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-15257", "type": "published-proof-of-concept", "source": "https://t.me/k8security/164", "content": "\"ABSTRACT SHIMMER (CVE-2020-15257): Host Networking is root-Equivalent, Again\" - \u043e\u0442\u043b\u0438\u0447\u043d\u044b\u0439 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0440\u0430\u0441\u0441\u043a\u0430\u0437 \u0441 \u043f\u0440\u0438\u043c\u0435\u0440\u0430\u043c\u0438 \u043a\u043e\u0434\u0430 \u043e \u0442\u043e\u043c, \u043a\u0430\u043a \u043d\u0430\u0445\u043e\u0434\u0438\u043b\u0430\u0441\u044c, \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2020-15257, \u043e \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u044f \u043f\u0438\u0441\u0430\u043b \u0440\u0430\u043d\u044c\u0448\u0435.\n\n\u041f\u0440\u0438 \u043f\u0440\u043e\u0447\u0442\u0435\u043d\u0438\u0438 \u0432\u044b \u0443\u0437\u043d\u0430\u0435\u0442\u0435 \u043e \u0442\u043e\u043c, \u043a\u0430\u043a \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 containerd-shim, \u043a\u0430\u043a \u0437\u0430\u043a\u0440\u044b\u043b\u0438 \u0434\u0430\u043d\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438 \u043a\u0430\u043a \u0435\u0435 \u043c\u043e\u0436\u043d\u043e \u043f\u0440\u043e\u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c. \u0421\u0430\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u0439 \u043a\u043e\u0434 \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u0430 \u0430\u0432\u0442\u043e\u0440 \u0441\u043e\u0431\u0438\u0440\u0430\u0435\u0442\u0441\u044f \u0432\u044b\u043b\u043e\u0436\u0438\u0442\u044c 11 \u044f\u043d\u0432\u0430\u0440\u044f, \u041d\u041e \u043f\u043e \u0441\u0442\u0430\u0442\u044c\u0435 \u0435\u0433\u043e \u043c\u043e\u0436\u043d\u043e \u043d\u0430\u043f\u0438\u0441\u0430\u0442\u044c \u0438 \u0441\u0430\u043c\u043e\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e.", "creation_timestamp": "2020-12-11T07:01:11.000000Z"}, {"uuid": "c8e2fd6b-0607-4b35-935a-17647d8e66f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-15257", "type": "seen", "source": "https://gist.github.com/namishelex01/c45e91ffc78335e7a096670758f310e6", "content": "", "creation_timestamp": "2025-12-17T18:58:48.000000Z"}, {"uuid": "7ee0f662-5b4e-49cb-9d67-43c4e88d7934", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-15257", "type": "seen", "source": "https://t.me/k8security/156", "content": "CVE-2020-15257: containerd \u2013 containerd-shim API Exposed to Host Network Containers\n\n\u0410\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u0441\u043f\u043e\u0441\u043e\u0431\u0435\u043d \u0441\u043e\u0432\u0435\u0440\u0448\u0438\u0442\u044c \u043f\u043e\u0431\u0435\u0433 \u0438\u0437 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u0430, \u043f\u043e\u0434\u043d\u044f\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0438 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0445\u043e\u0441\u0442/\u043d\u043e\u0434\u0443.\n\n\u0412\u0441\u0435 \u044d\u0442\u043e \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e \u0432 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u0438 \u0431\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f, \u0435\u0441\u043b\u0438:\n- hostNetwork: true \u0434\u043b\u044f Pod \n- \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u043e\u0442 root \n- \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0432 host user namespace (\u0441\u0435\u0439\u0447\u0430\u0441 \u044d\u0442\u043e \u043d\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u0442\u044c, \u043d\u043e \u0440\u0430\u0431\u043e\u0442\u0430 \u043d\u0430\u0434 \u044d\u0442\u0438\u043c \u043a\u0438\u043f\u0438\u0442 \u0432 keps/127: Support User Namespaces)\n\n\u0410 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043a\u0440\u0443\u0442\u0438\u0442\u044c\u0441\u044f \u0432\u043e\u043a\u0440\u0443\u0433 \u0442\u043e\u0433\u043e, \u0447\u0442\u043e containerd-shim \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 abstract Unix domain sockets, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0432 \u043e\u0442\u043b\u0438\u0447\u0438\u0435 \u043e\u0442 normal Unix domain sockets \u043f\u0440\u0438\u0432\u044f\u0437\u0430\u043d \u043a network namespace \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430, \u0430 \u043d\u0435 \u043a \u0444\u0430\u0439\u043b\u0443.\n\n\u0412 \u0438\u0442\u043e\u0433\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0438\u0437 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u0430 \u043c\u043e\u0436\u0435\u0442 \u0434\u0435\u043b\u0430\u0442\u044c \u0442\u0430\u043a\u0438\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u043a\u0430\u043a:\n- \u0427\u0442\u0435\u043d\u0438\u0435/\u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0438\u0435/\u0437\u0430\u043f\u0438\u0441\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430 \u0445\u043e\u0441\u0442\u0430\n- \u0412\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0445 \u043a\u043e\u043c\u0430\u043d\u0434 \u0432 \u043a\u043e\u043d\u0442\u0435\u043a\u0441\u0442\u0435 containerd-shim (root) \u043d\u0430 \u0445\u043e\u0441\u0442\u0435\n- \u0421\u043e\u0437\u0434\u0430\u043d\u0438\u0435 \u0438 \u0437\u0430\u043f\u0443\u0441\u043a \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u0430 \u0438\u0437 runc config.json \u0444\u0430\u0439\u043b\u0430\n\u042d\u0442\u043e, \u043a\u043e\u043d\u0435\u0447\u043d\u043e, \u0431\u043e\u043b\u0435\u0435 \u0447\u0435\u043c \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0434\u043b\u044f \u0441\u043e\u0432\u0435\u0440\u0448\u0435\u043d\u0438\u044f \u043f\u043e\u0431\u0435\u0433\u0430 \u0438\u0437 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u0430 \u043d\u0430 \u0445\u043e\u0441\u0442.", "creation_timestamp": "2020-12-03T06:53:45.000000Z"}, {"uuid": "cdb6aee4-3356-49a6-8cce-c03b7ae72d52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-15250", "type": "seen", "source": "https://t.me/ctinow/181674", "content": "https://ift.tt/WqbFM8e\nCVE-2020-15250 | Oracle Banking Liquidity Management 14.7.0.3.0 Infrastructure information disclosure", "creation_timestamp": "2024-02-08T22:46:19.000000Z"}, {"uuid": "55d291d6-927a-4acc-8a50-95fc591f2d95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1525", "type": "exploited", "source": "Telegram/t56b3Q9Pzy6RNlSuP7aXlCGnrtD_6yp__frASOXq_ro", "content": "", "creation_timestamp": "2021-10-08T16:50:48.000000Z"}, {"uuid": "dfc937cf-a5a7-4c26-8e48-4a35d83c7b22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1525", "type": "seen", "source": "https://t.me/anwar1213xx/979", "content": "\u062b\u063a\u0631\u0627\u062a \u0644\u0625\u062e\u062a\u0631\u0627\u0642 \u0627\u0644\u0648\u064a\u0646\u062f\u0648\u0632 :\n\n\u0643\u0644 \u0645\u0646 \u064a\u0633\u062a\u062e\u062f\u0645 \u0646\u0638\u0627\u0645 \u0627\u0644\u062a\u0634\u063a\u064a\u0644 \u0648\u064a\u0646\u062f\u0648\u0632 \u0623\u0648 \u062d\u0632\u0645\u0629 \u062a\u0637\u0628\u064a\u0642\u0627\u062a Microsoft Office \u064a\u062c\u0628 \u0639\u0644\u064a\u0647 \u0623\u0646 \u064a\u062d\u062f\u062b\u0647\u0645\u060c \u064a\u0648\u062c\u062f \u062a\u062d\u062f\u064a\u062b\u0627\u062a \u0635\u062f\u0631\u062a \u0644\u062a\u0631\u0642\u064a\u0639 120 \u062b\u063a\u0631\u0629 \u0645\u0646\u0647\u0645 18 \u062b\u063a\u0631\u0629 \u062f\u0631\u062c\u0629 \u062e\u0637\u0648\u0631\u062a\u0647\u0645 \u0645\u0635\u0646\u0641\u0647 \u0643\u0640 \"\u062d\u0631\u062c\u0629\" \u06482 \u0628\u0627\u0644\u0641\u0639\u0644 \u064a\u062a\u0645 \u0625\u0633\u062a\u063a\u0644\u0627\u0644\u0647\u0645 \u0628\u0634\u0643\u0644 \u0643\u0628\u064a\u0631\n\u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u062a\u0639\u0631\u0636 \u062c\u0647\u0627\u0632\u0643 \u0644\u0644\u0625\u062e\u062a\u0631\u0627\u0642 \u0641\u064a \u0627\u0644\u062d\u0627\u0644\u0627\u062a \u0627\u0644\u062a\u0627\u0644\u064a\u0629:\n\u0627\u0644\u062b\u063a\u0631\u0629 CVE-2020-1525 \u0648 CVE-2020-1585 \u0645\u0645\u0643\u0646 \u062a\u062a\u0633\u0628\u0628 \u0641\u064a \u0625\u062e\u062a\u0631\u0627\u0642 \u062c\u0647\u0627\u0632\u0643 \u0639\u0646 \u0637\u0631\u064a\u0642 \u062a\u0634\u063a\u064a\u0644 \u0645\u0644\u0641 \u0641\u064a\u062f\u064a\u0648.\n\u0627\u0644\u062b\u063a\u0631\u0629 CVE-2020-1548 \u0645\u0645\u0643\u0646 \u062a\u062a\u0633\u0628\u0628 \u0641\u064a \u0625\u062e\u062a\u0631\u0627\u0642 \u062c\u0647\u0627\u0632\u0643 \u0639\u0646 \u0637\u0631\u064a\u0642 \u062a\u0634\u063a\u064a\u0644 \u0645\u0644\u0641 \u0635\u0648\u062a.\n\u0627\u0644\u062b\u063a\u0631\u0629 CVE-2020-1560 \u0648 CVE-2020-1574 \u0645\u0645\u0643\u0646 \u062a\u062a\u0633\u0628\u0628 \u0641\u064a \u0625\u062e\u062a\u0631\u0627\u0642 \u062c\u0647\u0627\u0632\u0643 \u0639\u0646 \u0637\u0631\u064a\u0642 \u062a\u0634\u063a\u064a\u0644 \u0645\u0644\u0641 \u0635\u0648\u0631\u0629.\n\u0627\u0644\u062b\u063a\u0631\u0629 CVE-2020-1483 \u0645\u0645\u0643\u0646 \u062a\u062a\u0633\u0628\u0628 \u0641\u0649 \u0625\u062e\u062a\u0631\u0627\u0642 \u062c\u0647\u0627\u0632\u0643 \u0625\u0630\u0627 \u0642\u0645\u062a \u0628\u0633\u062a\u062e\u062f\u0645 \u062a\u0637\u0628\u064a\u0642 Microsoft Outlook \u0641\u064a \u0625\u0633\u062a\u0644\u0627\u0645 \u0627\u0644\u0631\u0633\u0627\u0626\u0644.\n\u0627\u0644\u062b\u063a\u0631\u0629 CVE-2020-1567 \u0645\u0645\u0643\u0646 \u062a\u062a\u0633\u0628\u0628 \u0641\u064a \u0625\u062e\u062a\u0631\u0627\u0642 \u062c\u0647\u0627\u0632\u0643 \u0625\u0630\u0627 \u062d\u0627\u0648\u0644\u062a \u0623\u0646 \u062a\u0642\u0648\u0645 \u0628\u062a\u062d\u0631\u064a\u0631 edit \u0644\u0635\u0641\u062d\u0629 HTML.\n\u0627\u0644\u062b\u063a\u0631\u0629 CVE-2020-1380 \u0645\u0645\u0643\u0646 \u062a\u062a\u0633\u0628\u0628 \u0641\u064a \u0625\u062e\u062a\u0631\u0627\u0642 \u062c\u0647\u0627\u0632\u0643 \u0625\u0630\u0627 \u062d\u0627\u0648\u0644\u062a \u062a\u0641\u062a\u062d \u0645\u0648\u0642\u0639 \u0645\u0639\u064a\u0646 \u0639\u0644\u0649 \u0645\u062a\u0635\u0641\u062d Internet Explorer 11.\n\u0627\u0644\u062b\u063a\u0631\u0629 CVE-2020-1472 \u0627\u0644\u0645\u0648\u062c\u0648\u062f\u0629 \u0641\u0649 \u0645\u0643\u0648\u0646 NetLogon \u0645\u0645\u0643\u0646 \u062a\u062a\u0633\u0628\u0628 \u0641\u0649 \u0631\u0641\u0639 \u0635\u0644\u0627\u062d\u064a\u0627\u062a \u0627\u0644\u0645\u062e\u062a\u0631\u0642 \u0648\u062a\u0633\u0645\u062d \u0644\u0647 \u0628\u0625\u062e\u062a\u0631\u0627\u0642 \u062c\u0647\u0627\u0632\u0643 \u0641\u064a \u062d\u0627\u0644\u0629 \u0645\u0627 \u0625\u0630\u0627 \u0643\u0627\u0646 \u0645\u062a\u0635\u0644 \u0639\u0644\u0649 Domain Controller (DC) \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u0641\u0649 \u0627\u0644\u063a\u0627\u0644\u0628 \u062f\u0627\u062e\u0644 \u0627\u0644\u0645\u0624\u0633\u0633\u0627\u062a.\n\u0627\u0644\u062b\u063a\u0631\u0627\u0629 CVE-2020-1494 \u0648 CVE-2020-1495 \u0648 CVE-2020-1496 \u0648 CVE-2020-1504 \u0648 CVE-2020-1498 \u0645\u0645\u0643\u0646 \u0623\u0646 \u064a\u062a\u0633\u0628\u0628\u0648 \u0641\u0649 \u0625\u062e\u062a\u0631\u0627\u0642 \u062c\u0647\u0627\u0632\u0643 \u0627\u0646 \u0641\u062a\u062d\u062a \u0645\u0644\u0641 Excel sheet \u0639\u0644\u0649 \u0627\u0644\u0627\u0635\u062f\u0627\u0631 \u0627\u0644\u0645\u0635\u0627\u0628 \u0645\u0646 Microsoft Excel.\n\u0627\u0644\u062b\u063a\u0631\u0629 CVE-2020-1571 \u0645\u0645\u0643\u0646 \u062a\u062a\u0633\u0628\u0628 \u0641\u0649 \u0631\u0641\u0639 \u0635\u0644\u0627\u062d\u064a\u0627\u062a \u0627\u0644\u0645\u062e\u062a\u0631\u0642 \u0645\u0646 \u062e\u0644\u0627\u0644 \u0625\u0633\u062a\u062e\u062f\u0627\u0645 \u0627\u0644\u062a\u0637\u0628\u064a\u0642 \u0627\u0644\u0645\u0633\u0624\u0648\u0644 \u0639\u0646 \u062a\u0646\u0635\u064a\u0628 \u0646\u0633\u062e\u0629 \u0627\u0644\u0648\u064a\u0646\u062f\u0648\u0632 \u0646\u0641\u0633\u0647\u0627\n\nThe Yemeni ghost\nMy pride is crazy", "creation_timestamp": "2021-10-08T16:50:51.000000Z"}, {"uuid": "9e94f7c8-ec43-47f9-89e0-242a5a171f08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-15257", "type": "seen", "source": "https://t.me/cibsecurity/16968", "content": "\u203c CVE-2020-15257 \u203c\n\ncontainerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim\u00e2\u20ac\u2122s API socket verified that the connecting process had an effective UID of 0, but did not otherwise restrict access to the abstract Unix domain socket. This would allow malicious containers running in the same network namespace as the shim, with an effective UID of 0 but otherwise reduced privileges, to cause new processes to be run with elevated privileges. This vulnerability has been fixed in containerd 1.3.9 and 1.4.3. Users should update to these versions as soon as they are released. It should be noted that containers started with an old version of containerd-shim should be stopped and restarted, as running containers will continue to be vulnerable even after an upgrade. If you are not providing the ability for untrusted users to start containers in the same network namespace as the shim (typically the \"host\" network namespace, for example with docker run --net=host or hostNetwork: true in a Kubernetes pod) and run with an effective UID of 0, you are not vulnerable to this issue. If you are running containers with a vulnerable configuration, you can deny access to all abstract sockets with AppArmor by adding a line similar to deny unix addr=@**, to your policy. It is best practice to run containers with a reduced set of privileges, with a non-zero UID, and with isolated namespaces. The containerd maintainers strongly advise against sharing namespaces with the host. Reducing the set of isolation mechanisms used for a container necessarily increases that container's privilege, regardless of what container runtime is used for running that container.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-01T07:53:41.000000Z"}, {"uuid": "47769cda-eabc-4e79-bc22-17f38e39829f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-15256", "type": "seen", "source": "https://t.me/cibsecurity/27955", "content": "\u203c CVE-2021-23434 \u203c\n\nThis affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === '__proto__' returns false if currentPath is ['__proto__']. This is because the === operator returns always false when the type of the operands is different.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-27T20:28:18.000000Z"}, {"uuid": "4cc343bc-7207-4d82-8a45-ef84aa4c644a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-15251", "type": "seen", "source": "https://t.me/cibsecurity/15244", "content": "\u203c CVE-2020-15251 \u203c\n\nIn the Channelmgnt plug-in for Sopel (a Python IRC bot) before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-10-13T22:38:51.000000Z"}, {"uuid": "3045eecf-be14-45ff-8ce5-a9dc95b0fcdf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-15257", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2210", "content": "#Blue_Team_Techniques\n1. Improving OAuth App-to-App Security\nhttps://danielfett.de/2020/11/27/improving-app2app\n2. Technical Advisory: containerd - containerd-shim API Exposed to Host Network Containers (CVE-2020-15257)\nhttps://research.nccgroup.com/2020/11/30/technical-advisory-containerd-containerd-shim-api-exposed-to-host-network-containers-cve-2020-15257", "creation_timestamp": "2020-12-22T05:57:17.000000Z"}, {"uuid": "413ffe6a-3a90-48d2-9f53-367aefdd29a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-15257", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2276", "content": "A technical discussion of the underlying vulnerability of CVE-2020-15257, and how it can be exploited (containerd exploitation)\nhttps://research.nccgroup.com/2020/12/10/abstract-shimmer-cve-2020-15257-host-networking-is-root-equivalent-again", "creation_timestamp": "2020-12-12T13:55:07.000000Z"}, {"uuid": "f3de71f3-3c94-4733-9a46-8e098d9c0832", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-15250", "type": "published-proof-of-concept", "source": "https://t.me/cibsecurity/15215", "content": "\u203c CVE-2020-15250 \u203c\n\nIn JUnit4 before version 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. This vulnerability impacts you if the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder, and the JUnit tests execute in an environment where the OS has other untrusted users. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. For Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. For Java 1.6 and lower users: no patch is available, you must use the workaround below. If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. For more information, including an example of vulnerable code, see the referenced GitHub Security Advisory.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-10-12T22:37:48.000000Z"}, {"uuid": "f7db924a-0da5-4a32-80bc-a9222d688a92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-15256", "type": "seen", "source": "https://t.me/cibsecurity/15401", "content": "\u203c CVE-2020-15256 \u203c\n\nA prototype pollution vulnerability has been found in `object-path` &lt;= 0.11.4 affecting the `set()` method. The vulnerability is limited to the `includeInheritedProps` mode (if version &gt;= 0.11.0 is used), which has to be explicitly enabled by creating a new instance of `object-path` and setting the option `includeInheritedProps: true`, or by using the default `withInheritedProps` instance. The default operating mode is not affected by the vulnerability if version &gt;= 0.11.0 is used. Any usage of `set()` in versions &lt; 0.11.0 is vulnerable. The issue is fixed in object-path version 0.11.5 As a workaround, don't use the `includeInheritedProps: true` options or the `withInheritedProps` instance if using a version &gt;= 0.11.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-10-20T02:46:38.000000Z"}]}