CLSA-2025-1758645818 openldap: Fix of 14 CVEs

Rebase to 2.4.58 to fix the following vulnerabilities: - CVE-2020-12243: fix denial of service caused by LDAP search filters with nested boolean expressions - CVE-2020-36221: fix integer underflow in the Certificate Exact Assertion processing - CVE-2020-36223: fix slapd crash in the Values Return...

MiracleLinux 8 : krb5-1.18.2-8.3.el8 (AXSA:2021-2428:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2428:02 advisory. krb5: Sending a request containing PA-ENCRYPTED-CHALLENGE padata element without using FAST could result in NULL dereference in KDC which leads to D...

Siemens SIMATIC S7-1500 NULL Pointer Dereference (CVE-2021-36222)

ecverify in kdc/kdcpreauthec.c in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. This...

CVE-2025-36222

creationtimestamp| type| source ---|---|--- 2025-09-12 01:02:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lym2u74lrk2u...

CVE-2020-36222

creationtimestamp| type| source ---|---|--- 2025-08-19 11:30:16+00:00| seen| https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lwqsqzfv7k2m...

CVE-2023-36222

Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote attacker to execute arbitrary code via a crafted payload to the comment parameter in the article function...

CVE-2022-36222

Nokia Fastmile 3tg00118abad52 devices shipped by Optus are shipped with a default hardcoded admin account of admin:Nq+L5st7o This account can be used locally to access the web admin interface...

Advisory ROSA-SA-2025-2550

Software: openldap 2.4.44 OS: rosa-server79 packageevrstring: openldap-2.4.44-25.0.2.res7 CVE-ID: CVE-2019-13057 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in OpenLDAP allows a server administrator with rootDN privileges to request authorization as another user from a different...

Photon OS 4.0: Openldap PHSA-2021-4.0-0008

An update of the openldap package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2021-4.0-0008. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CVE-2024-36222 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires us...

BELL-CVE-2021-36222 CVE-2021-36222 does not affect BellSoft software

Bulletin has no description...

CVE-2023-36222

creationtimestamp| type| source ---|---|--- 2023-07-04 00:23:05+00:00| seen| https://t.me/cibsecurity/65894...

CVE-2023-36222

Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote attacker to execute arbitrary code via a crafted payload to the comment parameter in the article function...

CVE-2023-36222

Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote attacker to execute arbitrary code via a crafted payload to the comment parameter in the article function...

CVE-2023-36222

Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote attacker to execute arbitrary code via a crafted payload to the comment parameter in the article function...

CVE-2023-36222

CVE-2023-36222 (mlogclub/bbs-go) is a Cross Site Scripting vulnerability affecting v3.5.5 and earlier. The issue arises in the comment parameter of the article function, where crafted input can be echoed to the front end, allowing a remote attacker to execute arbitrary code via XSS. Several conne...

USN-5959-1: Kerberos vulnerabilities Severity | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that Kerberos incorrectly handled memory when processing KDC data, which could lead to a NULL pointer dereference. An attacker could possibly use this issue to cause a denial of service ...

USN-5959-1: Kerberos vulnerabilities

It was discovered that Kerberos incorrectly handled memory when processing KDC data, which could lead to a NULL pointer dereference. An attacker could possibly use this issue to cause a denial of service or have other unspecified impacts. CVE-2021-36222, CVE-2021-37750...

SUSE CVE-2021-36222

ecverify in kdc/kdcpreauthec.c in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation...

CVE-2022-36222

creationtimestamp| type| source ---|---|--- 2022-12-21 22:13:17+00:00| seen| https://t.me/cibsecurity/55086...