{"vulnerability": "CVE-2020-3624", "sightings": [{"uuid": "8d133166-5d92-464d-a7d5-19819336a378", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36248", "type": "seen", "source": "https://t.me/cibsecurity/23848", "content": "\u203c CVE-2020-36248 \u203c\n\nThe ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN preferences value in a backup archive, and consequently bypass the PIN lock feature by restoring from this archive.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-19T12:51:12.000000Z"}, {"uuid": "c06d955e-8156-429c-9006-9535d0ff56a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-3624", "type": "seen", "source": "https://infosec.exchange/users/certvde/statuses/115926387351405846", "content": "", "creation_timestamp": "2026-01-20T08:04:56.991758Z"}, {"uuid": "d0184a4f-967a-4df1-aa7f-b429cb4b4907", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36249", "type": "seen", "source": "https://t.me/cibsecurity/23844", "content": "\u203c CVE-2020-36249 \u203c\n\nThe File Firewall before 2.8.0 for ownCloud Server does not properly enforce file-type restrictions for public shares.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-19T12:51:05.000000Z"}, {"uuid": "738aef5f-2915-47ba-b90a-6b79d5a8db7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36247", "type": "seen", "source": "https://t.me/cibsecurity/23842", "content": "\u203c CVE-2020-36247 \u203c\n\nOpen OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows CSRF.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-19T12:51:03.000000Z"}, {"uuid": "6bb32321-f190-4824-a92a-7457beb8cb76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36245", "type": "seen", "source": "https://t.me/cibsecurity/23786", "content": "\u203c CVE-2020-36245 \u203c\n\nGramAddict through 1.2.3 allows remote attackers to execute arbitrary code because of use of UIAutomator2 and ATX-Agent. The attacker must be able to reach TCP port 7912, e.g., by being on the same Wi-Fi network.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-18T00:49:28.000000Z"}, {"uuid": "85f56a3e-b9d6-4410-b515-f261b06cd166", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36240", "type": "seen", "source": "https://t.me/cibsecurity/24305", "content": "\u203c CVE-2020-36240 \u203c\n\nThe ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 before 4.1.2 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-01T20:43:20.000000Z"}, {"uuid": "14517bd3-1473-4059-9624-c8c016b6882a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36241", "type": "seen", "source": "https://t.me/cibsecurity/23146", "content": "\u203c CVE-2020-36241 \u203c\n\nautoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-05T16:35:16.000000Z"}, {"uuid": "1029e6ae-0861-4d9f-acd0-fb7364d836e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36243", "type": "seen", "source": "https://t.me/cibsecurity/23199", "content": "\u203c CVE-2020-36243 \u203c\n\nThe Patient Portal of OpenEMR 5.0.2.1 is affected by a Command Injection vulnerability in /interface/main/backup.php. To exploit the vulnerability, an authenticated attacker can send a POST request that executes arbitrary OS commands via shell metacharacters.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-07T22:38:36.000000Z"}, {"uuid": "7a28f9ae-ad5f-4ebc-90c0-752e27124d0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36242", "type": "seen", "source": "https://t.me/cibsecurity/23197", "content": "\u203c CVE-2020-36242 \u203c\n\nIn the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-07T22:38:34.000000Z"}]}