{"vulnerability": "CVE-2020-2569", "sightings": [{"uuid": "4854544f-c4fd-40b5-bd70-9be4c5083dbe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25695", "type": "seen", "source": "MISP/4f7b0380-12b5-4583-8b64-311d24db68dc", "content": "", "creation_timestamp": "2024-11-14T06:07:22.000000Z"}, {"uuid": "5f882d7b-332b-4056-9953-bbe7b8ab1723", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25695", "type": "published-proof-of-concept", "source": "https://t.me/tech_b0lt_Genona/2340", "content": "Tested versions:\n\n13.0 \u2013 PostgreSQL 13.0 (Debian 13.0-1.pgdg100+1)\n12.4 \u2013 PostgreSQL 12.4 (Debian 12.4-1.pgdg100+1)\n12.3 \u2013 PostgreSQL 12.3 (Debian 12.3-1.pgdg100+1)\n11.9 \u2013 PostgreSQL 11.9 (Debian 11.9-1.pgdg90+1)\n\nCVE-2020-25695 Privilege Escalation in Postgresql \nhttps://staaldraad.github.io/post/2020-12-15-cve-2020-25695-postgresql-privesc/", "creation_timestamp": "2020-12-16T16:52:05.000000Z"}, {"uuid": "03d5d4ad-0d2b-470c-acad-3605dc6c7db7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25691", "type": "seen", "source": "https://t.me/cibsecurity/40059", "content": "\u203c CVE-2020-25691 \u203c\n\nA flaw was found in darkhttpd. Invalid error handling allows remote attackers to cause denial-of-service by accessing a file with a large modification date. The highest threat from this vulnerability is to system availability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-02T02:26:22.000000Z"}, {"uuid": "36721118-0ba0-4b9d-b279-325e5dbe9c63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25695", "type": "published-proof-of-concept", "source": "https://t.me/hydral0gs/534", "content": "https://staaldraad.github.io/post/2020-12-15-cve-2020-25695-postgresql-privesc/ \n\n\u0441\u043f\u0430\u0441\u0438\u0431\u043e \u0437\u0430 \u043b\u0438\u043d\u043a, ./kraken", "creation_timestamp": "2020-12-16T19:17:39.000000Z"}, {"uuid": "6f1dd5d5-c84d-47a9-a837-2fcd2b87ef66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25692", "type": "seen", "source": "https://t.me/cibsecurity/17223", "content": "\u203c CVE-2020-25692 \u203c\n\nA NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-08T07:30:34.000000Z"}, {"uuid": "6ecf5252-36e1-4626-84f4-010cf7b4c0ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25690", "type": "seen", "source": "https://t.me/cibsecurity/23968", "content": "\u203c CVE-2020-25690 \u203c\n\nAn out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacker to manipulate the memory allocated on the heap, causing the application to crash or execute arbitrary code. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-23T07:34:18.000000Z"}, {"uuid": "eef76943-66e0-4e46-ab95-0a5403875343", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25693", "type": "seen", "source": "https://t.me/cibsecurity/17120", "content": "\u203c CVE-2020-25693 \u203c\n\nA flaw was found in CImg in versions prior to 2.9.3. Integer overflows leading to heap buffer overflows in load_pnm() can be triggered by a specially crafted input file processed by CImg, which can lead to an impact to application availability or data integrity.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-03T20:26:34.000000Z"}, {"uuid": "8c6e6134-ad19-4aa9-a77a-40bfbbd43fd7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25696", "type": "seen", "source": "https://t.me/cibsecurity/16750", "content": "\u203c CVE-2020-25696 \u203c\n\nA flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \\gset when querying a compromised server, the attacker can execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-11-24T00:46:07.000000Z"}, {"uuid": "ddb76a7e-e0d1-4792-a56f-4d4a3f7a4db4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25695", "type": "published-proof-of-concept", "source": "https://t.me/HackerOne/2874", "content": "CVE-2020-25695 Privilege Escalation in Postgresql - Staaldraad\n\nhttps://staaldraad.github.io/post/2020-12-15-cve-2020-25695-postgresql-privesc/\n#db #pe #postgresql @securation", "creation_timestamp": "2020-12-16T12:45:48.000000Z"}, {"uuid": "e5089622-bdd7-4490-980d-e9c662cb4982", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25695", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2305", "content": "#exploit\nCVE-2020-25695:\nPrivilege Escalation in Postgresql (>=9.5)\nhttps://staaldraad.github.io/post/2020-12-15-cve-2020-25695-postgresql-privesc\n]-> Postgresql research/PoC:\nhttps://gist.github.com/staaldraad/1325617885d42aa40777aa4774e91214", "creation_timestamp": "2021-11-18T03:22:59.000000Z"}, {"uuid": "a5eac348-2aec-4da9-b844-6f4775cfbfcb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25699", "type": "seen", "source": "https://t.me/cibsecurity/16603", "content": "\u203c CVE-2020-25699 \u203c\n\nIn moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-11-19T20:41:42.000000Z"}, {"uuid": "c52bb368-1f6f-4e6c-ba02-c50cb5312d64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25698", "type": "seen", "source": "https://t.me/cibsecurity/16604", "content": "\u203c CVE-2020-25698 \u203c\n\nUsers' enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. This could lead to them unenrolling users without having permission to do so. Versions affected: 3.5 to 3.5.14, 3.7 to 3.7.8, 3.8 to 3.8.5, 3.9 to 3.9.2 and earlier unsupported versions. Fixed in 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-11-19T20:41:43.000000Z"}]}