{"vulnerability": "CVE-2020-2778", "sightings": [{"uuid": "af5de194-8fb1-4ae3-b06b-2409d0b74a78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27786", "type": "seen", "source": "https://gist.github.com/houseofint3/73b3d2fe5bed8b40fc34105e85dd0bbc", "content": "", "creation_timestamp": "2026-01-02T05:50:41.000000Z"}, {"uuid": "1e611d23-5f1f-45fc-ab7e-298967755044", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27786", "type": "seen", "source": "https://bsky.app/profile/0xor0ne.bsky.social/post/3lkm42ly6nc2o", "content": "", "creation_timestamp": "2025-03-17T21:31:07.193136Z"}, {"uuid": "56f9aca5-15ea-4a10-b73b-a68bb3a9d508", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27786", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lkomemcicw2k", "content": "", "creation_timestamp": "2025-03-18T21:28:16.283629Z"}, {"uuid": "67be439e-f548-4a9e-9f4a-cdb7b44f1887", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27786", "type": "seen", "source": "https://bsky.app/profile/bluedevil.bsky.social/post/3lqm7bqddmk2e", "content": "", "creation_timestamp": "2025-06-02T06:59:51.644805Z"}, {"uuid": "6d37a909-eb93-43a7-863b-c021738cdce8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27786", "type": "seen", "source": "https://bsky.app/profile/bluedevil.bsky.social/post/3lqm7d2zt5s2e", "content": "", "creation_timestamp": "2025-06-02T07:00:36.437054Z"}, {"uuid": "b47d96d4-e68e-4ba9-a33a-2eafcce1a3eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2020-27783", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0395/", "content": "", "creation_timestamp": "2026-04-02T17:00:00.000000Z"}, {"uuid": "7ee19e0b-3fde-4679-9145-99cbdbeb5718", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27786", "type": "seen", "source": "https://t.me/cibsecurity/19927", "content": "\u203c CVE-2020-27786 \u203c\n\nA flaw was found in the Linux kernels implementation of MIDI (kernel 5.7-rc6), where an attacker with a local account and the permissions to issue an ioctl commands to midi devices, could trigger a use-after-free. A write to this specific memory while freed and before use could cause the flow of execution to change and possibly allow for memory corruption or privilege escalation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T13:25:07.000000Z"}, {"uuid": "5e9ee185-526b-48f4-aa2f-25dedfc9f423", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27787", "type": "seen", "source": "https://t.me/cibsecurity/48365", "content": "\u203c CVE-2020-27787 \u203c\n\nA Segmentaation fault was found in UPX in invert_pt_dynamic() function in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-18T22:26:38.000000Z"}, {"uuid": "4beffbfc-e32d-4a08-bf94-5d2468881e08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27782", "type": "seen", "source": "https://t.me/cibsecurity/24032", "content": "\u203c CVE-2020-27782 \u203c\n\nA flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability. This affects Undertow 2.1.5.SP1, 2.0.33.SP2, and 2.2.3.SP1.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-23T22:35:22.000000Z"}, {"uuid": "004c731e-a6cf-4276-9a47-cc6bb1cb78d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27780", "type": "seen", "source": "https://t.me/cibsecurity/21042", "content": "\u203c CVE-2020-27780 \u203c\n\nA flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-18T02:43:23.000000Z"}, {"uuid": "b859f88c-499d-4b01-a08e-ea357b9876c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27786", "type": "seen", "source": "https://t.me/linkersec/267", "content": "CVE-2020-27786 (Race Condition + Use-After-Free)\n\nAn article by ii4gsp about exploiting a racy use-after-free in the MIDI subsystem.", "creation_timestamp": "2024-09-05T14:05:13.000000Z"}, {"uuid": "313cf04a-1b20-40fa-a45b-5fc487ea5d91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27783", "type": "seen", "source": "https://t.me/cibsecurity/17114", "content": "\u203c CVE-2020-27783 \u203c\n\nA XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-03T20:26:27.000000Z"}, {"uuid": "8c9ab3ef-515a-4b0c-9b76-0550c008c07c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27786", "type": "seen", "source": "https://t.me/cibsecurity/19947", "content": "\u203c CVE-2020-27786 \u203c\n\nA flaw was found in the Linux kernels implementation of MIDI (kernel 5.7-rc6), where an attacker with a local account and the permissions to issue an ioctl commands to midi devices, could trigger a use-after-free. A write to this specific memory while freed and before use could cause the flow of execution to change and possibly allow for memory corruption or privilege escalation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T14:25:17.000000Z"}, {"uuid": "963ec2cc-98f4-4ce5-bd28-59a5e9b8fef2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27786", "type": "seen", "source": "https://t.me/cibsecurity/19907", "content": "\u203c CVE-2020-27786 \u203c\n\nA flaw was found in the Linux kernels implementation of MIDI (kernel 5.7-rc6), where an attacker with a local account and the permissions to issue an ioctl commands to midi devices, could trigger a use-after-free. A write to this specific memory while freed and before use could cause the flow of execution to change and possibly allow for memory corruption or privilege escalation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T12:35:03.000000Z"}, {"uuid": "24bc4df5-154f-45ab-84ca-de5f4914cc84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27786", "type": "seen", "source": "https://t.me/cibsecurity/19888", "content": "\u203c CVE-2020-27786 \u203c\n\nA flaw was found in the Linux kernels implementation of MIDI (kernel 5.7-rc6), where an attacker with a local account and the permissions to issue an ioctl commands to midi devices, could trigger a use-after-free. A write to this specific memory while freed and before use could cause the flow of execution to change and possibly allow for memory corruption or privilege escalation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T12:25:05.000000Z"}, {"uuid": "6423360c-2bde-4b36-aa2c-67920165a7bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27786", "type": "seen", "source": "https://t.me/cibsecurity/19868", "content": "\u203c CVE-2020-27786 \u203c\n\nA flaw was found in the Linux kernels implementation of MIDI (kernel 5.7-rc6), where an attacker with a local account and the permissions to issue an ioctl commands to midi devices, could trigger a use-after-free. A write to this specific memory while freed and before use could cause the flow of execution to change and possibly allow for memory corruption or privilege escalation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T11:25:13.000000Z"}, {"uuid": "57ec2d09-ec39-4550-8e07-be4abe8476e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27786", "type": "seen", "source": "https://t.me/cibsecurity/19848", "content": "\u203c CVE-2020-27786 \u203c\n\nA flaw was found in the Linux kernels implementation of MIDI (kernel 5.7-rc6), where an attacker with a local account and the permissions to issue an ioctl commands to midi devices, could trigger a use-after-free. A write to this specific memory while freed and before use could cause the flow of execution to change and possibly allow for memory corruption or privilege escalation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T10:25:20.000000Z"}, {"uuid": "6e779ac5-e8a0-44e3-89b7-deff95a6fc1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27786", "type": "seen", "source": "https://t.me/cibsecurity/19828", "content": "\u203c CVE-2020-27786 \u203c\n\nA flaw was found in the Linux kernels implementation of MIDI (kernel 5.7-rc6), where an attacker with a local account and the permissions to issue an ioctl commands to midi devices, could trigger a use-after-free. A write to this specific memory while freed and before use could cause the flow of execution to change and possibly allow for memory corruption or privilege escalation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T09:25:15.000000Z"}, {"uuid": "5e4c29da-edcf-4f3b-8653-532db8cace35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27786", "type": "seen", "source": "https://t.me/cibsecurity/19808", "content": "\u203c CVE-2020-27786 \u203c\n\nA flaw was found in the Linux kernels implementation of MIDI (kernel 5.7-rc6), where an attacker with a local account and the permissions to issue an ioctl commands to midi devices, could trigger a use-after-free. A write to this specific memory while freed and before use could cause the flow of execution to change and possibly allow for memory corruption or privilege escalation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T08:25:18.000000Z"}, {"uuid": "be5e0098-e526-4f3f-a668-226df5ea0372", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27786", "type": "seen", "source": "https://t.me/cibsecurity/19788", "content": "\u203c CVE-2020-27786 \u203c\n\nA flaw was found in the Linux kernels implementation of MIDI (kernel 5.7-rc6), where an attacker with a local account and the permissions to issue an ioctl commands to midi devices, could trigger a use-after-free. A write to this specific memory while freed and before use could cause the flow of execution to change and possibly allow for memory corruption or privilege escalation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T07:38:06.000000Z"}, {"uuid": "66c4854d-0a90-4b27-802f-18a5afa4bd1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27786", "type": "seen", "source": "https://t.me/cibsecurity/19768", "content": "\u203c CVE-2020-27786 \u203c\n\nA flaw was found in the Linux kernels implementation of MIDI (kernel 5.7-rc6), where an attacker with a local account and the permissions to issue an ioctl commands to midi devices, could trigger a use-after-free. A write to this specific memory while freed and before use could cause the flow of execution to change and possibly allow for memory corruption or privilege escalation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T07:35:04.000000Z"}, {"uuid": "72066d01-af39-40a9-ab2f-125397d71ddc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27786", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/11085", "content": "#exploit\n1. CVE-2020-27786:\nUaF + Race Condition in MIDI devices in Linux Kernel 5.6x\nhttps://ii4gsp.github.io/cve-2020-27786\n\n2. CVE-2018-14714:\nASUS RT-AC3200 WiFi router RCE\nhttps://github.com/BTtea/CVE-2018-14714-RCE_exploit", "creation_timestamp": "2024-09-06T04:37:40.000000Z"}]}