Astra Linux - уязвимость в pcs

A flaw was discovered in the Pacemaker configuration tool pcs. The pcs daemon allowed expired accounts, as well as accounts with expired passwords, to log in when using PAM authentication. As a result, unprivileged expired accounts that had been denied access could still log in...

Spring Security Vulnerable to User Attribute Enumeration when Using DaoAuthenticationProvider

Vulnerability in Spring Spring Security. If an application is using the UserDetailsisEnabled, isAccountNonExpired, or isAccountNonLocked user attributes, to enable, expire, or lock users, then DaoAuthenticationProvider's timing attack defense can be bypassed for users who are disabled, expired, o...

CVE-2026-22746

The CVE concerns Spring Security vulnerability CVE-2026-22746 where the timing-attack defense in DaoAuthenticationProvider can be bypassed when an application uses the UserDetails attributes isEnabled, isAccountNonExpired, or isAccountNonLocked to manage user status. Affected versions include Spr...

CVE-2026-22746 User Attribute Enumeration when Using DaoAuthenticationProvider

Vulnerability in Spring Spring Security. If an application is using the UserDetailsisEnabled, isAccountNonExpired, or isAccountNonLocked user attributes, to enable, expire, or lock users, then DaoAuthenticationProvider's timing attack defense can be bypassed for users who are disabled, expired, o...

EUVD-1999-0398

Malware in sbrugna...

EUVD-2017-1439

Malware in sbrugna...

EUVD-2022-29588

Malicious code in bioql PyPI...

EUVD-2022-31118

Malicious code in bioql PyPI...

CVE-1999-0398

In some instances of SSH 1.2.27 and 2.0.11 on Linux systems, SSH will allow users with expired accounts to login...

keycloak-ldap-federation: Authentication Bypass Due to Missing LDAP Bind After Password Reset in Keycloak

A flaw was found in Keycloak. When an Active Directory user resets their password, the system updates it without performing an LDAP bind to validate the new credentials against AD. This vulnerability allows users whose AD accounts are expired or disabled to regain access in Keycloak, bypassing AD...

CVE-2022-24755

Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director = 18.2 = 18.2 but prior to 21.1.0, 20.0.6, and 19.2.12 is built and configured for PAM authentication, it will skip authorization checks completely. Expired accounts and accounts...

GHSA-M3HP-8546-5QMR Duplicate Advisory: Authentication Bypass Due to Missing LDAP Bind After Password Reset in Keycloak

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2p82-5wwr-43cw. This link is maintained to preserve external references. Original Description A flaw was found in Keycloak. When an Active Directory user resets their password, the system updates it without...

CVE-2024-45647

IBM Security Verify Access 10.0.0 through 10.0.8 and IBM Security Verify Access Docker 10.0.0 through 10.0.8 could allow could an unverified user to change the password of an expired user without prior knowledge of that password...

USN-6475-1 cobbler vulnerabilities

It was discovered that Cobbler did not properly handle user input, which could result in an absolute path traversal. An attacker could possibly use this issue to read arbitrary files. CVE-2014-3225 It was discovered that Cobbler did not properly handle user input, which could result in command...

SUSE CVE-2022-1049

A flaw was found in the Pacemaker configuration tool pcs. The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login...

Oracle Linux 9 : pcs (ELSA-2022-10007)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-10007 advisory. 0.11.3-4 - Fixed ruby socket permissions - Resolves: rhbz2116841 0.11.3-3 - Fixed booth ticket mode value case insensitive - Fixed booth sync check whether...

AlmaLinux 9 : pcs (ALSA-2022:7935)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:7935 advisory. - A flaw was found in the Pacemaker configuration tool pcs. The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using P...

Rocky Linux 8 : pcs (RLSA-2022:7447)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:7447 advisory. - A flaw was found in the Pacemaker configuration tool pcs. The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using...

pcs: improper authentication via PAM

A flaw was found in the Pacemaker configuration tool pcs. The pcs daemon allowed expired accounts and accounts with expired passwords to log in when using PAM authentication. Unprivileged, expired accounts with previously denied access could still log in...

AlmaLinux 8 : pcs (ALSA-2022:7447)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:7447 advisory. - A flaw was found in the Pacemaker configuration tool pcs. The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using P...