{"vulnerability": "cve-2019-2005", "sightings": [{"uuid": "fed7878c-5f49-45c5-ad04-86a83216cff0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-20056", "type": "seen", "source": "https://t.me/ctinow/210308", "content": "https://ift.tt/mcX6Wb1\nCVE-2019-20056 | stb Image Loader 2.23 stb_image.h stbi__shiftsigned assertion (Issue 126)", "creation_timestamp": "2024-03-18T09:41:35.000000Z"}, {"uuid": "07a1d1ec-3bf3-4491-9c9c-a7c6d73f2147", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-20058", "type": "seen", "source": "https://t.me/ctinow/210310", "content": "https://ift.tt/2lsrR4Z\nCVE-2019-20058 | Bolt 3.7.0 Symfony Web Profiler search cross site scripting (Issue 7830)", "creation_timestamp": "2024-03-18T09:41:37.000000Z"}, {"uuid": "3638dd1f-f367-4d9d-b203-6bc4a809926b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-20053", "type": "seen", "source": "https://t.me/ctinow/210305", "content": "https://ift.tt/WgIsc9v\nCVE-2019-20053 | UPX 3.95 Mach-O File p_mach.cpp canUnpack input validation (Issue 314)", "creation_timestamp": "2024-03-18T09:41:32.000000Z"}, {"uuid": "ec3bff9a-e7d2-40b7-87c4-968ab44d2d68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-20057", "type": "seen", "source": "https://t.me/ctinow/210309", "content": "https://ift.tt/PDVcLlp\nCVE-2019-20057 | Proxyman up to 1.11.0 on macOS Privileged Helper Tool Proxy data authenticity (Issue 364)", "creation_timestamp": "2024-03-18T09:41:36.000000Z"}, {"uuid": "a09e36e8-93be-46ad-828b-e4b2764f7081", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-20055", "type": "seen", "source": "https://t.me/ctinow/210307", "content": "https://ift.tt/VHdbmGx\nCVE-2019-20055 | LuquidPixels LiquiFire OS 4.8.0 URL String server-side request forgery", "creation_timestamp": "2024-03-18T09:41:34.000000Z"}, {"uuid": "ce340cfe-1e5a-4ce2-8717-cfece3c98ad5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-20054", "type": "seen", "source": "https://t.me/ctinow/210306", "content": "https://ift.tt/LjKigX8\nCVE-2019-20054 | Linux Kernel up to 5.0.5 fs/proc/proc_sysctl.c drop_sysctl_table null pointer dereference", "creation_timestamp": "2024-03-18T09:41:33.000000Z"}, {"uuid": "41652858-a650-4cff-90d4-53f9bb4a9db6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-20052", "type": "seen", "source": "https://t.me/ctinow/210288", "content": "https://ift.tt/GohIwHq\nCVE-2019-20052 | matio 1.5.17 mat.c Mat_VarCalloc release of resource (Issue 131)", "creation_timestamp": "2024-03-18T09:11:23.000000Z"}, {"uuid": "264c4899-9f44-40c0-9800-a7cfd31c822b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-20051", "type": "seen", "source": "https://t.me/ctinow/210287", "content": "https://ift.tt/RDBL7gy\nCVE-2019-20051 | UPX 3.95 p_lx_elf.cpp PackLinuxElf::elf_hash calculation (Issue 313)", "creation_timestamp": "2024-03-18T09:11:22.000000Z"}, {"uuid": "3e4cdd4c-19c3-43c5-96d4-ba75c26e2ebf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-20057", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/1258", "content": "#Threat_Research \nSecure coding XPC Services\nPart 1 - Why EvenBetterAuthorization is not enough? (PoC for CVE-2019-20057)\nhttps://theevilbit.github.io/posts/secure_coding_xpc_part1\nPart 2 - Checking CS (CodeSigning) flags of the client\nhttps://theevilbit.github.io/posts/secure_coding_xpc_part2\nPart 3 - Incorrect client verification (PoC for CVE-2020-0984)\nhttps://theevilbit.github.io/posts/secure_coding_xpc_part3\nPart 4 - Improved client authorization (PoC for CVE-2020-14978)\nhttps://theevilbit.github.io/posts/secure_coding_xpc_part4\nPart 5 - PID reuse attacks (PoC for CVE-2020-14977)\nhttps://theevilbit.github.io/posts/secure_coding_xpc_part5", "creation_timestamp": "2021-01-28T15:59:56.000000Z"}]}