{"vulnerability": "CVE-2020-2754", "sightings": [{"uuid": "7f1ad887-2231-4c8f-8fd4-921565ac9c68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27544", "type": "seen", "source": "https://t.me/arpsyndicate/662", "content": "#ExploitObserverAlert\n\nCVE-2020-27544\n\nDESCRIPTION: Exploit Observer has 1 entries related to CVE-2020-27544. An issue was discovered in FoldingAtHome Client Advanced Control GUI before commit 9b619ae64443997948a36dda01b420578de1af77, allows remote attackers to execute arbitrary code via crafted payload to function parse_message in file Connection.py.\n\nFIRST-EPSS: 0.002350000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-11-28T15:12:33.000000Z"}, {"uuid": "0de16c1b-ffb8-4ef4-8295-cfe776d2e333", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27545", "type": "seen", "source": "https://t.me/cibsecurity/62244", "content": "\u203c CVE-2020-27545 \u203c\n\nlibdwarf before 20201017 has a one-byte out-of-bounds read because of an invalid pointer dereference via an invalid line table in a crafted object.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-16T07:27:13.000000Z"}, {"uuid": "fe2cabe6-7fbb-4da0-94f4-718bf0c5f227", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27543", "type": "seen", "source": "https://t.me/cibsecurity/24144", "content": "\u203c CVE-2020-27543 \u203c\n\nThe restify-paginate package 0.0.5 for Node.js allows remote attackers to cause a Denial-of-Service by omitting the HTTP Host header. A Restify-based web service would crash with an uncaught exception.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-25T20:37:58.000000Z"}, {"uuid": "20867b5f-37f8-487d-baab-f9ff544656f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27541", "type": "seen", "source": "https://t.me/cibsecurity/22638", "content": "\u203c CVE-2020-27541 \u203c\n\nDenial of Service vulnerability in Rostelecom CS-C2SHW 5.0.082.1. AgentGreen service has a bug in parsing broadcast discovery UDP packet. Sending a packet of too small size will lead to an attempt of allocating buffer of negative size. As the result service AgentGreen will be terminated and started again later.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-26T20:46:34.000000Z"}, {"uuid": "ef42c0dd-b7d6-42c9-8a6c-28a34fb88d1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27542", "type": "seen", "source": "https://t.me/cibsecurity/22641", "content": "\u203c CVE-2020-27542 \u203c\n\nRostelecom CS-C2SHW 5.0.082.1 is affected by: Bash command injection. The camera reads configuration from QR code (including network settings). The static IP configuration from QR code is copied to the file /config/ip-static and after reboot data from this file is inserted into bash command (without any escaping). So bash injection is possible. Camera doesn't parse QR codes if it's already successfully configured. Camera is always rebooted after successful configuration via QR code.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-26T20:46:38.000000Z"}]}