{"vulnerability": "cve-2020-3547", "sightings": [{"uuid": "332dea69-c4cf-4308-9707-7583555b1cfd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35476", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:44.000000Z"}, {"uuid": "83d95242-4109-4304-9e61-e1067d98d8a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35476", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:28.000000Z"}, {"uuid": "66a7712b-b461-42fa-a109-c5dfbcf85a11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35476", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-05-18)", "content": "", "creation_timestamp": "2025-05-18T00:00:00.000000Z"}, {"uuid": "5eaa516e-771c-4fa8-a672-115930e60b95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35476", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/opentsdb_yrange_cmd_injection.rb", "content": "", "creation_timestamp": "2022-12-23T14:46:09.000000Z"}, {"uuid": "d5680ea5-f87b-45ef-9b0b-cfb897cd43a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35476", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-02-08)", "content": "", "creation_timestamp": "2026-02-08T00:00:00.000000Z"}, {"uuid": "57b6d1d5-adb7-4415-a64d-4e66b0e0cba3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35476", "type": "published-proof-of-concept", "source": "https://t.me/pwnwiki_zhchannel/267", "content": "CVE-2020-35476 OpenTSDB 2.4.0 \u9060\u7a0b\u4ee3\u78bc\u57f7\u884c\u6f0f\u6d1e\nhttps://www.pwnwiki.org/index.php?title=CVE-2020-35476_OpenTSDB_2.4.0_%E9%81%A0%E7%A8%8B%E4%BB%A3%E7%A2%BC%E5%9F%B7%E8%A1%8C%E6%BC%8F%E6%B4%9E", "creation_timestamp": "2021-04-27T09:04:52.000000Z"}, {"uuid": "c5c9b345-596b-4fa1-96db-8e32da44b1ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35473", "type": "seen", "source": "https://t.me/cibsecurity/52620", "content": "\u203c CVE-2020-35473 \u203c\n\nAn information leakage vulnerability in the Bluetooth Low Energy advertisement scan response in Bluetooth Core Specifications 4.0 through 5.2, and extended scan response in Bluetooth Core Specifications 5.0 through 5.2, may be used to identify devices using Resolvable Private Addressing (RPA) by their response or non-response to specific scan requests from remote addresses. RPAs that have been associated with a specific remote device may also be used to identify a peer in the same manner by using its reaction to an active scan request. This has also been called an allowlist-based side channel.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-08T12:35:00.000000Z"}, {"uuid": "2e8976d7-816d-4eaf-b2af-1238bc51d174", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35476", "type": "seen", "source": "https://t.me/cibsecurity/63240", "content": "\u203c CVE-2023-25826 \u203c\n\nDue to insufficient validation of parameters passed to the legacy HTTP query API, it is possible to inject crafted OS commands into multiple parameters and execute malicious code on the OpenTSDB host system. This exploit exists due to an incomplete fix that was made when this vulnerability was previously disclosed as CVE-2020-35476. Regex validation that was implemented to restrict allowed input to the query API does not work as intended, allowing crafted commands to bypass validation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-03T22:31:09.000000Z"}, {"uuid": "40452997-744c-4a6e-9e11-d2f2a8491822", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35479", "type": "seen", "source": "https://t.me/cibsecurity/21066", "content": "\u203c CVE-2020-35479 \u203c\n\nMediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Language::translateBlockExpiry itself does not escape in all code paths. For example, the return of Language::userTimeAndDate is is always unsafe for HTML in a month value. This affects MediaWiki 1.12.0 and later.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-18T12:47:04.000000Z"}, {"uuid": "475d3177-676b-4cda-91c6-556a95ccd49e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35475", "type": "seen", "source": "https://t.me/cibsecurity/21065", "content": "\u203c CVE-2020-35475 \u203c\n\nIn MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. (The right column with the changeable groups is not affected and is escaped correctly.)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-18T12:47:03.000000Z"}, {"uuid": "5af053d7-8992-4df2-96bf-eaba180d6c4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35478", "type": "seen", "source": "https://t.me/cibsecurity/21052", "content": "\u203c CVE-2020-35478 \u203c\n\nMediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. MediaWiki:blanknamespace potentially can be output as raw HTML with SCRIPT tags via LogFormatter::makePageLink(). This affects MediaWiki 1.33.0 and later.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-18T12:46:47.000000Z"}, {"uuid": "70322c37-4086-4d9b-a4e4-966f77548a30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35474", "type": "seen", "source": "https://t.me/cibsecurity/21048", "content": "\u203c CVE-2020-35474 \u203c\n\nIn MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS because the definition of MediaWiki:recentchanges-legend-watchlistexpiry can be changed onwiki so that the output is raw HTML.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-18T12:46:41.000000Z"}, {"uuid": "fb35dbda-94bc-4699-8e1f-fafcb34ceaff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35476", "type": "seen", "source": "https://t.me/cibsecurity/20908", "content": "\u203c CVE-2020-35476 \u203c\n\nA remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. (tsd/GraphHandler.java attempted to prevent command injections by blocking backticks but this is insufficient.)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-16T15:25:41.000000Z"}, {"uuid": "b11c2c77-0d1d-410f-b2e4-5309acedf220", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35471", "type": "seen", "source": "https://t.me/cibsecurity/20799", "content": "\u203c CVE-2020-35471 \u203c\n\nEnvoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than 1500.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-15T07:39:39.000000Z"}, {"uuid": "431367de-4d0a-4ee6-88d4-bbbee9001544", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35470", "type": "seen", "source": "https://t.me/cibsecurity/20798", "content": "\u203c CVE-2020-35470 \u203c\n\nEnvoy before 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header. This affects situations with tcp-proxy as the network filter (not HTTP filters).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-15T07:39:38.000000Z"}, {"uuid": "722eeeb2-4f34-4f91-bc85-ffbb728894a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35476", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2611", "content": "#exploit\nCVE-2020-35476:\nOpenTSDB (Scalable Time Series DB) 2.4.0 - RCE\nhttps://github.com/OpenTSDB/opentsdb/issues/2051", "creation_timestamp": "2024-10-09T19:25:13.000000Z"}, {"uuid": "8664cdb7-2538-4f5a-900a-aa7f2db14a44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35476", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/995", "content": "CVE-2020-35476 \n\nget\n /q?start=2000/10/21-00:00:00&end=2020/10/25-15:56:44&m=sum:sys.cpu.nice&o=&ylabel=&xrange=10:10&yrange=[33:system(%27cat /etc%27)]&wxh=1516x644&style=linespoint&baba=lala&grid=t&json\"\n\n#poc", "creation_timestamp": "2023-11-03T05:29:56.000000Z"}]}