Details of VAR-202101-1245

ID

VAR-202101-1245

CVE

CVE-2020-36226

TITLE

OpenLDAP Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-015569

DESCRIPTION

A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. OpenLDAP Contains an unspecified vulnerability.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. There are security vulnerabilities in OpenLDAP versions prior to 2.4.57. The vulnerability stems from a miscalculation of mesl->bv_len and a crash during saslAuthzTo processing. An attacker could exploit this vulnerability to cause a denial of service. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-05-25-2 macOS Big Sur 11.4 macOS Big Sur 11.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212529. AMD Available for: macOS Big Sur Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2021-30678: Yu Wang of Didi Research America AMD Available for: macOS Big Sur Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: A logic issue was addressed with improved state management. CVE-2021-30676: shrek_wzw App Store Available for: macOS Big Sur Impact: A malicious application may be able to break out of its sandbox Description: A path handling issue was addressed with improved validation. CVE-2021-30688: Thijs Alkemade of Computest Research Division AppleScript Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: A logic issue was addressed with improved state management. CVE-2021-30669: Yair Hoffmann Audio Available for: macOS Big Sur Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30707: hjy79425575 working with Trend Micro Zero Day Initiative Audio Available for: macOS Big Sur Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information Description: This issue was addressed with improved checks. CVE-2021-30685: Mickey Jin (@patch1t) of Trend Micro Core Services Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. CVE-2021-30681: Zhongcheng Li (CK01) CoreAudio Available for: macOS Big Sur Impact: Processing a maliciously crafted audio file may disclose restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30686: Mickey Jin of Trend Micro Crash Reporter Available for: macOS Big Sur Impact: A malicious application may be able to modify protected parts of the file system Description: A logic issue was addressed with improved state management. CVE-2021-30727: Cees Elzinga CVMS Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: This issue was addressed with improved checks. CVE-2021-30724: Mickey Jin (@patch1t) of Trend Micro Dock Available for: macOS Big Sur Impact: A malicious application may be able to access a user's call history Description: An access issue was addressed with improved access restrictions. CVE-2021-30673: Josh Parnham (@joshparnham) Graphics Drivers Available for: macOS Big Sur Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2021-30684: Liu Long of Ant Security Light-Year Lab Graphics Drivers Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-30735: Jack Dates of RET2 Systems, Inc. (@ret2systems) working with Trend Micro Zero Day Initiative Heimdal Available for: macOS Big Sur Impact: A local user may be able to leak sensitive user information Description: A logic issue was addressed with improved state management. CVE-2021-30697: Gabe Kirkpatrick (@gabe_k) Heimdal Available for: macOS Big Sur Impact: A malicious application may cause a denial of service or potentially disclose memory contents Description: A memory corruption issue was addressed with improved state management. CVE-2021-30710: Gabe Kirkpatrick (@gabe_k) Heimdal Available for: macOS Big Sur Impact: A malicious application could execute arbitrary code leading to compromise of user information Description: A use after free issue was addressed with improved memory management. CVE-2021-30683: Gabe Kirkpatrick (@gabe_k) ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to disclosure of user information Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30687: Hou JingYi (@hjy79425575) of Qihoo 360 ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to disclosure of user information Description: This issue was addressed with improved checks. CVE-2021-30700: Ye Zhang(@co0py_Cat) of Baidu Security ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30701: Mickey Jin (@patch1t) of Trend Micro and Ye Zhang of Baidu Security ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted ASTC file may disclose memory contents Description: This issue was addressed with improved checks. CVE-2021-30705: Ye Zhang of Baidu Security Intel Graphics Driver Available for: macOS Big Sur Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: An out-of-bounds read issue was addressed by removing the vulnerable code. CVE-2021-30719: an anonymous researcher working with Trend Micro Zero Day Initiative Intel Graphics Driver Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-30728: Liu Long of Ant Security Light-Year Lab CVE-2021-30726: Yinyi Wu(@3ndy1) of Qihoo 360 Vulcan Team Kernel Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved validation. CVE-2021-30740: Linus Henze (pinauten.de) Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved state management. CVE-2021-30704: an anonymous researcher Kernel Available for: macOS Big Sur Impact: Processing a maliciously crafted message may lead to a denial of service Description: A logic issue was addressed with improved state management. CVE-2021-30715: The UK's National Cyber Security Centre (NCSC) Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved size validation. CVE-2021-30736: Ian Beer of Google Project Zero Kernel Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: A memory corruption issue was addressed with improved validation. CVE-2021-30739: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab Kext Management Available for: macOS Big Sur Impact: A local user may be able to load unsigned kernel extensions Description: A logic issue was addressed with improved state management. CVE-2021-30680: Csaba Fitzl (@theevilbit) of Offensive Security LaunchServices Available for: macOS Big Sur Impact: A malicious application may be able to break out of its sandbox Description: This issue was addressed with improved environment sanitization. CVE-2021-30677: Ron Waisberg (@epsilan) Login Window Available for: macOS Big Sur Impact: A person with physical access to a Mac may be able to bypass Login Window Description: A logic issue was addressed with improved state management. CVE-2021-30702: Jewel Lambert of Original Spin, LLC. Mail Available for: macOS Big Sur Impact: An attacker in a privileged network position may be able to misrepresent application state Description: A logic issue was addressed with improved state management. CVE-2021-30696: Fabian Ising and Damian Poddebniak of Münster University of Applied Sciences Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may disclose memory contents Description: An information disclosure issue was addressed with improved state management. CVE-2021-30723: Mickey Jin (@patch1t) of Trend Micro CVE-2021-30691: Mickey Jin (@patch1t) of Trend Micro CVE-2021-30692: Mickey Jin (@patch1t) of Trend Micro CVE-2021-30694: Mickey Jin (@patch1t) of Trend Micro Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2021-30725: Mickey Jin (@patch1t) of Trend Micro Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may disclose memory contents Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30746: Mickey Jin (@patch1t) of Trend Micro Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A validation issue was addressed with improved logic. CVE-2021-30693: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend Micro Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may disclose memory contents Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30695: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend Micro Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30708: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend Micro Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may disclose memory contents Description: This issue was addressed with improved checks. CVE-2021-30709: Mickey Jin (@patch1t) of Trend Micro NSOpenPanel Available for: macOS Big Sur Impact: An application may be able to gain elevated privileges Description: This issue was addressed by removing the vulnerable code. CVE-2021-30679: Gabe Kirkpatrick (@gabe_k) OpenLDAP Available for: macOS Big Sur Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2020-36226 CVE-2020-36227 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36221 CVE-2020-36228 CVE-2020-36222 CVE-2020-36230 CVE-2020-36229 PackageKit Available for: macOS Big Sur Impact: A malicious application may be able to overwrite arbitrary files Description: An issue with path validation logic for hardlinks was addressed with improved path sanitization. CVE-2021-30738: Qingyang Chen of Topsec Alpha Team and Csaba Fitzl (@theevilbit) of Offensive Security Security Available for: macOS Big Sur Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code. CVE-2021-30737: xerub smbx Available for: macOS Big Sur Impact: An attacker in a privileged network position may be able to perform denial of service Description: A logic issue was addressed with improved state management. CVE-2021-30716: Aleksandar Nikolic of Cisco Talos smbx Available for: macOS Big Sur Impact: An attacker in a privileged network position may be able to execute arbitrary code Description: A memory corruption issue was addressed with improved state management. CVE-2021-30717: Aleksandar Nikolic of Cisco Talos smbx Available for: macOS Big Sur Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: A path handling issue was addressed with improved validation. CVE-2021-30721: Aleksandar Nikolic of Cisco Talos smbx Available for: macOS Big Sur Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An information disclosure issue was addressed with improved state management. CVE-2021-30722: Aleksandar Nikolic of Cisco Talos smbx Available for: macOS Big Sur Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2021-30712: Aleksandar Nikolic of Cisco Talos Software Update Available for: macOS Big Sur Impact: A person with physical access to a Mac may be able to bypass Login Window during a software update Description: This issue was addressed with improved checks. CVE-2021-30668: Syrus Kimiagar and Danilo Paffi Monteiro SoftwareUpdate Available for: macOS Big Sur Impact: A non-privileged user may be able to modify restricted settings Description: This issue was addressed with improved checks. CVE-2021-30718: SiQian Wei of ByteDance Security TCC Available for: macOS Big Sur Impact: A malicious application may be able to send unauthorized Apple events to Finder Description: A validation issue was addressed with improved logic. CVE-2021-30671: Ryan Bell (@iRyanBell) TCC Available for: macOS Big Sur Impact: A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited. Description: A permissions issue was addressed with improved validation. CVE-2021-30713: an anonymous researcher WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. CVE-2021-30744: Dan Hite of jsontop WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-21779: Marcin Towalski of Cisco Talos WebKit Available for: macOS Big Sur Impact: A malicious application may be able to leak sensitive user information Description: A logic issue was addressed with improved restrictions. CVE-2021-30682: an anonymous researcher and 1lastBr3ath WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved state management. CVE-2021-30689: an anonymous researcher WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2021-30749: an anonymous researcher and mipu94 of SEFCOM lab, ASU. working with Trend Micro Zero Day Initiative CVE-2021-30734: Jack Dates of RET2 Systems, Inc. (@ret2systems) working with Trend Micro Zero Day Initiative WebKit Available for: macOS Big Sur Impact: A malicious website may be able to access restricted ports on arbitrary servers Description: A logic issue was addressed with improved restrictions. CVE-2021-30720: David Schütz (@xdavidhu) WebRTC Available for: macOS Big Sur Impact: A remote attacker may be able to cause a denial of service Description: A null pointer dereference was addressed with improved input validation. CVE-2021-23841: Tavis Ormandy of Google CVE-2021-30698: Tavis Ormandy of Google Additional recognition App Store We would like to acknowledge Thijs Alkemade of Computest Research Division for their assistance. CoreCapture We would like to acknowledge Zuozhi Fan (@pattern_F_) of Ant- financial TianQiong Security Lab for their assistance. ImageIO We would like to acknowledge Jzhu working with Trend Micro Zero Day Initiative and an anonymous researcher for their assistance. Mail Drafts We would like to acknowledge Lauritz Holtmann (@_lauritz_) for their assistance. WebKit We would like to acknowledge Chris Salls (@salls) of Makai Security for their assistance. Installation note: This update may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCtU9AACgkQZcsbuWJ6 jjDC5g/+P0Hya9smOX6XVhxtnwe+vh2d5zOrKLBymdkvDPGw1UQoGOq08+7eu02Q vsManS/aP1UKNcMnbALHNFbFXv61ZjWi+71qgGGAQAe3EtYTJchBiIIyOBNIHoOJ 8X9sOeiyFzOOKw+GyVsBMNRL9Oh678USC4qgyyO5u2+Oexehu+6N9YNdAzwZgy6o muP+NlZ08s80ahRfq/6q8uKj7+Is0k5OEdxpWTnJOoXUDzZPj4Vo7H0HL6zjuqg3 CurJQABF3kDBWgZCvroMU6/HpbilGPE+JUFV7HPfaMe6iE3FsfrOq101w+/ovuNM hJ3yk/QENoh5BYdHKJo7zPVZBteGX20EVPdWfTsnz6a/hk568A+ICiupFIqwEuQv esIBWzgab9YUb2fAaZ071Z+lSn0Rj7tm3V/rhdwq19tYD3Q7BqEJ+YxYCH2zvyIB mP4/NoMpsDiTqFradR8Skac5uwINpZzAHjFyWLj0QVWVMxyQB8EGshR16YPkMryJ rjGyNIqZPcZ/Z6KJqpvNJrfI+b0oeqFMBUwpwK/7aQFPP/MvsM+UVSySipRiqwoa WAHMuY4SQwcseok7N6Rf+zAEYm9Nc+YglYpTW2taw6g0vWNIuCbyzPdC/Srrjw98 od2jLahPwyoBg6WBvXoZ6H4YOWFAywf225nYk3l5ATsG6rNbhYk= =Avma -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4845-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 03, 2021 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openldap CVE ID : CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 Several vulnerabilities were discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. An unauthenticated remote attacker can take advantage of these flaws to cause a denial of service (slapd daemon crash, infinite loops) via specially crafted packets. For the stable distribution (buster), these problems have been fixed in version 2.4.47+dfsg-3+deb10u5. We recommend that you upgrade your openldap packages

Trust: 2.7

sources: NVD: CVE-2020-36226 // JVNDB: JVNDB-2020-015569 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-384984 // VULMON: CVE-2020-36226 // PACKETSTORM: 162820 // PACKETSTORM: 162821 // PACKETSTORM: 162826 // PACKETSTORM: 168991

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	gte	version:	10.14.0	Trust: 1.0
vendor:	openldap	model:	openldap	scope:	lt	version:	2.4.57	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.14.6	Trust: 1.0
vendor:	apple	model:	macos	scope:	gte	version:	11.1	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	11.4	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.14.6	Trust: 1.0
vendor:	openldap	model:	openldap	scope:	-	version:	-	Trust: 0.8
vendor:	debian	model:	gnu/linux	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	macos big sur	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-015569 // NVD: CVE-2020-36226

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-36226
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-36226
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202101-2291
value:	HIGH
Trust: 0.6
VULHUB:	VHN-384984
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-36226
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-36226
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-384984
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-36226
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-36226
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-384984 // VULMON: CVE-2020-36226 // JVNDB: JVNDB-2020-015569 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202101-2291 // NVD: CVE-2020-36226

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-015569 // NVD: CVE-2020-36226

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 168991 // CNNVD: CNNVD-202101-2291

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202101-2291

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-384984

PATCH

title:	HT212530 Apple Security update	url:	https://www.debian.org/security/2021/dsa-4845	Trust: 0.8
title:	Arch Linux Issues:	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2020-36226 log	Trust: 0.1
title:	Debian Security Advisories: DSA-4845-1 openldap -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=bcfc870108e33a879122af52d7b9ebb2	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2023-1741	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2023-1741	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2023-2033	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2023-2033	Trust: 0.1
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=ec6577109e640dac19a6ddb978afe82d	Trust: 0.1

sources: VULMON: CVE-2020-36226 // JVNDB: JVNDB-2020-015569

EXTERNAL IDS

db:	NVD	id:	CVE-2020-36226	Trust: 3.0
db:	PACKETSTORM	id:	162820	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-015569	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1794	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0828	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0788	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0429	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1305	Trust: 0.6
db:	CS-HELP	id:	SB2021092209	Trust: 0.6
db:	CS-HELP	id:	SB2021122914	Trust: 0.6
db:	CS-HELP	id:	SB2021052502	Trust: 0.6
db:	CNNVD	id:	CNNVD-202101-2291	Trust: 0.6
db:	PACKETSTORM	id:	162826	Trust: 0.2
db:	PACKETSTORM	id:	162821	Trust: 0.2
db:	VULHUB	id:	VHN-384984	Trust: 0.1
db:	ICS CERT	id:	ICSA-23-348-10	Trust: 0.1
db:	VULMON	id:	CVE-2020-36226	Trust: 0.1
db:	PACKETSTORM	id:	168991	Trust: 0.1

sources: VULHUB: VHN-384984 // VULMON: CVE-2020-36226 // JVNDB: JVNDB-2020-015569 // PACKETSTORM: 162820 // PACKETSTORM: 162821 // PACKETSTORM: 162826 // PACKETSTORM: 168991 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202101-2291 // NVD: CVE-2020-36226

REFERENCES

url:	https://www.debian.org/security/2021/dsa-4845	Trust: 1.9
url:	https://security.netapp.com/advisory/ntap-20210226-0002/	Trust: 1.8
url:	https://support.apple.com/kb/ht212529	Trust: 1.8
url:	https://support.apple.com/kb/ht212530	Trust: 1.8
url:	https://support.apple.com/kb/ht212531	Trust: 1.8
url:	http://seclists.org/fulldisclosure/2021/may/70	Trust: 1.8
url:	http://seclists.org/fulldisclosure/2021/may/65	Trust: 1.8
url:	http://seclists.org/fulldisclosure/2021/may/64	Trust: 1.8
url:	https://bugs.openldap.org/show_bug.cgi?id=9413	Trust: 1.8
url:	https://git.openldap.org/openldap/openldap/-/commit/554dff1927176579d652f2fe60c90e9abbad4c65	Trust: 1.8
url:	https://git.openldap.org/openldap/openldap/-/commit/5a2017d4e61a6ddc4dcb4415028e0d08eb6bca26	Trust: 1.8
url:	https://git.openldap.org/openldap/openldap/-/commit/c0b61a9486508e5202aa2e0cfb68c9813731b439	Trust: 1.8
url:	https://git.openldap.org/openldap/openldap/-/commit/d169e7958a3e0dc70f59c8374bf8a59833b7bdd8	Trust: 1.8
url:	https://git.openldap.org/openldap/openldap/-/tags/openldap_rel_eng_2_4_57	Trust: 1.8
url:	https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36226	Trust: 1.8
url:	https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3cissues.guacamole.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3cissues.bookkeeper.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3cissues.bookkeeper.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3cissues.bookkeeper.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3cissues.bookkeeper.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3cissues.guacamole.apache.org%3e	Trust: 0.7
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0828	Trust: 0.6
url:	https://packetstormsecurity.com/files/162820/apple-security-advisory-2021-05-25-4.html	Trust: 0.6
url:	https://support.apple.com/en-us/ht212529	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1794	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021092209	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021052502	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1305	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0788	Trust: 0.6
url:	https://support.apple.com/en-us/ht212531	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021122914	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0429	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36228	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36222	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36221	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36225	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36224	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36229	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36223	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36230	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36227	Trust: 0.4
url:	https://support.apple.com/downloads/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30669	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30676	Trust: 0.3
url:	https://www.apple.com/support/security/pgp/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30679	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30678	Trust: 0.3
url:	https://support.apple.com/kb/ht201222	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30681	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30683	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30684	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1884	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30671	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30685	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30673	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30693	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30687	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30691	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30692	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1883	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://security.archlinux.org/cve-2020-36226	Trust: 0.1
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10	Trust: 0.1
url:	https://support.apple.com/ht212530.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30695	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30697	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30694	Trust: 0.1
url:	https://support.apple.com/ht212531.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30690	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21779	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30682	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-23841	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30677	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30680	Trust: 0.1
url:	https://support.apple.com/ht212529.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30668	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/openldap	Trust: 0.1

CREDITS

Apple

Trust: 0.3

sources: PACKETSTORM: 162820 // PACKETSTORM: 162821 // PACKETSTORM: 162826

SOURCES

db:	VULHUB	id:	VHN-384984
db:	VULMON	id:	CVE-2020-36226
db:	JVNDB	id:	JVNDB-2020-015569
db:	PACKETSTORM	id:	162820
db:	PACKETSTORM	id:	162821
db:	PACKETSTORM	id:	162826
db:	PACKETSTORM	id:	168991
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202101-2291
db:	NVD	id:	CVE-2020-36226

LAST UPDATE DATE

2024-08-14T12:41:50.496000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-384984	date:	2022-04-13T00:00:00
db:	VULMON	id:	CVE-2020-36226	date:	2023-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2020-015569	date:	2021-10-05T08:22:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202101-2291	date:	2021-12-30T00:00:00
db:	NVD	id:	CVE-2020-36226	date:	2023-11-07T03:22:07.590

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-384984	date:	2021-01-26T00:00:00
db:	VULMON	id:	CVE-2020-36226	date:	2021-01-26T00:00:00
db:	JVNDB	id:	JVNDB-2020-015569	date:	2021-10-05T00:00:00
db:	PACKETSTORM	id:	162820	date:	2021-05-26T17:46:02
db:	PACKETSTORM	id:	162821	date:	2021-05-26T17:46:16
db:	PACKETSTORM	id:	162826	date:	2021-05-26T17:50:31
db:	PACKETSTORM	id:	168991	date:	2021-02-28T20:12:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202101-2291	date:	2021-01-26T00:00:00
db:	NVD	id:	CVE-2020-36226	date:	2021-01-26T18:15:57.100