ID

VAR-202101-1246


CVE

CVE-2020-36227


TITLE

OpenLDAP  Infinite loop vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-015570

DESCRIPTION

A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. There are security vulnerabilities in OpenLDAP versions prior to 2.4.57. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-05-25-2 macOS Big Sur 11.4 macOS Big Sur 11.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212529. AMD Available for: macOS Big Sur Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2021-30678: Yu Wang of Didi Research America AMD Available for: macOS Big Sur Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: A logic issue was addressed with improved state management. CVE-2021-30676: shrek_wzw App Store Available for: macOS Big Sur Impact: A malicious application may be able to break out of its sandbox Description: A path handling issue was addressed with improved validation. CVE-2021-30688: Thijs Alkemade of Computest Research Division AppleScript Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: A logic issue was addressed with improved state management. CVE-2021-30669: Yair Hoffmann Audio Available for: macOS Big Sur Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30707: hjy79425575 working with Trend Micro Zero Day Initiative Audio Available for: macOS Big Sur Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information Description: This issue was addressed with improved checks. CVE-2021-30685: Mickey Jin (@patch1t) of Trend Micro Core Services Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. CVE-2021-30681: Zhongcheng Li (CK01) CoreAudio Available for: macOS Big Sur Impact: Processing a maliciously crafted audio file may disclose restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30686: Mickey Jin of Trend Micro Crash Reporter Available for: macOS Big Sur Impact: A malicious application may be able to modify protected parts of the file system Description: A logic issue was addressed with improved state management. CVE-2021-30727: Cees Elzinga CVMS Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: This issue was addressed with improved checks. CVE-2021-30724: Mickey Jin (@patch1t) of Trend Micro Dock Available for: macOS Big Sur Impact: A malicious application may be able to access a user's call history Description: An access issue was addressed with improved access restrictions. CVE-2021-30673: Josh Parnham (@joshparnham) Graphics Drivers Available for: macOS Big Sur Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2021-30684: Liu Long of Ant Security Light-Year Lab Graphics Drivers Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-30735: Jack Dates of RET2 Systems, Inc. (@ret2systems) working with Trend Micro Zero Day Initiative Heimdal Available for: macOS Big Sur Impact: A local user may be able to leak sensitive user information Description: A logic issue was addressed with improved state management. CVE-2021-30697: Gabe Kirkpatrick (@gabe_k) Heimdal Available for: macOS Big Sur Impact: A malicious application may cause a denial of service or potentially disclose memory contents Description: A memory corruption issue was addressed with improved state management. CVE-2021-30710: Gabe Kirkpatrick (@gabe_k) Heimdal Available for: macOS Big Sur Impact: A malicious application could execute arbitrary code leading to compromise of user information Description: A use after free issue was addressed with improved memory management. CVE-2021-30683: Gabe Kirkpatrick (@gabe_k) ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to disclosure of user information Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30687: Hou JingYi (@hjy79425575) of Qihoo 360 ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to disclosure of user information Description: This issue was addressed with improved checks. CVE-2021-30700: Ye Zhang(@co0py_Cat) of Baidu Security ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30701: Mickey Jin (@patch1t) of Trend Micro and Ye Zhang of Baidu Security ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted ASTC file may disclose memory contents Description: This issue was addressed with improved checks. CVE-2021-30705: Ye Zhang of Baidu Security Intel Graphics Driver Available for: macOS Big Sur Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: An out-of-bounds read issue was addressed by removing the vulnerable code. CVE-2021-30719: an anonymous researcher working with Trend Micro Zero Day Initiative Intel Graphics Driver Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-30728: Liu Long of Ant Security Light-Year Lab CVE-2021-30726: Yinyi Wu(@3ndy1) of Qihoo 360 Vulcan Team Kernel Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved validation. CVE-2021-30740: Linus Henze (pinauten.de) Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved state management. CVE-2021-30704: an anonymous researcher Kernel Available for: macOS Big Sur Impact: Processing a maliciously crafted message may lead to a denial of service Description: A logic issue was addressed with improved state management. CVE-2021-30715: The UK's National Cyber Security Centre (NCSC) Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved size validation. CVE-2021-30736: Ian Beer of Google Project Zero Kernel Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: A memory corruption issue was addressed with improved validation. CVE-2021-30739: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab Kext Management Available for: macOS Big Sur Impact: A local user may be able to load unsigned kernel extensions Description: A logic issue was addressed with improved state management. CVE-2021-30680: Csaba Fitzl (@theevilbit) of Offensive Security LaunchServices Available for: macOS Big Sur Impact: A malicious application may be able to break out of its sandbox Description: This issue was addressed with improved environment sanitization. CVE-2021-30677: Ron Waisberg (@epsilan) Login Window Available for: macOS Big Sur Impact: A person with physical access to a Mac may be able to bypass Login Window Description: A logic issue was addressed with improved state management. CVE-2021-30702: Jewel Lambert of Original Spin, LLC. Mail Available for: macOS Big Sur Impact: An attacker in a privileged network position may be able to misrepresent application state Description: A logic issue was addressed with improved state management. CVE-2021-30696: Fabian Ising and Damian Poddebniak of Münster University of Applied Sciences Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may disclose memory contents Description: An information disclosure issue was addressed with improved state management. CVE-2021-30723: Mickey Jin (@patch1t) of Trend Micro CVE-2021-30691: Mickey Jin (@patch1t) of Trend Micro CVE-2021-30692: Mickey Jin (@patch1t) of Trend Micro CVE-2021-30694: Mickey Jin (@patch1t) of Trend Micro Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2021-30725: Mickey Jin (@patch1t) of Trend Micro Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may disclose memory contents Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30746: Mickey Jin (@patch1t) of Trend Micro Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A validation issue was addressed with improved logic. CVE-2021-30693: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend Micro Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may disclose memory contents Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30695: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend Micro Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30708: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend Micro Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may disclose memory contents Description: This issue was addressed with improved checks. CVE-2021-30709: Mickey Jin (@patch1t) of Trend Micro NSOpenPanel Available for: macOS Big Sur Impact: An application may be able to gain elevated privileges Description: This issue was addressed by removing the vulnerable code. CVE-2021-30679: Gabe Kirkpatrick (@gabe_k) OpenLDAP Available for: macOS Big Sur Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2020-36226 CVE-2020-36227 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36221 CVE-2020-36228 CVE-2020-36222 CVE-2020-36230 CVE-2020-36229 PackageKit Available for: macOS Big Sur Impact: A malicious application may be able to overwrite arbitrary files Description: An issue with path validation logic for hardlinks was addressed with improved path sanitization. CVE-2021-30738: Qingyang Chen of Topsec Alpha Team and Csaba Fitzl (@theevilbit) of Offensive Security Security Available for: macOS Big Sur Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code. CVE-2021-30737: xerub smbx Available for: macOS Big Sur Impact: An attacker in a privileged network position may be able to perform denial of service Description: A logic issue was addressed with improved state management. CVE-2021-30716: Aleksandar Nikolic of Cisco Talos smbx Available for: macOS Big Sur Impact: An attacker in a privileged network position may be able to execute arbitrary code Description: A memory corruption issue was addressed with improved state management. CVE-2021-30717: Aleksandar Nikolic of Cisco Talos smbx Available for: macOS Big Sur Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: A path handling issue was addressed with improved validation. CVE-2021-30721: Aleksandar Nikolic of Cisco Talos smbx Available for: macOS Big Sur Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An information disclosure issue was addressed with improved state management. CVE-2021-30722: Aleksandar Nikolic of Cisco Talos smbx Available for: macOS Big Sur Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2021-30712: Aleksandar Nikolic of Cisco Talos Software Update Available for: macOS Big Sur Impact: A person with physical access to a Mac may be able to bypass Login Window during a software update Description: This issue was addressed with improved checks. CVE-2021-30668: Syrus Kimiagar and Danilo Paffi Monteiro SoftwareUpdate Available for: macOS Big Sur Impact: A non-privileged user may be able to modify restricted settings Description: This issue was addressed with improved checks. CVE-2021-30718: SiQian Wei of ByteDance Security TCC Available for: macOS Big Sur Impact: A malicious application may be able to send unauthorized Apple events to Finder Description: A validation issue was addressed with improved logic. CVE-2021-30671: Ryan Bell (@iRyanBell) TCC Available for: macOS Big Sur Impact: A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited. Description: A permissions issue was addressed with improved validation. CVE-2021-30713: an anonymous researcher WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. CVE-2021-30744: Dan Hite of jsontop WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-21779: Marcin Towalski of Cisco Talos WebKit Available for: macOS Big Sur Impact: A malicious application may be able to leak sensitive user information Description: A logic issue was addressed with improved restrictions. CVE-2021-30682: an anonymous researcher and 1lastBr3ath WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved state management. CVE-2021-30689: an anonymous researcher WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2021-30749: an anonymous researcher and mipu94 of SEFCOM lab, ASU. working with Trend Micro Zero Day Initiative CVE-2021-30734: Jack Dates of RET2 Systems, Inc. (@ret2systems) working with Trend Micro Zero Day Initiative WebKit Available for: macOS Big Sur Impact: A malicious website may be able to access restricted ports on arbitrary servers Description: A logic issue was addressed with improved restrictions. CVE-2021-30720: David Schütz (@xdavidhu) WebRTC Available for: macOS Big Sur Impact: A remote attacker may be able to cause a denial of service Description: A null pointer dereference was addressed with improved input validation. CVE-2021-23841: Tavis Ormandy of Google CVE-2021-30698: Tavis Ormandy of Google Additional recognition App Store We would like to acknowledge Thijs Alkemade of Computest Research Division for their assistance. CoreCapture We would like to acknowledge Zuozhi Fan (@pattern_F_) of Ant- financial TianQiong Security Lab for their assistance. ImageIO We would like to acknowledge Jzhu working with Trend Micro Zero Day Initiative and an anonymous researcher for their assistance. Mail Drafts We would like to acknowledge Lauritz Holtmann (@_lauritz_) for their assistance. WebKit We would like to acknowledge Chris Salls (@salls) of Makai Security for their assistance. Installation note: This update may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCtU9AACgkQZcsbuWJ6 jjDC5g/+P0Hya9smOX6XVhxtnwe+vh2d5zOrKLBymdkvDPGw1UQoGOq08+7eu02Q vsManS/aP1UKNcMnbALHNFbFXv61ZjWi+71qgGGAQAe3EtYTJchBiIIyOBNIHoOJ 8X9sOeiyFzOOKw+GyVsBMNRL9Oh678USC4qgyyO5u2+Oexehu+6N9YNdAzwZgy6o muP+NlZ08s80ahRfq/6q8uKj7+Is0k5OEdxpWTnJOoXUDzZPj4Vo7H0HL6zjuqg3 CurJQABF3kDBWgZCvroMU6/HpbilGPE+JUFV7HPfaMe6iE3FsfrOq101w+/ovuNM hJ3yk/QENoh5BYdHKJo7zPVZBteGX20EVPdWfTsnz6a/hk568A+ICiupFIqwEuQv esIBWzgab9YUb2fAaZ071Z+lSn0Rj7tm3V/rhdwq19tYD3Q7BqEJ+YxYCH2zvyIB mP4/NoMpsDiTqFradR8Skac5uwINpZzAHjFyWLj0QVWVMxyQB8EGshR16YPkMryJ rjGyNIqZPcZ/Z6KJqpvNJrfI+b0oeqFMBUwpwK/7aQFPP/MvsM+UVSySipRiqwoa WAHMuY4SQwcseok7N6Rf+zAEYm9Nc+YglYpTW2taw6g0vWNIuCbyzPdC/Srrjw98 od2jLahPwyoBg6WBvXoZ6H4YOWFAywf225nYk3l5ATsG6rNbhYk= =Avma -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-4724-1 February 08, 2021 openldap vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in OpenLDAP. Software Description: - openldap: Lightweight Directory Access Protocol Details: It was discovered that OpenLDAP incorrectly handled Certificate Exact Assertion processing. (CVE-2020-36221) It was discovered that OpenLDAP incorrectly handled saslAuthzTo processing. (CVE-2020-36222, CVE-2020-36224, CVE-2020-36225, CVE-2020-36226) It was discovered that OpenLDAP incorrectly handled Return Filter control handling. (CVE-2020-36227) It was discovered that OpenLDAP incorrectly handled Certificate List Extract Assertion processing. (CVE-2020-36228) It was discovered that OpenLDAP incorrectly handled X.509 DN parsing. (CVE-2020-36229, CVE-2020-36230) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.10: slapd 2.4.53+dfsg-1ubuntu1.3 Ubuntu 20.04 LTS: slapd 2.4.49+dfsg-2ubuntu1.6 Ubuntu 18.04 LTS: slapd 2.4.45+dfsg-1ubuntu1.9 Ubuntu 16.04 LTS: slapd 2.4.42+dfsg-2ubuntu3.12 In general, a standard system update will make all the necessary changes. For the stable distribution (buster), these problems have been fixed in version 2.4.47+dfsg-3+deb10u5. We recommend that you upgrade your openldap packages

Trust: 2.79

sources: NVD: CVE-2020-36227 // JVNDB: JVNDB-2020-015570 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-384985 // VULMON: CVE-2020-36227 // PACKETSTORM: 162820 // PACKETSTORM: 162821 // PACKETSTORM: 162826 // PACKETSTORM: 161318 // PACKETSTORM: 168991

AFFECTED PRODUCTS

vendor:openldapmodel:openldapscope:ltversion:2.4.57

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.1

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.4

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:openldapmodel:openldapscope: - version: -

Trust: 0.8

vendor:debianmodel:gnu/linuxscope: - version: -

Trust: 0.8

vendor:アップルmodel:apple mac os xscope: - version: -

Trust: 0.8

vendor:アップルmodel:macos big surscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-015570 // NVD: CVE-2020-36227

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-36227
value: HIGH

Trust: 1.0

NVD: CVE-2020-36227
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202101-2289
value: HIGH

Trust: 0.6

VULHUB: VHN-384985
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-36227
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-36227
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-384985
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-36227
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2020-36227
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-384985 // VULMON: CVE-2020-36227 // JVNDB: JVNDB-2020-015570 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202101-2289 // NVD: CVE-2020-36227

PROBLEMTYPE DATA

problemtype:CWE-835

Trust: 1.1

problemtype:infinite loop (CWE-835) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-384985 // JVNDB: JVNDB-2020-015570 // NVD: CVE-2020-36227

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 161318 // PACKETSTORM: 168991 // CNNVD: CNNVD-202101-2289

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202101-2289

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-384985

PATCH

title:HT212531url:https://www.debian.org/security/2021/dsa-4845

Trust: 0.8

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2020-36227 log

Trust: 0.1

title:Debian Security Advisories: DSA-4845-1 openldap -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=bcfc870108e33a879122af52d7b9ebb2

Trust: 0.1

title:Amazon Linux AMI: ALAS-2023-1741url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2023-1741

Trust: 0.1

title:Amazon Linux 2: ALAS2-2023-2033url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2023-2033

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=ec6577109e640dac19a6ddb978afe82d

Trust: 0.1

sources: VULMON: CVE-2020-36227 // JVNDB: JVNDB-2020-015570

EXTERNAL IDS

db:NVDid:CVE-2020-36227

Trust: 3.1

db:PACKETSTORMid:161318

Trust: 0.8

db:PACKETSTORMid:162820

Trust: 0.8

db:JVNDBid:JVNDB-2020-015570

Trust: 0.8

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021052502

Trust: 0.6

db:CS-HELPid:SB2021092209

Trust: 0.6

db:CS-HELPid:SB2021122914

Trust: 0.6

db:AUSCERTid:ESB-2021.0828

Trust: 0.6

db:AUSCERTid:ESB-2021.0788

Trust: 0.6

db:AUSCERTid:ESB-2021.1794

Trust: 0.6

db:AUSCERTid:ESB-2021.0429

Trust: 0.6

db:AUSCERTid:ESB-2021.1305

Trust: 0.6

db:CNNVDid:CNNVD-202101-2289

Trust: 0.6

db:PACKETSTORMid:162826

Trust: 0.2

db:PACKETSTORMid:162821

Trust: 0.2

db:VULHUBid:VHN-384985

Trust: 0.1

db:ICS CERTid:ICSA-23-348-10

Trust: 0.1

db:VULMONid:CVE-2020-36227

Trust: 0.1

db:PACKETSTORMid:168991

Trust: 0.1

sources: VULHUB: VHN-384985 // VULMON: CVE-2020-36227 // JVNDB: JVNDB-2020-015570 // PACKETSTORM: 162820 // PACKETSTORM: 162821 // PACKETSTORM: 162826 // PACKETSTORM: 161318 // PACKETSTORM: 168991 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202101-2289 // NVD: CVE-2020-36227

REFERENCES

url:https://www.debian.org/security/2021/dsa-4845

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2020-36227

Trust: 1.9

url:https://security.netapp.com/advisory/ntap-20210226-0002/

Trust: 1.8

url:https://support.apple.com/kb/ht212529

Trust: 1.8

url:https://support.apple.com/kb/ht212530

Trust: 1.8

url:https://support.apple.com/kb/ht212531

Trust: 1.8

url:http://seclists.org/fulldisclosure/2021/may/70

Trust: 1.8

url:http://seclists.org/fulldisclosure/2021/may/65

Trust: 1.8

url:http://seclists.org/fulldisclosure/2021/may/64

Trust: 1.8

url:https://bugs.openldap.org/show_bug.cgi?id=9428

Trust: 1.8

url:https://git.openldap.org/openldap/openldap/-/commit/9d0e8485f3113505743baabf1167e01e4558ccf5

Trust: 1.8

url:https://git.openldap.org/openldap/openldap/-/tags/openldap_rel_eng_2_4_57

Trust: 1.8

url:https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html

Trust: 1.8

url:https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3cissues.bookkeeper.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3cissues.bookkeeper.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3cissues.bookkeeper.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3cissues.bookkeeper.apache.org%3e

Trust: 0.7

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0828

Trust: 0.6

url:https://packetstormsecurity.com/files/162820/apple-security-advisory-2021-05-25-4.html

Trust: 0.6

url:https://support.apple.com/en-us/ht212529

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021052502

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1305

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0788

Trust: 0.6

url:https://support.apple.com/en-us/ht212531

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0429

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1794

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021092209

Trust: 0.6

url:https://packetstormsecurity.com/files/161318/ubuntu-security-notice-usn-4724-1.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021122914

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-36228

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2020-36221

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2020-36225

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2020-36229

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2020-36223

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2020-36222

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-36226

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-36224

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-36230

Trust: 0.4

url:https://support.apple.com/downloads/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-30669

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-30676

Trust: 0.3

url:https://www.apple.com/support/security/pgp/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-30679

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-30678

Trust: 0.3

url:https://support.apple.com/kb/ht201222

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-30681

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-30683

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-30684

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-1884

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30671

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30685

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30673

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30693

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30687

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30691

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30692

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-1883

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/835.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://security.archlinux.org/cve-2020-36227

Trust: 0.1

url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10

Trust: 0.1

url:https://support.apple.com/ht212530.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30695

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30697

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30694

Trust: 0.1

url:https://support.apple.com/ht212531.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30690

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-21779

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30682

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23841

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30677

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30680

Trust: 0.1

url:https://support.apple.com/ht212529.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30668

Trust: 0.1

url:https://usn.ubuntu.com/4724-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openldap/2.4.45+dfsg-1ubuntu1.9

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openldap/2.4.49+dfsg-2ubuntu1.6

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openldap/2.4.53+dfsg-1ubuntu1.3

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openldap/2.4.42+dfsg-2ubuntu3.12

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://security-tracker.debian.org/tracker/openldap

Trust: 0.1

sources: VULHUB: VHN-384985 // VULMON: CVE-2020-36227 // JVNDB: JVNDB-2020-015570 // PACKETSTORM: 162820 // PACKETSTORM: 162821 // PACKETSTORM: 162826 // PACKETSTORM: 161318 // PACKETSTORM: 168991 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202101-2289 // NVD: CVE-2020-36227

CREDITS

Ubuntu

Trust: 0.7

sources: PACKETSTORM: 161318 // CNNVD: CNNVD-202101-2289

SOURCES

db:VULHUBid:VHN-384985
db:VULMONid:CVE-2020-36227
db:JVNDBid:JVNDB-2020-015570
db:PACKETSTORMid:162820
db:PACKETSTORMid:162821
db:PACKETSTORMid:162826
db:PACKETSTORMid:161318
db:PACKETSTORMid:168991
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202101-2289
db:NVDid:CVE-2020-36227

LAST UPDATE DATE

2024-08-14T12:38:58.616000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-384985date:2022-04-13T00:00:00
db:VULMONid:CVE-2020-36227date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2020-015570date:2021-10-05T08:22:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202101-2289date:2021-12-30T00:00:00
db:NVDid:CVE-2020-36227date:2023-11-07T03:22:07.687

SOURCES RELEASE DATE

db:VULHUBid:VHN-384985date:2021-01-26T00:00:00
db:VULMONid:CVE-2020-36227date:2021-01-26T00:00:00
db:JVNDBid:JVNDB-2020-015570date:2021-10-05T00:00:00
db:PACKETSTORMid:162820date:2021-05-26T17:46:02
db:PACKETSTORMid:162821date:2021-05-26T17:46:16
db:PACKETSTORMid:162826date:2021-05-26T17:50:31
db:PACKETSTORMid:161318date:2021-02-08T16:27:22
db:PACKETSTORMid:168991date:2021-02-28T20:12:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202101-2289date:2021-01-26T00:00:00
db:NVDid:CVE-2020-36227date:2021-01-26T18:15:57.160