ID

VAR-202105-0131


CVE

CVE-2020-25709


TITLE

OpenLDAP  Reachable assertion vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-016760

DESCRIPTION

A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability. OpenLDAP Exists in a reachable assertion vulnerability.Denial of service (DoS) It may be put into a state. Summary: Red Hat Advanced Cluster Management for Kubernetes 2.2.11 General Availability release images, which provide one or more container updates and bug fixes. Description: Red Hat Advanced Cluster Management for Kubernetes 2.2.11 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console — with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide security fixes, bug fixes and container upgrades. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/ Security updates: * object-path: Type confusion vulnerability can lead to a bypass of CVE-2020-15256 (CVE-2021-23434) * follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155) Related bugs: * RHACM 2.2.11 images (Bugzilla #2029508) * ClusterImageSet has 4.5 which is not supported in ACM 2.2.10 (Bugzilla #2030859) 3. Bugs fixed (https://bugzilla.redhat.com/): 1999810 - CVE-2021-23434 object-path: Type confusion vulnerability can lead to a bypass of CVE-2020-15256 2029508 - RHACM 2.2.11 images 2030859 - ClusterImageSet has 4.5 which is not supported in ACM 2.2.10 2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor 5. Description: Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/): 2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files 2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files 2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation 5. ========================================================================= Ubuntu Security Notice USN-4634-2 November 23, 2020 openldap vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM - Ubuntu 12.04 ESM Summary: OpenLDAP could be made to crash if it received specially crafted network traffic. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that OpenLDAP incorrectly handled certain malformed inputs. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: slapd 2.4.31-1+nmu2ubuntu8.5+esm4 Ubuntu 12.04 ESM: slapd 2.4.28-1.1ubuntu4.12 In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openldap security update Advisory ID: RHSA-2022:0621-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0621 Issue date: 2022-02-22 CVE Names: CVE-2020-25709 CVE-2020-25710 ===================================================================== 1. Summary: An update for openldap is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: OpenLDAP is an open-source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. Security Fix(es): * openldap: assertion failure in Certificate List syntax validation (CVE-2020-25709) * openldap: assertion failure in CSN normalization with invalid input (CVE-2020-25710) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1899675 - CVE-2020-25709 openldap: assertion failure in Certificate List syntax validation 1899678 - CVE-2020-25710 openldap: assertion failure in CSN normalization with invalid input 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: openldap-2.4.44-25.el7_9.src.rpm x86_64: openldap-2.4.44-25.el7_9.i686.rpm openldap-2.4.44-25.el7_9.x86_64.rpm openldap-clients-2.4.44-25.el7_9.x86_64.rpm openldap-debuginfo-2.4.44-25.el7_9.i686.rpm openldap-debuginfo-2.4.44-25.el7_9.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: openldap-debuginfo-2.4.44-25.el7_9.i686.rpm openldap-debuginfo-2.4.44-25.el7_9.x86_64.rpm openldap-devel-2.4.44-25.el7_9.i686.rpm openldap-devel-2.4.44-25.el7_9.x86_64.rpm openldap-servers-2.4.44-25.el7_9.x86_64.rpm openldap-servers-sql-2.4.44-25.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: openldap-2.4.44-25.el7_9.src.rpm x86_64: openldap-2.4.44-25.el7_9.i686.rpm openldap-2.4.44-25.el7_9.x86_64.rpm openldap-clients-2.4.44-25.el7_9.x86_64.rpm openldap-debuginfo-2.4.44-25.el7_9.i686.rpm openldap-debuginfo-2.4.44-25.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: openldap-debuginfo-2.4.44-25.el7_9.i686.rpm openldap-debuginfo-2.4.44-25.el7_9.x86_64.rpm openldap-devel-2.4.44-25.el7_9.i686.rpm openldap-devel-2.4.44-25.el7_9.x86_64.rpm openldap-servers-2.4.44-25.el7_9.x86_64.rpm openldap-servers-sql-2.4.44-25.el7_9.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: openldap-2.4.44-25.el7_9.src.rpm ppc64: openldap-2.4.44-25.el7_9.ppc.rpm openldap-2.4.44-25.el7_9.ppc64.rpm openldap-clients-2.4.44-25.el7_9.ppc64.rpm openldap-debuginfo-2.4.44-25.el7_9.ppc.rpm openldap-debuginfo-2.4.44-25.el7_9.ppc64.rpm openldap-devel-2.4.44-25.el7_9.ppc.rpm openldap-devel-2.4.44-25.el7_9.ppc64.rpm openldap-servers-2.4.44-25.el7_9.ppc64.rpm ppc64le: openldap-2.4.44-25.el7_9.ppc64le.rpm openldap-clients-2.4.44-25.el7_9.ppc64le.rpm openldap-debuginfo-2.4.44-25.el7_9.ppc64le.rpm openldap-devel-2.4.44-25.el7_9.ppc64le.rpm openldap-servers-2.4.44-25.el7_9.ppc64le.rpm s390x: openldap-2.4.44-25.el7_9.s390.rpm openldap-2.4.44-25.el7_9.s390x.rpm openldap-clients-2.4.44-25.el7_9.s390x.rpm openldap-debuginfo-2.4.44-25.el7_9.s390.rpm openldap-debuginfo-2.4.44-25.el7_9.s390x.rpm openldap-devel-2.4.44-25.el7_9.s390.rpm openldap-devel-2.4.44-25.el7_9.s390x.rpm openldap-servers-2.4.44-25.el7_9.s390x.rpm x86_64: openldap-2.4.44-25.el7_9.i686.rpm openldap-2.4.44-25.el7_9.x86_64.rpm openldap-clients-2.4.44-25.el7_9.x86_64.rpm openldap-debuginfo-2.4.44-25.el7_9.i686.rpm openldap-debuginfo-2.4.44-25.el7_9.x86_64.rpm openldap-devel-2.4.44-25.el7_9.i686.rpm openldap-devel-2.4.44-25.el7_9.x86_64.rpm openldap-servers-2.4.44-25.el7_9.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: openldap-debuginfo-2.4.44-25.el7_9.ppc64.rpm openldap-servers-sql-2.4.44-25.el7_9.ppc64.rpm ppc64le: openldap-debuginfo-2.4.44-25.el7_9.ppc64le.rpm openldap-servers-sql-2.4.44-25.el7_9.ppc64le.rpm s390x: openldap-debuginfo-2.4.44-25.el7_9.s390x.rpm openldap-servers-sql-2.4.44-25.el7_9.s390x.rpm x86_64: openldap-debuginfo-2.4.44-25.el7_9.x86_64.rpm openldap-servers-sql-2.4.44-25.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: openldap-2.4.44-25.el7_9.src.rpm x86_64: openldap-2.4.44-25.el7_9.i686.rpm openldap-2.4.44-25.el7_9.x86_64.rpm openldap-clients-2.4.44-25.el7_9.x86_64.rpm openldap-debuginfo-2.4.44-25.el7_9.i686.rpm openldap-debuginfo-2.4.44-25.el7_9.x86_64.rpm openldap-devel-2.4.44-25.el7_9.i686.rpm openldap-devel-2.4.44-25.el7_9.x86_64.rpm openldap-servers-2.4.44-25.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: openldap-debuginfo-2.4.44-25.el7_9.x86_64.rpm openldap-servers-sql-2.4.44-25.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-25709 https://access.redhat.com/security/cve/CVE-2020-25710 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYhVgl9zjgjWX9erEAQizoA//Z1eRFFiALCnBNdscadCiTK27uxUBYwiE mazVTDFOQUIzF2+hpruaDD0RJoIuZL8JwTPviUZJbB21G8NIF5T09eP00ErioZEN WMeccz1GyZlUXWZXBvf3v5QOMOmhBK3vw80X6oVCzGZbzMynCtPI8+jCt/MmzA0y fpLghp4rd7o56kF3ccb3ZbLREFNYFwyNqzVT79LA0KdA2KnMY/pFBTSmY8ihiTTJ qvIekeg+Xj5t85JObesMRwM1yrEG+joYcXe9uqRjOLvCGPdXSM5YMcOxNyNynjnI EGIqGr9/+2OVxhHCLaITvuBaqPeIgCZxO9yvKgoNDsuBpDUEKgv+iQ1l0DnfIThr ppeoo+MeNMB54Qw+qf9MQblhLFFS08zUNXq7YsJi58kIp6PEtj2Q/7DvVMY6GcPN 3hltIwlWAY4+PToSbt9UvJEmAdH1ApN0XSiBva6e295C92v1IvDYN0BkD8XouOAH 5tKXXheyJfoN6vjJG89halj6gzy4IcPU5KkfJuJO3vKJeDkG3vRoySIxW0SDrdS8 +4XGwe6e00D/Kd1t9yXIeITCCtiK3NZS5bMsOHclxzbrGeWj4YK/jK7CfK5g+Zt0 0PKI5pZqGdc3SwDNo165BVDChTc7HZqjmp6LFYzKyBSkwgdHzGG/soj51hWqyVui UnjGg9lAM38= =OWtf -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . For the stable distribution (buster), these problems have been fixed in version 2.4.47+dfsg-3+deb10u4. We recommend that you upgrade your openldap packages. For the detailed security status of openldap please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openldap Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl+z4tVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SNdg/+MsAEvlGb4gdmG6AhDXi8vsdo0p9ksR0OWQZDn0QRvmxynwuoKO61EJoE z6L1tXGb5OQSUho2MJ4BVNi69yMxbSJxmXzU1NJ8W6m8v6CwEiR9q3I4XtE+8cXi yQqXZJgkt03s5Bph340mkOylLIJCpkLNDsl+0QI/NL7Utsv87cciYs2O9AgMYfW4 jO8sMvq4zfncr4G92F47SbAsmfsiAZON1qpF9WbZZCGsEEvSWnEYVkMBpYP0JbYt pP1G/Mgc5UKcIyfs7CzGJGfxw3n03J8BzS1PorTz0VtuD5YeBThLMkH80UUnahyC sy25FmepUTBLbfR2TY6FMzF6VEFQvJ37mOuYw46lQzPj4hhNLUgkOESAN1nOxN/b xYW0kRmj9sXph0vP4iEnIt6zAK2+s/AuVYPoYhmE8tt2paNDN9LyDkrQpfK42T/6 o3+pweSy1Icz85u5M4TeaavZfhaiafuyKHSzamklRe/1q4KZXUQxf2ozEgdUDEi5 HJixeb+8AZlgdoRQ8ZVoHPj8SospYnzmTRw0v2ciNDvnUNUVv3lMnnCSAHmBqEDo 5er0WxfTKtpvbgfl+2qSj/I5Ou1FSz71nfySphNVCTM5gANdDgviEQmhPXBuMp6Z HPwcTUGWiEA7ARi7XTi/dYDAi6XMqEoZmKrDUBoQNW41GAZxJJA= =zqnQ -----END PGP SIGNATURE-----

Trust: 2.43

sources: NVD: CVE-2020-25709 // JVNDB: JVNDB-2020-016760 // VULHUB: VHN-179714 // VULMON: CVE-2020-25709 // PACKETSTORM: 166309 // PACKETSTORM: 166431 // PACKETSTORM: 166437 // PACKETSTORM: 160180 // PACKETSTORM: 166119 // PACKETSTORM: 160109 // PACKETSTORM: 168945

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:gteversion:10.14.0

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.0.1

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.14.6

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.14.6

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.15

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.7

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.0

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.15.7

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:redhatmodel:jboss core servicesscope:eqversion: -

Trust: 1.0

vendor:openldapmodel:openldapscope:ltversion:2.4.56

Trust: 1.0

vendor:openldapmodel:openldapscope: - version: -

Trust: 0.8

vendor:アップルmodel:macos big surscope: - version: -

Trust: 0.8

vendor:debianmodel:gnu/linuxscope: - version: -

Trust: 0.8

vendor:レッドハットmodel:jboss core servicesscope: - version: -

Trust: 0.8

vendor:アップルmodel:apple mac os xscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-016760 // NVD: CVE-2020-25709

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-25709
value: HIGH

Trust: 1.0

NVD: CVE-2020-25709
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202011-1517
value: HIGH

Trust: 0.6

VULHUB: VHN-179714
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-25709
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-25709
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-179714
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-25709
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2020-25709
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-179714 // VULMON: CVE-2020-25709 // JVNDB: JVNDB-2020-016760 // CNNVD: CNNVD-202011-1517 // NVD: CVE-2020-25709

PROBLEMTYPE DATA

problemtype:CWE-617

Trust: 1.1

problemtype:Reachable assertions (CWE-617) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-179714 // JVNDB: JVNDB-2020-016760 // NVD: CVE-2020-25709

THREAT TYPE

remote

Trust: 0.9

sources: PACKETSTORM: 160180 // PACKETSTORM: 160109 // PACKETSTORM: 168945 // CNNVD: CNNVD-202011-1517

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202011-1517

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-179714

PATCH

title:HT212147 Red hat Red Hat Bugzillaurl:https://lists.debian.org/debian-lts-announce/2020/12/msg00008.html

Trust: 0.8

title:OpenLDAP Certificate List Syntax Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=135752

Trust: 0.6

title:Red Hat: Moderate: openldap security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220621 - Security Advisory

Trust: 0.1

title:Debian Security Advisories: DSA-4792-1 openldap -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=f8947968aa4f0306f1365e97470d4150

Trust: 0.1

title:Amazon Linux 2: ALAS2-2022-1770url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2022-1770

Trust: 0.1

title:Red Hat: Important: Red Hat OpenShift GitOps security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221039 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat OpenShift GitOps security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221042 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Red Hat Advanced Cluster Management 2.2.11 security updates and bug fixesurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220856 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.5.4 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221396 - Security Advisory

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=ec6577109e640dac19a6ddb978afe82d

Trust: 0.1

title:myapp-container-jaxrsurl:https://github.com/akiraabe/myapp-container-jaxrs

Trust: 0.1

sources: VULMON: CVE-2020-25709 // JVNDB: JVNDB-2020-016760 // CNNVD: CNNVD-202011-1517

EXTERNAL IDS

db:NVDid:CVE-2020-25709

Trust: 4.1

db:PACKETSTORMid:166437

Trust: 0.8

db:PACKETSTORMid:160180

Trust: 0.8

db:PACKETSTORMid:166119

Trust: 0.8

db:PACKETSTORMid:166309

Trust: 0.8

db:PACKETSTORMid:160109

Trust: 0.8

db:JVNDBid:JVNDB-2020-016760

Trust: 0.8

db:PACKETSTORMid:161245

Trust: 0.7

db:AUSCERTid:ESB-2022.1263

Trust: 0.6

db:AUSCERTid:ESB-2022.0779

Trust: 0.6

db:AUSCERTid:ESB-2022.1071

Trust: 0.6

db:AUSCERTid:ESB-2020.4187

Trust: 0.6

db:AUSCERTid:ESB-2021.0349

Trust: 0.6

db:AUSCERTid:ESB-2022.3348

Trust: 0.6

db:AUSCERTid:ESB-2020.4077

Trust: 0.6

db:AUSCERTid:ESB-2021.0196

Trust: 0.6

db:AUSCERTid:ESB-2020.4301

Trust: 0.6

db:AUSCERTid:ESB-2022.1677

Trust: 0.6

db:ICS CERTid:ICSA-22-116-01

Trust: 0.6

db:PACKETSTORMid:166789

Trust: 0.6

db:CS-HELPid:SB2022072111

Trust: 0.6

db:CS-HELPid:SB2022070813

Trust: 0.6

db:CS-HELPid:SB2022022228

Trust: 0.6

db:CS-HELPid:SB2022032445

Trust: 0.6

db:CS-HELPid:SB2022022527

Trust: 0.6

db:CNNVDid:CNNVD-202011-1517

Trust: 0.6

db:PACKETSTORMid:166431

Trust: 0.2

db:CNVDid:CNVD-2020-65147

Trust: 0.1

db:VULHUBid:VHN-179714

Trust: 0.1

db:VULMONid:CVE-2020-25709

Trust: 0.1

db:PACKETSTORMid:168945

Trust: 0.1

sources: VULHUB: VHN-179714 // VULMON: CVE-2020-25709 // JVNDB: JVNDB-2020-016760 // PACKETSTORM: 166309 // PACKETSTORM: 166431 // PACKETSTORM: 166437 // PACKETSTORM: 160180 // PACKETSTORM: 166119 // PACKETSTORM: 160109 // PACKETSTORM: 168945 // CNNVD: CNNVD-202011-1517 // NVD: CVE-2020-25709

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2020-25709

Trust: 2.1

url:https://security.netapp.com/advisory/ntap-20210716-0003/

Trust: 1.7

url:https://support.apple.com/kb/ht212147

Trust: 1.7

url:https://www.debian.org/security/2020/dsa-4792

Trust: 1.7

url:http://seclists.org/fulldisclosure/2021/feb/14

Trust: 1.7

url:https://bugzilla.redhat.com/show_bug.cgi?id=1899675

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2020/12/msg00008.html

Trust: 1.7

url:https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3cissues.bookkeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3cissues.bookkeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3cissues.bookkeeper.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3cissues.bookkeeper.apache.org%3e

Trust: 0.7

url:https://packetstormsecurity.com/files/166309/red-hat-security-advisory-2022-0856-01.html

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-116-01

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022072111

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4301/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1071

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0349/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4187/

Trust: 0.6

url:https://packetstormsecurity.com/files/166119/red-hat-security-advisory-2022-0621-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0779

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022032445

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.3348

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4077/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1263

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022022527

Trust: 0.6

url:https://packetstormsecurity.com/files/161245/apple-security-advisory-2021-02-01-1.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022022228

Trust: 0.6

url:https://support.apple.com/en-us/ht212147

Trust: 0.6

url:https://packetstormsecurity.com/files/160109/ubuntu-security-notice-usn-4634-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0196/

Trust: 0.6

url:https://packetstormsecurity.com/files/166789/red-hat-security-advisory-2022-1396-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/160180/ubuntu-security-notice-usn-4634-2.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022070813

Trust: 0.6

url:https://vigilance.fr/vulnerability/openldap-assertion-error-via-certificate-list-syntax-33910

Trust: 0.6

url:https://packetstormsecurity.com/files/166437/red-hat-security-advisory-2022-1039-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1677

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-25710

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2020-25710

Trust: 0.4

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-25709

Trust: 0.4

url:https://bugzilla.redhat.com/):

Trust: 0.4

url:https://access.redhat.com/security/team/contact/

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-24407

Trust: 0.3

url:https://access.redhat.com/articles/11258

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22825

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-1025

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-23219

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-25315

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-23177

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-22824

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-31566

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-22823

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-23219

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-23218

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-22822

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-23308

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-23852

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22823

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22826

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-24407

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-22827

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22824

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-45960

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-24731

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22822

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-23218

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-46143

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-3999

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-24730

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22827

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-23308

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-46143

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-22825

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-25235

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-45960

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-24730

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-22826

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-23177

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-1025

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-23852

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3999

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-31566

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-25236

Trust: 0.2

url:https://usn.ubuntu.com/4634-1

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-16135

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-0465

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3200

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23434

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-5827

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-27645

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0185

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27645

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33574

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13435

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-5827

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-28153

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24370

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22942

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13751

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-0466

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3564

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19603

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-35942

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17594

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-24370

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3572

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12762

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36086

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-0920

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4122

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13750

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13751

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-40346

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22898

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-0466

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12762

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-16135

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23434

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36084

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17594

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3800

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36087

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3712

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4155

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0330

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3445

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13435

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19603

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0856

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/index

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-25214

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20231

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22925

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-18218

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-0465

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20232

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20838

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22876

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20231

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3752

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14155

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20838

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22925

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36085

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4019

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4192

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html-single/install/index#installing

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33560

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17595

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0155

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3984

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-42574

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14155

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20232

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28153

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3573

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13750

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4193

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-25214

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3426

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-0920

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3872

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-18218

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-39241

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3580

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17595

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22898

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3521

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22876

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0261

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1042

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0361

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0261

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0318

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0811

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0811

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0413

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0392

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0361

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0359

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0318

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0392

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0413

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0359

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-25236

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-25315

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-24731

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-25235

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1039

Trust: 0.1

url:https://usn.ubuntu.com/4634-2

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0621

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openldap/2.4.49+dfsg-2ubuntu1.5

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openldap/2.4.45+dfsg-1ubuntu1.8

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openldap/2.4.53+dfsg-1ubuntu1.2

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openldap/2.4.42+dfsg-2ubuntu3.11

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://security-tracker.debian.org/tracker/openldap

Trust: 0.1

sources: VULHUB: VHN-179714 // JVNDB: JVNDB-2020-016760 // PACKETSTORM: 166309 // PACKETSTORM: 166431 // PACKETSTORM: 166437 // PACKETSTORM: 160180 // PACKETSTORM: 166119 // PACKETSTORM: 160109 // PACKETSTORM: 168945 // CNNVD: CNNVD-202011-1517 // NVD: CVE-2020-25709

CREDITS

Apple

Trust: 0.6

sources: CNNVD: CNNVD-202011-1517

SOURCES

db:VULHUBid:VHN-179714
db:VULMONid:CVE-2020-25709
db:JVNDBid:JVNDB-2020-016760
db:PACKETSTORMid:166309
db:PACKETSTORMid:166431
db:PACKETSTORMid:166437
db:PACKETSTORMid:160180
db:PACKETSTORMid:166119
db:PACKETSTORMid:160109
db:PACKETSTORMid:168945
db:CNNVDid:CNNVD-202011-1517
db:NVDid:CVE-2020-25709

LAST UPDATE DATE

2024-11-23T19:51:21.326000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-179714date:2021-09-14T00:00:00
db:VULMONid:CVE-2020-25709date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2020-016760date:2022-01-26T09:04:00
db:CNNVDid:CNNVD-202011-1517date:2022-07-22T00:00:00
db:NVDid:CVE-2020-25709date:2023-11-07T03:20:23.747

SOURCES RELEASE DATE

db:VULHUBid:VHN-179714date:2021-05-18T00:00:00
db:VULMONid:CVE-2020-25709date:2021-05-18T00:00:00
db:JVNDBid:JVNDB-2020-016760date:2022-01-26T00:00:00
db:PACKETSTORMid:166309date:2022-03-15T15:44:21
db:PACKETSTORMid:166431date:2022-03-24T14:34:35
db:PACKETSTORMid:166437date:2022-03-24T14:40:17
db:PACKETSTORMid:160180date:2020-11-23T15:40:55
db:PACKETSTORMid:166119date:2022-02-23T13:46:00
db:PACKETSTORMid:160109date:2020-11-17T16:03:33
db:PACKETSTORMid:168945date:2020-11-28T20:12:00
db:CNNVDid:CNNVD-202011-1517date:2020-11-17T00:00:00
db:NVDid:CVE-2020-25709date:2021-05-18T12:15:07.673