ID

VAR-202101-1241


CVE

CVE-2020-36222


TITLE

OpenLDAP  Reachable assertion vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-015609

DESCRIPTION

A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. OpenLDAP Exists in a reachable assertion vulnerability.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. There are security vulnerabilities in OpenLDAP versions prior to 2.4.57. An attacker could exploit this vulnerability to cause a denial of service. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-05-25-2 macOS Big Sur 11.4 macOS Big Sur 11.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212529. AMD Available for: macOS Big Sur Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2021-30678: Yu Wang of Didi Research America AMD Available for: macOS Big Sur Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: A logic issue was addressed with improved state management. CVE-2021-30676: shrek_wzw App Store Available for: macOS Big Sur Impact: A malicious application may be able to break out of its sandbox Description: A path handling issue was addressed with improved validation. CVE-2021-30688: Thijs Alkemade of Computest Research Division AppleScript Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: A logic issue was addressed with improved state management. CVE-2021-30669: Yair Hoffmann Audio Available for: macOS Big Sur Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30707: hjy79425575 working with Trend Micro Zero Day Initiative Audio Available for: macOS Big Sur Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information Description: This issue was addressed with improved checks. CVE-2021-30685: Mickey Jin (@patch1t) of Trend Micro Core Services Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. CVE-2021-30681: Zhongcheng Li (CK01) CoreAudio Available for: macOS Big Sur Impact: Processing a maliciously crafted audio file may disclose restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30686: Mickey Jin of Trend Micro Crash Reporter Available for: macOS Big Sur Impact: A malicious application may be able to modify protected parts of the file system Description: A logic issue was addressed with improved state management. CVE-2021-30727: Cees Elzinga CVMS Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: This issue was addressed with improved checks. CVE-2021-30724: Mickey Jin (@patch1t) of Trend Micro Dock Available for: macOS Big Sur Impact: A malicious application may be able to access a user's call history Description: An access issue was addressed with improved access restrictions. CVE-2021-30673: Josh Parnham (@joshparnham) Graphics Drivers Available for: macOS Big Sur Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2021-30684: Liu Long of Ant Security Light-Year Lab Graphics Drivers Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-30735: Jack Dates of RET2 Systems, Inc. (@ret2systems) working with Trend Micro Zero Day Initiative Heimdal Available for: macOS Big Sur Impact: A local user may be able to leak sensitive user information Description: A logic issue was addressed with improved state management. CVE-2021-30697: Gabe Kirkpatrick (@gabe_k) Heimdal Available for: macOS Big Sur Impact: A malicious application may cause a denial of service or potentially disclose memory contents Description: A memory corruption issue was addressed with improved state management. CVE-2021-30710: Gabe Kirkpatrick (@gabe_k) Heimdal Available for: macOS Big Sur Impact: A malicious application could execute arbitrary code leading to compromise of user information Description: A use after free issue was addressed with improved memory management. CVE-2021-30683: Gabe Kirkpatrick (@gabe_k) ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to disclosure of user information Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30687: Hou JingYi (@hjy79425575) of Qihoo 360 ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to disclosure of user information Description: This issue was addressed with improved checks. CVE-2021-30700: Ye Zhang(@co0py_Cat) of Baidu Security ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30701: Mickey Jin (@patch1t) of Trend Micro and Ye Zhang of Baidu Security ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted ASTC file may disclose memory contents Description: This issue was addressed with improved checks. CVE-2021-30705: Ye Zhang of Baidu Security Intel Graphics Driver Available for: macOS Big Sur Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: An out-of-bounds read issue was addressed by removing the vulnerable code. CVE-2021-30719: an anonymous researcher working with Trend Micro Zero Day Initiative Intel Graphics Driver Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-30728: Liu Long of Ant Security Light-Year Lab CVE-2021-30726: Yinyi Wu(@3ndy1) of Qihoo 360 Vulcan Team Kernel Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved validation. CVE-2021-30740: Linus Henze (pinauten.de) Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved state management. CVE-2021-30704: an anonymous researcher Kernel Available for: macOS Big Sur Impact: Processing a maliciously crafted message may lead to a denial of service Description: A logic issue was addressed with improved state management. CVE-2021-30715: The UK's National Cyber Security Centre (NCSC) Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved size validation. CVE-2021-30736: Ian Beer of Google Project Zero Kernel Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: A memory corruption issue was addressed with improved validation. CVE-2021-30739: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab Kext Management Available for: macOS Big Sur Impact: A local user may be able to load unsigned kernel extensions Description: A logic issue was addressed with improved state management. CVE-2021-30680: Csaba Fitzl (@theevilbit) of Offensive Security LaunchServices Available for: macOS Big Sur Impact: A malicious application may be able to break out of its sandbox Description: This issue was addressed with improved environment sanitization. CVE-2021-30677: Ron Waisberg (@epsilan) Login Window Available for: macOS Big Sur Impact: A person with physical access to a Mac may be able to bypass Login Window Description: A logic issue was addressed with improved state management. CVE-2021-30702: Jewel Lambert of Original Spin, LLC. Mail Available for: macOS Big Sur Impact: An attacker in a privileged network position may be able to misrepresent application state Description: A logic issue was addressed with improved state management. CVE-2021-30696: Fabian Ising and Damian Poddebniak of Münster University of Applied Sciences Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may disclose memory contents Description: An information disclosure issue was addressed with improved state management. CVE-2021-30723: Mickey Jin (@patch1t) of Trend Micro CVE-2021-30691: Mickey Jin (@patch1t) of Trend Micro CVE-2021-30692: Mickey Jin (@patch1t) of Trend Micro CVE-2021-30694: Mickey Jin (@patch1t) of Trend Micro Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2021-30725: Mickey Jin (@patch1t) of Trend Micro Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may disclose memory contents Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30746: Mickey Jin (@patch1t) of Trend Micro Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A validation issue was addressed with improved logic. CVE-2021-30693: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend Micro Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may disclose memory contents Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30695: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend Micro Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30708: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend Micro Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may disclose memory contents Description: This issue was addressed with improved checks. CVE-2021-30709: Mickey Jin (@patch1t) of Trend Micro NSOpenPanel Available for: macOS Big Sur Impact: An application may be able to gain elevated privileges Description: This issue was addressed by removing the vulnerable code. CVE-2021-30679: Gabe Kirkpatrick (@gabe_k) OpenLDAP Available for: macOS Big Sur Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2020-36226 CVE-2020-36227 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36221 CVE-2020-36228 CVE-2020-36222 CVE-2020-36230 CVE-2020-36229 PackageKit Available for: macOS Big Sur Impact: A malicious application may be able to overwrite arbitrary files Description: An issue with path validation logic for hardlinks was addressed with improved path sanitization. CVE-2021-30738: Qingyang Chen of Topsec Alpha Team and Csaba Fitzl (@theevilbit) of Offensive Security Security Available for: macOS Big Sur Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code. CVE-2021-30737: xerub smbx Available for: macOS Big Sur Impact: An attacker in a privileged network position may be able to perform denial of service Description: A logic issue was addressed with improved state management. CVE-2021-30716: Aleksandar Nikolic of Cisco Talos smbx Available for: macOS Big Sur Impact: An attacker in a privileged network position may be able to execute arbitrary code Description: A memory corruption issue was addressed with improved state management. CVE-2021-30717: Aleksandar Nikolic of Cisco Talos smbx Available for: macOS Big Sur Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: A path handling issue was addressed with improved validation. CVE-2021-30721: Aleksandar Nikolic of Cisco Talos smbx Available for: macOS Big Sur Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An information disclosure issue was addressed with improved state management. CVE-2021-30722: Aleksandar Nikolic of Cisco Talos smbx Available for: macOS Big Sur Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2021-30712: Aleksandar Nikolic of Cisco Talos Software Update Available for: macOS Big Sur Impact: A person with physical access to a Mac may be able to bypass Login Window during a software update Description: This issue was addressed with improved checks. CVE-2021-30668: Syrus Kimiagar and Danilo Paffi Monteiro SoftwareUpdate Available for: macOS Big Sur Impact: A non-privileged user may be able to modify restricted settings Description: This issue was addressed with improved checks. CVE-2021-30718: SiQian Wei of ByteDance Security TCC Available for: macOS Big Sur Impact: A malicious application may be able to send unauthorized Apple events to Finder Description: A validation issue was addressed with improved logic. CVE-2021-30671: Ryan Bell (@iRyanBell) TCC Available for: macOS Big Sur Impact: A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited. Description: A permissions issue was addressed with improved validation. CVE-2021-30713: an anonymous researcher WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. CVE-2021-30744: Dan Hite of jsontop WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-21779: Marcin Towalski of Cisco Talos WebKit Available for: macOS Big Sur Impact: A malicious application may be able to leak sensitive user information Description: A logic issue was addressed with improved restrictions. CVE-2021-30682: an anonymous researcher and 1lastBr3ath WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved state management. CVE-2021-30689: an anonymous researcher WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2021-30749: an anonymous researcher and mipu94 of SEFCOM lab, ASU. working with Trend Micro Zero Day Initiative CVE-2021-30734: Jack Dates of RET2 Systems, Inc. (@ret2systems) working with Trend Micro Zero Day Initiative WebKit Available for: macOS Big Sur Impact: A malicious website may be able to access restricted ports on arbitrary servers Description: A logic issue was addressed with improved restrictions. CVE-2021-30720: David Schütz (@xdavidhu) WebRTC Available for: macOS Big Sur Impact: A remote attacker may be able to cause a denial of service Description: A null pointer dereference was addressed with improved input validation. CVE-2021-23841: Tavis Ormandy of Google CVE-2021-30698: Tavis Ormandy of Google Additional recognition App Store We would like to acknowledge Thijs Alkemade of Computest Research Division for their assistance. CoreCapture We would like to acknowledge Zuozhi Fan (@pattern_F_) of Ant- financial TianQiong Security Lab for their assistance. ImageIO We would like to acknowledge Jzhu working with Trend Micro Zero Day Initiative and an anonymous researcher for their assistance. Mail Drafts We would like to acknowledge Lauritz Holtmann (@_lauritz_) for their assistance. WebKit We would like to acknowledge Chris Salls (@salls) of Makai Security for their assistance. Installation note: This update may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCtU9AACgkQZcsbuWJ6 jjDC5g/+P0Hya9smOX6XVhxtnwe+vh2d5zOrKLBymdkvDPGw1UQoGOq08+7eu02Q vsManS/aP1UKNcMnbALHNFbFXv61ZjWi+71qgGGAQAe3EtYTJchBiIIyOBNIHoOJ 8X9sOeiyFzOOKw+GyVsBMNRL9Oh678USC4qgyyO5u2+Oexehu+6N9YNdAzwZgy6o muP+NlZ08s80ahRfq/6q8uKj7+Is0k5OEdxpWTnJOoXUDzZPj4Vo7H0HL6zjuqg3 CurJQABF3kDBWgZCvroMU6/HpbilGPE+JUFV7HPfaMe6iE3FsfrOq101w+/ovuNM hJ3yk/QENoh5BYdHKJo7zPVZBteGX20EVPdWfTsnz6a/hk568A+ICiupFIqwEuQv esIBWzgab9YUb2fAaZ071Z+lSn0Rj7tm3V/rhdwq19tYD3Q7BqEJ+YxYCH2zvyIB mP4/NoMpsDiTqFradR8Skac5uwINpZzAHjFyWLj0QVWVMxyQB8EGshR16YPkMryJ rjGyNIqZPcZ/Z6KJqpvNJrfI+b0oeqFMBUwpwK/7aQFPP/MvsM+UVSySipRiqwoa WAHMuY4SQwcseok7N6Rf+zAEYm9Nc+YglYpTW2taw6g0vWNIuCbyzPdC/Srrjw98 od2jLahPwyoBg6WBvXoZ6H4YOWFAywf225nYk3l5ATsG6rNbhYk= =Avma -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4845-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 03, 2021 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openldap CVE ID : CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 Several vulnerabilities were discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. An unauthenticated remote attacker can take advantage of these flaws to cause a denial of service (slapd daemon crash, infinite loops) via specially crafted packets. For the stable distribution (buster), these problems have been fixed in version 2.4.47+dfsg-3+deb10u5. We recommend that you upgrade your openldap packages

Trust: 2.7

sources: NVD: CVE-2020-36222 // JVNDB: JVNDB-2020-015609 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-384980 // VULMON: CVE-2020-36222 // PACKETSTORM: 162820 // PACKETSTORM: 162821 // PACKETSTORM: 162826 // PACKETSTORM: 168991

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:gteversion:10.14.0

Trust: 1.0

vendor:openldapmodel:openldapscope:ltversion:2.4.57

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.14.6

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.1

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.4

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.14.6

Trust: 1.0

vendor:openldapmodel:openldapscope: - version: -

Trust: 0.8

vendor:debianmodel:gnu/linuxscope: - version: -

Trust: 0.8

vendor:アップルmodel:apple mac os xscope: - version: -

Trust: 0.8

vendor:アップルmodel:macos big surscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-015609 // NVD: CVE-2020-36222

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-36222
value: HIGH

Trust: 1.0

NVD: CVE-2020-36222
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202101-2376
value: HIGH

Trust: 0.6

VULHUB: VHN-384980
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-36222
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-36222
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-384980
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-36222
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2020-36222
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-384980 // VULMON: CVE-2020-36222 // JVNDB: JVNDB-2020-015609 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202101-2376 // NVD: CVE-2020-36222

PROBLEMTYPE DATA

problemtype:CWE-617

Trust: 1.1

problemtype:Reachable assertions (CWE-617) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-384980 // JVNDB: JVNDB-2020-015609 // NVD: CVE-2020-36222

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 168991 // CNNVD: CNNVD-202101-2376

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202101-2376

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-384980

PATCH

title:HT212531url:https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html

Trust: 0.8

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2020-36222 log

Trust: 0.1

title:Debian Security Advisories: DSA-4845-1 openldap -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=bcfc870108e33a879122af52d7b9ebb2

Trust: 0.1

title:Amazon Linux AMI: ALAS-2023-1741url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2023-1741

Trust: 0.1

title:Amazon Linux 2: ALAS2-2023-2033url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2023-2033

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=ec6577109e640dac19a6ddb978afe82d

Trust: 0.1

title:myapp-container-jaxrsurl:https://github.com/akiraabe/myapp-container-jaxrs

Trust: 0.1

sources: VULMON: CVE-2020-36222 // JVNDB: JVNDB-2020-015609

EXTERNAL IDS

db:NVDid:CVE-2020-36222

Trust: 3.0

db:PACKETSTORMid:162820

Trust: 0.8

db:JVNDBid:JVNDB-2020-015609

Trust: 0.8

db:CNNVDid:CNNVD-202101-2376

Trust: 0.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:AUSCERTid:ESB-2021.1794

Trust: 0.6

db:AUSCERTid:ESB-2021.0828

Trust: 0.6

db:AUSCERTid:ESB-2021.0788

Trust: 0.6

db:AUSCERTid:ESB-2021.0429

Trust: 0.6

db:AUSCERTid:ESB-2021.1305

Trust: 0.6

db:CS-HELPid:SB2021092209

Trust: 0.6

db:CS-HELPid:SB2021122914

Trust: 0.6

db:CS-HELPid:SB2021052502

Trust: 0.6

db:PACKETSTORMid:162826

Trust: 0.2

db:PACKETSTORMid:162821

Trust: 0.2

db:VULHUBid:VHN-384980

Trust: 0.1

db:VULMONid:CVE-2020-36222

Trust: 0.1

db:PACKETSTORMid:168991

Trust: 0.1

sources: VULHUB: VHN-384980 // VULMON: CVE-2020-36222 // JVNDB: JVNDB-2020-015609 // PACKETSTORM: 162820 // PACKETSTORM: 162821 // PACKETSTORM: 162826 // PACKETSTORM: 168991 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202101-2376 // NVD: CVE-2020-36222

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2020-36222

Trust: 1.8

url:https://security.netapp.com/advisory/ntap-20210226-0002/

Trust: 1.7

url:https://support.apple.com/kb/ht212529

Trust: 1.7

url:https://support.apple.com/kb/ht212530

Trust: 1.7

url:https://support.apple.com/kb/ht212531

Trust: 1.7

url:https://www.debian.org/security/2021/dsa-4845

Trust: 1.7

url:http://seclists.org/fulldisclosure/2021/may/70

Trust: 1.7

url:http://seclists.org/fulldisclosure/2021/may/65

Trust: 1.7

url:http://seclists.org/fulldisclosure/2021/may/64

Trust: 1.7

url:https://bugs.openldap.org/show_bug.cgi?id=9406

Trust: 1.7

url:https://bugs.openldap.org/show_bug.cgi?id=9407

Trust: 1.7

url:https://git.openldap.org/openldap/openldap/-/commit/02dfc32d658fadc25e4040f78e36592f6e1e1ca0

Trust: 1.7

url:https://git.openldap.org/openldap/openldap/-/commit/6ed057b5b728b50746c869bcc9c1f85d0bbbf6ed

Trust: 1.7

url:https://git.openldap.org/openldap/openldap/-/commit/6ed057b5b728b50746c869bcc9c1f85d0bbbf6ed.aa

Trust: 1.7

url:https://git.openldap.org/openldap/openldap/-/tags/openldap_rel_eng_2_4_57

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html

Trust: 1.7

url:https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3cissues.bookkeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3cissues.bookkeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3cissues.bookkeeper.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3cissues.bookkeeper.apache.org%3e

Trust: 0.7

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0828

Trust: 0.6

url:https://packetstormsecurity.com/files/162820/apple-security-advisory-2021-05-25-4.html

Trust: 0.6

url:https://support.apple.com/en-us/ht212529

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1794

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021092209

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021052502

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1305

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0788

Trust: 0.6

url:https://support.apple.com/en-us/ht212531

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021122914

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0429

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-36228

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-36221

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-36225

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-36226

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-36224

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-36229

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-36223

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-36230

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-36227

Trust: 0.4

url:https://support.apple.com/downloads/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-30669

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-30676

Trust: 0.3

url:https://www.apple.com/support/security/pgp/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-30679

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-30678

Trust: 0.3

url:https://support.apple.com/kb/ht201222

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-30681

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-30683

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-30684

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-1884

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30671

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30685

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30673

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30693

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30687

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30691

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30692

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-1883

Trust: 0.2

url:https://support.apple.com/ht212530.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30695

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30697

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30694

Trust: 0.1

url:https://support.apple.com/ht212531.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30690

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-21779

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30682

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23841

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30677

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30680

Trust: 0.1

url:https://support.apple.com/ht212529.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30668

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://security-tracker.debian.org/tracker/openldap

Trust: 0.1

sources: VULHUB: VHN-384980 // JVNDB: JVNDB-2020-015609 // PACKETSTORM: 162820 // PACKETSTORM: 162821 // PACKETSTORM: 162826 // PACKETSTORM: 168991 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202101-2376 // NVD: CVE-2020-36222

CREDITS

Apple

Trust: 0.3

sources: PACKETSTORM: 162820 // PACKETSTORM: 162821 // PACKETSTORM: 162826

SOURCES

db:VULHUBid:VHN-384980
db:VULMONid:CVE-2020-36222
db:JVNDBid:JVNDB-2020-015609
db:PACKETSTORMid:162820
db:PACKETSTORMid:162821
db:PACKETSTORMid:162826
db:PACKETSTORMid:168991
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202101-2376
db:NVDid:CVE-2020-36222

LAST UPDATE DATE

2024-08-14T13:08:46.993000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-384980date:2022-04-13T00:00:00
db:VULMONid:CVE-2020-36222date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2020-015609date:2021-10-06T07:58:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202101-2376date:2021-12-30T00:00:00
db:NVDid:CVE-2020-36222date:2023-11-07T03:22:07.187

SOURCES RELEASE DATE

db:VULHUBid:VHN-384980date:2021-01-26T00:00:00
db:VULMONid:CVE-2020-36222date:2021-01-26T00:00:00
db:JVNDBid:JVNDB-2020-015609date:2021-10-06T00:00:00
db:PACKETSTORMid:162820date:2021-05-26T17:46:02
db:PACKETSTORMid:162821date:2021-05-26T17:46:16
db:PACKETSTORMid:162826date:2021-05-26T17:50:31
db:PACKETSTORMid:168991date:2021-02-28T20:12:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202101-2376date:2021-01-26T00:00:00
db:NVDid:CVE-2020-36222date:2021-01-26T18:15:56.770