{"vulnerability": "CVE-2020-3665", "sightings": [{"uuid": "95edfa4b-adb8-4176-91ec-08505f995c62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36657", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10009", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2020-36657\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: uptimed before 0.4.6-r1 on Gentoo allows local users (with access to the uptimed user account) to gain root privileges by creating a hard link within the /var/spool/uptimed directory, because there is an unsafe chown -R call.\n\ud83d\udccf Published: 2023-01-25T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-01T20:11:33.838Z\n\ud83d\udd17 References:\n1. https://bugs.gentoo.org/630810\n2. https://security.gentoo.org/glsa/202305-14", "creation_timestamp": "2025-04-01T20:33:30.000000Z"}, {"uuid": "a62f1700-475b-4ae3-90de-2dde7f82208c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36658", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9422", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2020-36658\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix.\n\ud83d\udccf Published: 2023-01-27T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-28T17:37:05.065Z\n\ud83d\udd17 References:\n1. https://github.com/LemonLDAPNG/Apache-Session-LDAP/commit/490722b71eed1ed1ab33d58c78578f23e043561f\n2. https://lists.debian.org/debian-lts-announce/2023/01/msg00024.html", "creation_timestamp": "2025-03-28T18:28:21.000000Z"}, {"uuid": "24bc24ef-563a-48a5-a232-e6758883be20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36656", "type": "seen", "source": "https://t.me/cibsecurity/58585", "content": "\u203c CVE-2020-36656 \u203c\n\nThe Spectra WordPress plugin before 1.15.0 does not sanitize user input as it reaches its style HTML attribute, allowing contributors to conduct stored XSS attacks via the plugin's Gutenberg blocks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-21T12:21:46.000000Z"}, {"uuid": "6936fbd3-29b4-4492-b23e-351ef79eff06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36655", "type": "seen", "source": "Telegram/GBOHs6WKnICLxlJKA-pzaQ8uHlO4zDgU2pZUu6fa5klvLKA2", "content": "", "creation_timestamp": "2025-01-13T21:43:22.000000Z"}, {"uuid": "7f5479dc-a761-4f30-bed4-5df17b450458", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36652", "type": "seen", "source": "https://t.me/cibsecurity/59087", "content": "\u203c CVE-2020-36652 \u203c\n\nIncorrect Default Permissions vulnerability in Hitachi Automation Director on Linux, Hitachi Infrastructure Analytics Advisor on Linux (Hitachi Infrastructure Analytics Advisor, Analytics probe server components), Hitachi Ops Center Automator on Linux, Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer, Analyzer probe server components), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files. This issue affects Hitachi Automation Director: from 8.2.0-00 through 10.6.1-00; Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.0.0-00; Hitachi Ops Center Automator: before 10.9.1-00; Hitachi Ops Center Analyzer: before 10.9.1-00; Hitachi Ops Center Viewpoint: before 10.9.1-00.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-28T07:27:23.000000Z"}, {"uuid": "8a318b45-5bf2-4ca4-bf1e-6e4072c0d272", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36654", "type": "seen", "source": "https://t.me/cibsecurity/56662", "content": "\u203c CVE-2020-36654 \u203c\n\nA vulnerability classified as problematic has been found in GENI Portal. This affects the function no_invocation_id_error of the file portal/www/portal/sliceresource.php. The manipulation of the argument invocation_id/invocation_user leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is 39a96fb4b822bd3497442a96135de498d4a81337. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218475.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-18T20:35:53.000000Z"}, {"uuid": "b1fff419-53f0-4e6e-8b85-9f6a4802b4a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36653", "type": "seen", "source": "https://t.me/cibsecurity/56660", "content": "\u203c CVE-2020-36653 \u203c\n\nA vulnerability was found in GENI Portal. It has been rated as problematic. Affected by this issue is some unknown functionality of the file portal/www/portal/error-text.php. The manipulation of the argument error leads to cross site scripting. The attack may be launched remotely. The name of the patch is c2356cc41260551073bfaa3a94d1ab074f554938. It is recommended to apply a patch to fix this issue. VDB-218474 is the identifier assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-18T12:20:52.000000Z"}, {"uuid": "e83cd034-a418-447b-91f7-255b7aa815f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36659", "type": "seen", "source": "https://t.me/cibsecurity/57019", "content": "\u203c CVE-2020-36659 \u203c\n\nIn Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-27T07:34:03.000000Z"}, {"uuid": "3a307005-f6a1-42e3-a62a-1bcfada26ad9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36657", "type": "seen", "source": "https://t.me/cibsecurity/56993", "content": "\u203c CVE-2020-36657 \u203c\n\nuptimed before 0.4.6-r1 on Gentoo allows local users (with access to the uptimed user account) to gain root privileges by creating a hard link within the /var/spool/uptimed directory, because there is an unsafe chown -R call.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-28T20:40:30.000000Z"}, {"uuid": "10641f72-9fcf-49b0-b5d0-7567045d7dbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36658", "type": "seen", "source": "https://t.me/cibsecurity/57022", "content": "\u203c CVE-2020-36658 \u203c\n\nIn Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-27T07:34:06.000000Z"}]}