CLSA-2025-1758645818 openldap: Fix of 14 CVEs

Rebase to 2.4.58 to fix the following vulnerabilities: - CVE-2020-12243: fix denial of service caused by LDAP search filters with nested boolean expressions - CVE-2020-36221: fix integer underflow in the Certificate Exact Assertion processing - CVE-2020-36223: fix slapd crash in the Values Return...

CVE-2025-36223

IBM OpenPages 9.0 and 9.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking...

Siemens SIMATIC S7-1500 Out-of-bounds Read (CVE-2020-36223)

A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service double free and out-of-bounds read. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

CVE-2025-36223

IBM OpenPages 9.0 and 9.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking...

Security Bulletin: IBM OpenPages mitigates Host header injection vulnerability (CVE-2025-36223)

Summary A vulnerability in IBM OpenPages could allow an attacker to manipulate the Host header in a request, potentially influencing the response data. In certain redirection scenarios, user navigation could be influenced in unintended ways, potentially leading to exposure to untrusted...

Advisory ROSA-SA-2025-2550

Software: openldap 2.4.44 OS: rosa-server79 packageevrstring: openldap-2.4.44-25.0.2.res7 CVE-ID: CVE-2019-13057 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in OpenLDAP allows a server administrator with rootDN privileges to request authorization as another user from a different...

Photon OS 4.0: Openldap PHSA-2021-4.0-0008

An update of the openldap package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2021-4.0-0008. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

BELL-CVE-2020-36223 CVE-2020-36223 does not affect BellSoft software

Bulletin has no description...

CVE-2023-36223

creationtimestamp| type| source ---|---|--- 2023-07-04 00:23:03+00:00| seen| https://t.me/cibsecurity/65892...

CVE-2023-36223

Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote attacker to execute arbitrary code via a crafted payload to the announcements parameter in the settings function...

CVE-2023-36223

CVE-2023-36223 is a Cross Site Scripting (XSS) vulnerability in mlogclub/bbs-go prior to 3.5.5. The root cause is improper escaping in the announcements parameter within the settings function, allowing a remote attacker to inject and execute script code in a victim’s browser. Multiple connected s...

CVE-2023-36223

Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote attacker to execute arbitrary code via a crafted payload to the announcements parameter in the settings function...

SUSE CVE-2020-36223

A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service double free and out-of-bounds read...

Emby Server <= 4.7.11 XSS Vulnerability

Emby Server is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2022-36223

Emby Server 4.6.7.0 is affected by a stored XSS in the playlist name field that can be exploited to steal the administrator access token and take over the media server administrator account. The issue is documented across multiple sources (NVD, Red Hat, CNVD, OSV, etc.). Public exploit details ar...

Huawei EulerOS: Security Advisory for openldap (EulerOS-SA-2021-2004)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES11 Security Update : openldap2 (SUSE-SU-2021:14700-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:14700-1 advisory. - An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing,...

SUSE: Security Advisory (SUSE-SU-2021:14700-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for compat-openldap (EulerOS-SA-2021-1916)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for openldap (EulerOS-SA-2021-1906)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...