var-202004-0530
Vulnerability from variot
In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). OpenLDAP Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be put into a state. The filter.c file of slapd in versions earlier than OpenLDAP 2.4.50 has a security vulnerability. ========================================================================= Ubuntu Security Notice USN-4352-2 May 06, 2020
openldap vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM
Summary:
OpenLDAP could be made to crash if it received specially crafted network traffic. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
It was discovered that OpenLDAP incorrectly handled certain queries. A remote attacker could possibly use this issue to cause OpenLDAP to consume resources, resulting in a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 ESM: slapd 2.4.31-1+nmu2ubuntu8.5+esm2
Ubuntu 12.04 ESM: slapd 2.4.28-1.1ubuntu4.10
In general, a standard system update will make all the necessary changes.
Bug Fix(es):
-
Gather image registry config (backport to 4.3) (BZ#1836815)
-
Builds fail after running postCommit script if OCP cluster is configured with a container registry whitelist (BZ#1849176)
-
Login with OpenShift not working after cluster upgrade (BZ#1852429)
-
Limit the size of gathered federated metrics from alerts in Insights Operator (BZ#1874018)
-
[4.3] Storage operator stops reconciling when going Upgradeable=False on v1alpha1 CRDs (BZ#1879110)
-
[release 4.3] OpenShift APIs become unavailable for more than 15 minutes after one of master nodes went down(OAuth) (BZ#1880293)
You may download the oc tool and use it to inspect release image metadata as follows:
(For x86_64 architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.3.40-x86_64
The image digest is sha256:9ff90174a170379e90a9ead6e0d8cf6f439004191f80762764a5ca3dbaab01dc
(For s390x architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.3.40-s390x The image digest is sha256:605ddde0442e604cfe2d6bd1541ce48df5956fe626edf9cc95b1fca75d231b64
(For ppc64le architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.3.40-ppc64le
The image digest is sha256:d3c9e391c145338eae3feb7f6a4e487dadc8139a353117d642fe686d277bcccc
- Solution:
For OpenShift Container Platform 4.3 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.3/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/):
1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1836815 - Gather image registry config (backport to 4.3) 1849176 - Builds fail after running postCommit script if OCP cluster is configured with a container registry whitelist 1874018 - Limit the size of gathered federated metrics from alerts in Insights Operator 1874399 - [DR] etcd-member-recover.sh fails to pull image with unauthorized 1879110 - [4.3] Storage operator stops reconciling when going Upgradeable=False on v1alpha1 CRDs
- Summary:
Red Hat Ansible Automation Platform Resource Operator 1.2 (technical preview) images that fix several security issues. Description:
Red Hat Ansible Automation Platform Resource Operator container images with security fixes.
Ansible Automation Platform manages Ansible Platform jobs and workflows that can interface with any infrastructure on a Red Hat OpenShift Container Platform cluster, or on a traditional infrastructure that is running off-cluster. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):
1914774 - CVE-2021-20178 ansible: user data leak in snmp_facts module 1915808 - CVE-2021-20180 ansible module: bitbucket_pipeline_variable exposes secured values 1916813 - CVE-2021-20191 ansible: multiple modules expose secured values 1925002 - CVE-2021-20228 ansible: basic.py no_log with fallback option 1939349 - CVE-2021-3447 ansible: multiple modules expose secured values
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: openldap security update Advisory ID: RHSA-2020:4041-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:4041 Issue date: 2020-09-29 CVE Names: CVE-2020-12243 ==================================================================== 1. Summary:
An update for openldap is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
OpenLDAP is an open-source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap packages contain configuration files, libraries, and documentation for OpenLDAP.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: openldap-2.4.44-22.el7.src.rpm
x86_64: openldap-2.4.44-22.el7.i686.rpm openldap-2.4.44-22.el7.x86_64.rpm openldap-clients-2.4.44-22.el7.x86_64.rpm openldap-debuginfo-2.4.44-22.el7.i686.rpm openldap-debuginfo-2.4.44-22.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: openldap-debuginfo-2.4.44-22.el7.i686.rpm openldap-debuginfo-2.4.44-22.el7.x86_64.rpm openldap-devel-2.4.44-22.el7.i686.rpm openldap-devel-2.4.44-22.el7.x86_64.rpm openldap-servers-2.4.44-22.el7.x86_64.rpm openldap-servers-sql-2.4.44-22.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: openldap-2.4.44-22.el7.src.rpm
x86_64: openldap-2.4.44-22.el7.i686.rpm openldap-2.4.44-22.el7.x86_64.rpm openldap-clients-2.4.44-22.el7.x86_64.rpm openldap-debuginfo-2.4.44-22.el7.i686.rpm openldap-debuginfo-2.4.44-22.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: openldap-debuginfo-2.4.44-22.el7.i686.rpm openldap-debuginfo-2.4.44-22.el7.x86_64.rpm openldap-devel-2.4.44-22.el7.i686.rpm openldap-devel-2.4.44-22.el7.x86_64.rpm openldap-servers-2.4.44-22.el7.x86_64.rpm openldap-servers-sql-2.4.44-22.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: openldap-2.4.44-22.el7.src.rpm
ppc64: openldap-2.4.44-22.el7.ppc.rpm openldap-2.4.44-22.el7.ppc64.rpm openldap-clients-2.4.44-22.el7.ppc64.rpm openldap-debuginfo-2.4.44-22.el7.ppc.rpm openldap-debuginfo-2.4.44-22.el7.ppc64.rpm openldap-devel-2.4.44-22.el7.ppc.rpm openldap-devel-2.4.44-22.el7.ppc64.rpm openldap-servers-2.4.44-22.el7.ppc64.rpm
ppc64le: openldap-2.4.44-22.el7.ppc64le.rpm openldap-clients-2.4.44-22.el7.ppc64le.rpm openldap-debuginfo-2.4.44-22.el7.ppc64le.rpm openldap-devel-2.4.44-22.el7.ppc64le.rpm openldap-servers-2.4.44-22.el7.ppc64le.rpm
s390x: openldap-2.4.44-22.el7.s390.rpm openldap-2.4.44-22.el7.s390x.rpm openldap-clients-2.4.44-22.el7.s390x.rpm openldap-debuginfo-2.4.44-22.el7.s390.rpm openldap-debuginfo-2.4.44-22.el7.s390x.rpm openldap-devel-2.4.44-22.el7.s390.rpm openldap-devel-2.4.44-22.el7.s390x.rpm openldap-servers-2.4.44-22.el7.s390x.rpm
x86_64: openldap-2.4.44-22.el7.i686.rpm openldap-2.4.44-22.el7.x86_64.rpm openldap-clients-2.4.44-22.el7.x86_64.rpm openldap-debuginfo-2.4.44-22.el7.i686.rpm openldap-debuginfo-2.4.44-22.el7.x86_64.rpm openldap-devel-2.4.44-22.el7.i686.rpm openldap-devel-2.4.44-22.el7.x86_64.rpm openldap-servers-2.4.44-22.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: openldap-debuginfo-2.4.44-22.el7.ppc64.rpm openldap-servers-sql-2.4.44-22.el7.ppc64.rpm
ppc64le: openldap-debuginfo-2.4.44-22.el7.ppc64le.rpm openldap-servers-sql-2.4.44-22.el7.ppc64le.rpm
s390x: openldap-debuginfo-2.4.44-22.el7.s390x.rpm openldap-servers-sql-2.4.44-22.el7.s390x.rpm
x86_64: openldap-debuginfo-2.4.44-22.el7.x86_64.rpm openldap-servers-sql-2.4.44-22.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: openldap-2.4.44-22.el7.src.rpm
x86_64: openldap-2.4.44-22.el7.i686.rpm openldap-2.4.44-22.el7.x86_64.rpm openldap-clients-2.4.44-22.el7.x86_64.rpm openldap-debuginfo-2.4.44-22.el7.i686.rpm openldap-debuginfo-2.4.44-22.el7.x86_64.rpm openldap-devel-2.4.44-22.el7.i686.rpm openldap-devel-2.4.44-22.el7.x86_64.rpm openldap-servers-2.4.44-22.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: openldap-debuginfo-2.4.44-22.el7.x86_64.rpm openldap-servers-sql-2.4.44-22.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-12243 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBX3Of5NzjgjWX9erEAQjUBg/+LuTU5msGMECYNN1kTZeKEOLCX9BedipK jEUYzVTDdrrVglmfre4vnt8I5vLaVHoWD9Azv/0T7C7PqoDQTa+DuXgmUJ0gST8u MVhEsiDzTb2JPEPT0G5Mn/S7bL5buthYDlHJxTlnPimuvYBYIRRnP/65Kw0KnKyH Jd0lheTvX0I6MbH+vArqU6LHeX21tvfPHlqfPWz3adCvqk7T0mKTM2N2qbeaeyMk NPkqy4L/79s897+76c8PaS9VNIC+zTq78V24n/VXE29tYr6lz5AI/PsyqqAg9u2W RwfngfaX47EBTWo5z+Wm3q+Jr2zpv2zEBOu0yxl/PUH0Knk2S5pu1u7Ou7jDC3ty 4mCWo50wLOjkXspYQ1TWBhlGTe2fTVhH3l5emSR2z7y8bOKXR+GTS16uJ/un/Plr 0AU3pnJNPTtEYGzvNRNrw2IFsN3TAnhZnve0LerryIsyc/3tz6UhdeLKCw5lScYl ljGRanFYnwLL9+/h0CgjudrjtkB7F0SYNwiuSvr4yeAGG+/B6KFvtdii99azWhKf BqT1maqEizgtGaWIenkEMHYWHReC79Q+0DC9cyZGe5NJlndXZP0i1IkzL6wOLbAS DFqkF35KUgcQFh+kyPblKhX3HK3ZtBEFTeoV6rEQsgV8bU9HqFd1rjt/805/rIjk ZiAkpTmTglI=6TQF -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
For the oldstable distribution (stretch), this problem has been fixed in version 2.4.44+dfsg-5+deb9u4.
For the stable distribution (buster), this problem has been fixed in version 2.4.47+dfsg-3+deb10u2.
For the detailed security status of openldap please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openldap
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl6ofsxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Qx4Q//dOnPiP6bKHrFUFtyv59tV5Zpa1jJ6BmIr3/5ueODnBu8MHLJw8503zLJ I43LDTzvGkXrxy0Y28YC5Qpv1oHW3gvPzFsTrn2DObeUnHlKOOUsyzz3saHXyyzQ ki+2UGsUXydSazDMeJzcoMfRdVpCtjc+GNTb/y7nxgwoKrz/WJplGstp2ibd8ftv Ju4uT8VJZcC3IEGhkYXJ7TENlegOK2FCewYMZARrNT/tjIDyAqfKi2muCg7oadx/ 5WZGLW7Pdw25jFknVy/Y7fEyJDWQdPH7NchK5tZy6D1lWQh67GcvJFSo5HICwb+n FilP29mIBbS96JQq6u5jWWMpAD6RPCtIltak4QdYptjdrQnTDFy3RJSTdZeis8ty HKwYJgNzVG6SCy04t3D+zeMbgEZOvj6GWrURQUqZJQmc4V9l89E0/D7zV3AX9Q9v 0hKEtpc//bZrS71QVqJvkWvrgfutB72Vnqfull+DBxvt33ma5W2il6kxGMwJK3S9 0lk60dzEDCdYp8TE61y8N4z+2IB/Otg9Ni2I8pmaE5s1/ZUva+8GhSjbmGyIhbpk p55kTiZUgpmu6EK2Kvjkh9rMlaa1IHXL8tdrbo8pRVtQHlA8/HUgoGiUHuX1h+Kw LZVjIV/L4qOFQ54uMbSscZgMEvhfW00fe3o2zI8WQZ9IPCQ3oRg= =K3JD -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0530",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "h700e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"model": "h410c",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "h500e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.13.6"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.6"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "h300s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h410s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.14.6"
},
{
"model": "h500s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h700s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "mac os x",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.15"
},
{
"model": "steelstore cloud integrated storage",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "solaris",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11"
},
{
"model": "mac os x",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.13.0"
},
{
"model": "brocade fabric operating system",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": null
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "19.10"
},
{
"model": "openldap",
"scope": "lt",
"trust": 1.0,
"vendor": "openldap",
"version": "2.4.50"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "mac os x",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.14.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.13.6"
},
{
"model": "zfs storage appliance kit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.8"
},
{
"model": "solaris",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10"
},
{
"model": "h300e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.14.6"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "20.04"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "openldap",
"scope": "eq",
"trust": 0.8,
"vendor": "openldap",
"version": "2.4.50"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005084"
},
{
"db": "NVD",
"id": "CVE-2020-12243"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:debian:debian_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:openldap:openldap",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005084"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "159661"
},
{
"db": "PACKETSTORM",
"id": "162142"
},
{
"db": "PACKETSTORM",
"id": "159347"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2326"
}
],
"trust": 0.9
},
"cve": "CVE-2020-12243",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-12243",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-005084",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-164902",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-12243",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-005084",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-12243",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-005084",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-2326",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-164902",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-12243",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-164902"
},
{
"db": "VULMON",
"id": "CVE-2020-12243"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005084"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2326"
},
{
"db": "NVD",
"id": "CVE-2020-12243"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). OpenLDAP Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be put into a state. The filter.c file of slapd in versions earlier than OpenLDAP 2.4.50 has a security vulnerability. =========================================================================\nUbuntu Security Notice USN-4352-2\nMay 06, 2020\n\nopenldap vulnerability\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 ESM\n- Ubuntu 12.04 ESM\n\nSummary:\n\nOpenLDAP could be made to crash if it received specially crafted\nnetwork traffic. This update provides\nthe corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. \n\nOriginal advisory details:\n\n It was discovered that OpenLDAP incorrectly handled certain queries. A\n remote attacker could possibly use this issue to cause OpenLDAP to consume\n resources, resulting in a denial of service. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 ESM:\n slapd 2.4.31-1+nmu2ubuntu8.5+esm2\n\nUbuntu 12.04 ESM:\n slapd 2.4.28-1.1ubuntu4.10\n\nIn general, a standard system update will make all the necessary changes. \n\nBug Fix(es):\n\n* Gather image registry config (backport to 4.3) (BZ#1836815)\n\n* Builds fail after running postCommit script if OCP cluster is configured\nwith a container registry whitelist (BZ#1849176)\n\n* Login with OpenShift not working after cluster upgrade (BZ#1852429)\n\n* Limit the size of gathered federated metrics from alerts in Insights\nOperator (BZ#1874018)\n\n* [4.3] Storage operator stops reconciling when going Upgradeable=False on\nv1alpha1 CRDs (BZ#1879110)\n\n* [release 4.3] OpenShift APIs become unavailable for more than 15 minutes\nafter one of master nodes went down(OAuth) (BZ#1880293)\n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.3.40-x86_64\n\nThe image digest is\nsha256:9ff90174a170379e90a9ead6e0d8cf6f439004191f80762764a5ca3dbaab01dc\n\n(For s390x architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.3.40-s390x\nThe image digest is\nsha256:605ddde0442e604cfe2d6bd1541ce48df5956fe626edf9cc95b1fca75d231b64\n\n(For ppc64le architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.3.40-ppc64le\n\nThe image digest is\nsha256:d3c9e391c145338eae3feb7f6a4e487dadc8139a353117d642fe686d277bcccc\n\n3. Solution:\n\nFor OpenShift Container Platform 4.3 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.3/updating/updating-cluster\n- -cli.html. Bugs fixed (https://bugzilla.redhat.com/):\n\n1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic\n1836815 - Gather image registry config (backport to 4.3)\n1849176 - Builds fail after running postCommit script if OCP cluster is configured with a container registry whitelist\n1874018 - Limit the size of gathered federated metrics from alerts in Insights Operator\n1874399 - [DR] etcd-member-recover.sh fails to pull image with unauthorized\n1879110 - [4.3] Storage operator stops reconciling when going Upgradeable=False on v1alpha1 CRDs\n\n5. Summary:\n\nRed Hat Ansible Automation Platform Resource Operator 1.2 (technical\npreview) images that fix several security issues. Description:\n\nRed Hat Ansible Automation Platform Resource Operator container images\nwith security fixes. \n\nAnsible Automation Platform manages Ansible Platform jobs and workflows\nthat can interface with any infrastructure on a Red Hat OpenShift Container\nPlatform cluster, or on a traditional infrastructure that is running\noff-cluster. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n1914774 - CVE-2021-20178 ansible: user data leak in snmp_facts module\n1915808 - CVE-2021-20180 ansible module: bitbucket_pipeline_variable exposes secured values\n1916813 - CVE-2021-20191 ansible: multiple modules expose secured values\n1925002 - CVE-2021-20228 ansible: basic.py no_log with fallback option\n1939349 - CVE-2021-3447 ansible: multiple modules expose secured values\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: openldap security update\nAdvisory ID: RHSA-2020:4041-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:4041\nIssue date: 2020-09-29\nCVE Names: CVE-2020-12243\n====================================================================\n1. Summary:\n\nAn update for openldap is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenLDAP is an open-source suite of Lightweight Directory Access Protocol\n(LDAP) applications and development tools. LDAP is a set of protocols used\nto access and maintain distributed directory information services over an\nIP network. The openldap packages contain configuration files, libraries,\nand documentation for OpenLDAP. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.9 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenldap-2.4.44-22.el7.src.rpm\n\nx86_64:\nopenldap-2.4.44-22.el7.i686.rpm\nopenldap-2.4.44-22.el7.x86_64.rpm\nopenldap-clients-2.4.44-22.el7.x86_64.rpm\nopenldap-debuginfo-2.4.44-22.el7.i686.rpm\nopenldap-debuginfo-2.4.44-22.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenldap-debuginfo-2.4.44-22.el7.i686.rpm\nopenldap-debuginfo-2.4.44-22.el7.x86_64.rpm\nopenldap-devel-2.4.44-22.el7.i686.rpm\nopenldap-devel-2.4.44-22.el7.x86_64.rpm\nopenldap-servers-2.4.44-22.el7.x86_64.rpm\nopenldap-servers-sql-2.4.44-22.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenldap-2.4.44-22.el7.src.rpm\n\nx86_64:\nopenldap-2.4.44-22.el7.i686.rpm\nopenldap-2.4.44-22.el7.x86_64.rpm\nopenldap-clients-2.4.44-22.el7.x86_64.rpm\nopenldap-debuginfo-2.4.44-22.el7.i686.rpm\nopenldap-debuginfo-2.4.44-22.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenldap-debuginfo-2.4.44-22.el7.i686.rpm\nopenldap-debuginfo-2.4.44-22.el7.x86_64.rpm\nopenldap-devel-2.4.44-22.el7.i686.rpm\nopenldap-devel-2.4.44-22.el7.x86_64.rpm\nopenldap-servers-2.4.44-22.el7.x86_64.rpm\nopenldap-servers-sql-2.4.44-22.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenldap-2.4.44-22.el7.src.rpm\n\nppc64:\nopenldap-2.4.44-22.el7.ppc.rpm\nopenldap-2.4.44-22.el7.ppc64.rpm\nopenldap-clients-2.4.44-22.el7.ppc64.rpm\nopenldap-debuginfo-2.4.44-22.el7.ppc.rpm\nopenldap-debuginfo-2.4.44-22.el7.ppc64.rpm\nopenldap-devel-2.4.44-22.el7.ppc.rpm\nopenldap-devel-2.4.44-22.el7.ppc64.rpm\nopenldap-servers-2.4.44-22.el7.ppc64.rpm\n\nppc64le:\nopenldap-2.4.44-22.el7.ppc64le.rpm\nopenldap-clients-2.4.44-22.el7.ppc64le.rpm\nopenldap-debuginfo-2.4.44-22.el7.ppc64le.rpm\nopenldap-devel-2.4.44-22.el7.ppc64le.rpm\nopenldap-servers-2.4.44-22.el7.ppc64le.rpm\n\ns390x:\nopenldap-2.4.44-22.el7.s390.rpm\nopenldap-2.4.44-22.el7.s390x.rpm\nopenldap-clients-2.4.44-22.el7.s390x.rpm\nopenldap-debuginfo-2.4.44-22.el7.s390.rpm\nopenldap-debuginfo-2.4.44-22.el7.s390x.rpm\nopenldap-devel-2.4.44-22.el7.s390.rpm\nopenldap-devel-2.4.44-22.el7.s390x.rpm\nopenldap-servers-2.4.44-22.el7.s390x.rpm\n\nx86_64:\nopenldap-2.4.44-22.el7.i686.rpm\nopenldap-2.4.44-22.el7.x86_64.rpm\nopenldap-clients-2.4.44-22.el7.x86_64.rpm\nopenldap-debuginfo-2.4.44-22.el7.i686.rpm\nopenldap-debuginfo-2.4.44-22.el7.x86_64.rpm\nopenldap-devel-2.4.44-22.el7.i686.rpm\nopenldap-devel-2.4.44-22.el7.x86_64.rpm\nopenldap-servers-2.4.44-22.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenldap-debuginfo-2.4.44-22.el7.ppc64.rpm\nopenldap-servers-sql-2.4.44-22.el7.ppc64.rpm\n\nppc64le:\nopenldap-debuginfo-2.4.44-22.el7.ppc64le.rpm\nopenldap-servers-sql-2.4.44-22.el7.ppc64le.rpm\n\ns390x:\nopenldap-debuginfo-2.4.44-22.el7.s390x.rpm\nopenldap-servers-sql-2.4.44-22.el7.s390x.rpm\n\nx86_64:\nopenldap-debuginfo-2.4.44-22.el7.x86_64.rpm\nopenldap-servers-sql-2.4.44-22.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenldap-2.4.44-22.el7.src.rpm\n\nx86_64:\nopenldap-2.4.44-22.el7.i686.rpm\nopenldap-2.4.44-22.el7.x86_64.rpm\nopenldap-clients-2.4.44-22.el7.x86_64.rpm\nopenldap-debuginfo-2.4.44-22.el7.i686.rpm\nopenldap-debuginfo-2.4.44-22.el7.x86_64.rpm\nopenldap-devel-2.4.44-22.el7.i686.rpm\nopenldap-devel-2.4.44-22.el7.x86_64.rpm\nopenldap-servers-2.4.44-22.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenldap-debuginfo-2.4.44-22.el7.x86_64.rpm\nopenldap-servers-sql-2.4.44-22.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-12243\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX3Of5NzjgjWX9erEAQjUBg/+LuTU5msGMECYNN1kTZeKEOLCX9BedipK\njEUYzVTDdrrVglmfre4vnt8I5vLaVHoWD9Azv/0T7C7PqoDQTa+DuXgmUJ0gST8u\nMVhEsiDzTb2JPEPT0G5Mn/S7bL5buthYDlHJxTlnPimuvYBYIRRnP/65Kw0KnKyH\nJd0lheTvX0I6MbH+vArqU6LHeX21tvfPHlqfPWz3adCvqk7T0mKTM2N2qbeaeyMk\nNPkqy4L/79s897+76c8PaS9VNIC+zTq78V24n/VXE29tYr6lz5AI/PsyqqAg9u2W\nRwfngfaX47EBTWo5z+Wm3q+Jr2zpv2zEBOu0yxl/PUH0Knk2S5pu1u7Ou7jDC3ty\n4mCWo50wLOjkXspYQ1TWBhlGTe2fTVhH3l5emSR2z7y8bOKXR+GTS16uJ/un/Plr\n0AU3pnJNPTtEYGzvNRNrw2IFsN3TAnhZnve0LerryIsyc/3tz6UhdeLKCw5lScYl\nljGRanFYnwLL9+/h0CgjudrjtkB7F0SYNwiuSvr4yeAGG+/B6KFvtdii99azWhKf\nBqT1maqEizgtGaWIenkEMHYWHReC79Q+0DC9cyZGe5NJlndXZP0i1IkzL6wOLbAS\nDFqkF35KUgcQFh+kyPblKhX3HK3ZtBEFTeoV6rEQsgV8bU9HqFd1rjt/805/rIjk\nZiAkpTmTglI=6TQF\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nFor the oldstable distribution (stretch), this problem has been fixed\nin version 2.4.44+dfsg-5+deb9u4. \n\nFor the stable distribution (buster), this problem has been fixed in\nversion 2.4.47+dfsg-3+deb10u2. \n\nFor the detailed security status of openldap please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/openldap\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl6ofsxfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0Qx4Q//dOnPiP6bKHrFUFtyv59tV5Zpa1jJ6BmIr3/5ueODnBu8MHLJw8503zLJ\nI43LDTzvGkXrxy0Y28YC5Qpv1oHW3gvPzFsTrn2DObeUnHlKOOUsyzz3saHXyyzQ\nki+2UGsUXydSazDMeJzcoMfRdVpCtjc+GNTb/y7nxgwoKrz/WJplGstp2ibd8ftv\nJu4uT8VJZcC3IEGhkYXJ7TENlegOK2FCewYMZARrNT/tjIDyAqfKi2muCg7oadx/\n5WZGLW7Pdw25jFknVy/Y7fEyJDWQdPH7NchK5tZy6D1lWQh67GcvJFSo5HICwb+n\nFilP29mIBbS96JQq6u5jWWMpAD6RPCtIltak4QdYptjdrQnTDFy3RJSTdZeis8ty\nHKwYJgNzVG6SCy04t3D+zeMbgEZOvj6GWrURQUqZJQmc4V9l89E0/D7zV3AX9Q9v\n0hKEtpc//bZrS71QVqJvkWvrgfutB72Vnqfull+DBxvt33ma5W2il6kxGMwJK3S9\n0lk60dzEDCdYp8TE61y8N4z+2IB/Otg9Ni2I8pmaE5s1/ZUva+8GhSjbmGyIhbpk\np55kTiZUgpmu6EK2Kvjkh9rMlaa1IHXL8tdrbo8pRVtQHlA8/HUgoGiUHuX1h+Kw\nLZVjIV/L4qOFQ54uMbSscZgMEvhfW00fe3o2zI8WQZ9IPCQ3oRg=\n=K3JD\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12243"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005084"
},
{
"db": "VULHUB",
"id": "VHN-164902"
},
{
"db": "VULMON",
"id": "CVE-2020-12243"
},
{
"db": "PACKETSTORM",
"id": "157602"
},
{
"db": "PACKETSTORM",
"id": "159661"
},
{
"db": "PACKETSTORM",
"id": "162142"
},
{
"db": "PACKETSTORM",
"id": "157601"
},
{
"db": "PACKETSTORM",
"id": "159347"
},
{
"db": "PACKETSTORM",
"id": "168811"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-12243",
"trust": 3.2
},
{
"db": "PACKETSTORM",
"id": "157602",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "159347",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162142",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005084",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2326",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "161727",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "161916",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "162130",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "159553",
"trust": 0.7
},
{
"db": "ICS CERT",
"id": "ICSA-22-116-01",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.1207",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1637",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2604",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0845",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1742.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3631",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1742",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1458",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0986",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3535",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1193",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1569",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1613",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "157601",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159552",
"trust": 0.1
},
{
"db": "CNVD",
"id": "CNVD-2020-27485",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-164902",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-12243",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159661",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168811",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-164902"
},
{
"db": "VULMON",
"id": "CVE-2020-12243"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005084"
},
{
"db": "PACKETSTORM",
"id": "157602"
},
{
"db": "PACKETSTORM",
"id": "159661"
},
{
"db": "PACKETSTORM",
"id": "162142"
},
{
"db": "PACKETSTORM",
"id": "157601"
},
{
"db": "PACKETSTORM",
"id": "159347"
},
{
"db": "PACKETSTORM",
"id": "168811"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2326"
},
{
"db": "NVD",
"id": "CVE-2020-12243"
}
]
},
"id": "VAR-202004-0530",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-164902"
}
],
"trust": 0.725
},
"last_update_date": "2024-09-19T21:43:28.668000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "[SECURITY] [DLA 2199-1] openldap security update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00001.html"
},
{
"title": "DSA-4666",
"trust": 0.8,
"url": "https://www.debian.org/security/2020/dsa-4666"
},
{
"title": "Issue#9248",
"trust": 0.8,
"url": "https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_4/CHANGES"
},
{
"title": "ITS#9202 limit depth of nested filters",
"trust": 0.8,
"url": "https://git.openldap.org/openldap/openldap/-/commit/98464c11df8247d6a11b52e294ba5dd4f0380440"
},
{
"title": "Issue 9202",
"trust": 0.8,
"url": "https://bugs.openldap.org/show_bug.cgi?id=9202"
},
{
"title": "OpenLDAP Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=118093"
},
{
"title": "Red Hat: Moderate: openldap security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204041 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: openldap vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4352-1"
},
{
"title": "Ubuntu Security Notice: openldap vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4352-2"
},
{
"title": "Debian Security Advisories: DSA-4666-1 openldap -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=fb4df889a45e12b120ab07487d89cbed"
},
{
"title": "Amazon Linux 2: ALAS2-2020-1539",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2020-1539"
},
{
"title": "Red Hat: Moderate: security update - Red Hat Ansible Tower 3.7 runner release (CVE-2019-18874)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204254 - Security Advisory"
},
{
"title": "Red Hat: Moderate: security update - Red Hat Ansible Tower 3.6 runner release (CVE-2019-18874)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204255 - Security Advisory"
},
{
"title": "IBM: Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (July 2020v1)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=4ca8040b949152189bea3a3126afcd39"
},
{
"title": "Red Hat: Low: OpenShift Container Platform 4.3.40 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204264 - Security Advisory"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-12243"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005084"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2326"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-674",
"trust": 1.1
},
{
"problemtype": "CWE-400",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-164902"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005084"
},
{
"db": "NVD",
"id": "CVE-2020-12243"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://usn.ubuntu.com/4352-1/"
},
{
"trust": 1.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12243"
},
{
"trust": 1.8,
"url": "https://git.openldap.org/openldap/openldap/-/blob/openldap_rel_eng_2_4/changes"
},
{
"trust": 1.8,
"url": "https://git.openldap.org/openldap/openldap/-/commit/98464c11df8247d6a11b52e294ba5dd4f0380440"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20200511-0003/"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht211289"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2020/dsa-4666"
},
{
"trust": 1.8,
"url": "https://bugs.openldap.org/show_bug.cgi?id=9202"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00001.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00016.html"
},
{
"trust": 1.8,
"url": "https://usn.ubuntu.com/4352-2/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12243"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1742.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3535/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1458/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1569/"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-116-01"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159553/red-hat-security-advisory-2020-4255-01.html"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht211289"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0986"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/openldap-denial-of-service-via-search-filters-32124"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1207"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0845"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2604"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159347/red-hat-security-advisory-2020-4041-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161727/red-hat-security-advisory-2021-0778-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157602/ubuntu-security-notice-usn-4352-2.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1637/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161916/red-hat-security-advisory-2021-0949-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162142/red-hat-security-advisory-2021-1079-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1613/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1193"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3631/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1742/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162130/red-hat-security-advisory-2021-1129-01.html"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-12243"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2020:4041"
},
{
"trust": 0.2,
"url": "https://usn.ubuntu.com/4352-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17006"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-12749"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17023"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17023"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-6829"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12652"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-12403"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-20388"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11756"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-11756"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14973"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17498"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12749"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-7595"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17006"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19956"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-5094"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-19956"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17546"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-12400"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-11727"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11719"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-15903"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-20843"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14973"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-12402"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5188"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-12652"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-12401"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17546"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-11719"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20388"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14866"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5094"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11727"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-5188"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17498"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/674.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-116-01"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4352-2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4264"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-2974"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19126"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11068"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18197"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5482"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18197"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2226"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2780"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16935"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12450"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2974"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2752"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20386"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2574"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14352"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14822"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14822"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16935"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2225"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5482"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8492"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12825"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18190"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8696"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2181"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2182"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.3/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20386"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-18190"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2224"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9283"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19126"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11068"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2812"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20907"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1079"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8625"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12402"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1971"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15999"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20228"
},
{
"trust": 0.1,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12401"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8177"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12400"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3156"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3447"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5313"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20191"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1971"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20180"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12403"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15999"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-5313"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14422"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20907"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20178"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14422"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openldap/2.4.48+dfsg-1ubuntu1.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openldap/2.4.42+dfsg-2ubuntu3.8"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openldap/2.4.45+dfsg-1ubuntu1.5"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openldap/2.4.49+dfsg-2ubuntu1.2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/openldap"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-164902"
},
{
"db": "VULMON",
"id": "CVE-2020-12243"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005084"
},
{
"db": "PACKETSTORM",
"id": "157602"
},
{
"db": "PACKETSTORM",
"id": "159661"
},
{
"db": "PACKETSTORM",
"id": "162142"
},
{
"db": "PACKETSTORM",
"id": "157601"
},
{
"db": "PACKETSTORM",
"id": "159347"
},
{
"db": "PACKETSTORM",
"id": "168811"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2326"
},
{
"db": "NVD",
"id": "CVE-2020-12243"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-164902"
},
{
"db": "VULMON",
"id": "CVE-2020-12243"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005084"
},
{
"db": "PACKETSTORM",
"id": "157602"
},
{
"db": "PACKETSTORM",
"id": "159661"
},
{
"db": "PACKETSTORM",
"id": "162142"
},
{
"db": "PACKETSTORM",
"id": "157601"
},
{
"db": "PACKETSTORM",
"id": "159347"
},
{
"db": "PACKETSTORM",
"id": "168811"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2326"
},
{
"db": "NVD",
"id": "CVE-2020-12243"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-28T00:00:00",
"db": "VULHUB",
"id": "VHN-164902"
},
{
"date": "2020-04-28T00:00:00",
"db": "VULMON",
"id": "CVE-2020-12243"
},
{
"date": "2020-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005084"
},
{
"date": "2020-05-07T15:33:32",
"db": "PACKETSTORM",
"id": "157602"
},
{
"date": "2020-10-21T15:40:32",
"db": "PACKETSTORM",
"id": "159661"
},
{
"date": "2021-04-09T15:06:13",
"db": "PACKETSTORM",
"id": "162142"
},
{
"date": "2020-05-07T15:33:27",
"db": "PACKETSTORM",
"id": "157601"
},
{
"date": "2020-09-30T15:43:05",
"db": "PACKETSTORM",
"id": "159347"
},
{
"date": "2020-04-28T19:12:00",
"db": "PACKETSTORM",
"id": "168811"
},
{
"date": "2020-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2326"
},
{
"date": "2020-04-28T19:15:12.267000",
"db": "NVD",
"id": "CVE-2020-12243"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-29T00:00:00",
"db": "VULHUB",
"id": "VHN-164902"
},
{
"date": "2022-04-29T00:00:00",
"db": "VULMON",
"id": "CVE-2020-12243"
},
{
"date": "2020-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005084"
},
{
"date": "2022-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2326"
},
{
"date": "2022-04-29T13:24:38.527000",
"db": "NVD",
"id": "CVE-2020-12243"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "157602"
},
{
"db": "PACKETSTORM",
"id": "157601"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2326"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenLDAP Resource exhaustion vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005084"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2326"
}
],
"trust": 0.6
}
}
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.