MiracleLinux 8 : 389-ds:1.4 (AXSA:2022-3797:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3797:01 advisory. 389-ds-base: sending crafted message could result in DoS CVE-2022-0918 389-ds-base: expired password was still allowed to access the database...

Security Bulletin: Multiple vulnerabilities affect Data Virtualization on IBM Software Hub (December 2025)

Summary Multiple vulnerabilities have been addressed in Data Virtualization on IBM Software Hub. Note that Data Virtualization was named Watson Query on IBM Cloud Pak for Data version 4.8. Vulnerability Details CVEID:CVE-2025-8916 DESCRIPTION: Allocation of Resources Without Limits or Throttling...

CVE-2025-33012

IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux could allow an authenticated user to regain access after account lockout due to password use after expiration date...

CVE-2025-33012

IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux could allow an authenticated user to regain access after account lockout due to password use after expiration date...

EUVD-2007-2456

Malware in sbrugna...

EUVD-2022-1342

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-22221

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions starting from 12.9.0 before 13.10.5, all versions starting from 13.11.0 before 13.11.5, all versio...

CVE-2022-24732

Maddy Mail Server is an open source SMTP compatible email server. Versions of maddy prior to 0.5.4 do not implement password expiry or account expiry checking when authenticating using PAM. Users are advised to upgrade. Users unable to upgrade should manually remove expired accounts via existing...

Ensure That the Password Validity Is Set Correctly

If a password is not changed for a long time, the password is vulnerable to brute force cracking, which compromises system security. If the password validity period is set too short, the password needs to be changed frequently, increasing management costs. In addition, users may fail to log in...

PgBouncer default auth_query does not take Postgres password expiry into account

...

BIT-PGBOUNCER-2025-2291 PgBouncer default auth_query does not take Postgres password expiry into account

Password can be used past expiry in PgBouncer due to authquery not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password...

CVE-2025-2291

Password can be used past expiry in PgBouncer due to authquery not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password...

CVE-2025-2291

Password can be used past expiry in PgBouncer due to authquery not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password...

CVE-2025-2291

Password can be used past expiry in PgBouncer due to authquery not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password...

CVE-2025-2291 PgBouncer default auth_query does not take Postgres password expiry into account

Password can be used past expiry in PgBouncer due to authquery not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password...

CVE-2025-2291 PgBouncer default auth_query does not take Postgres password expiry into account

Password can be used past expiry in PgBouncer due to authquery not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password...

CVE-2025-2291

CVE-2025-2291 affects PgBouncer; the flaw arises because auth_query does not respect the PostgreSQL VALID UNTIL expiry, allowing login with an already expired password. The issue impacts versions older than the fixed release (upstream 1.24.1 line; many advisories reference versions < 1.24.1-1 or

Why 'Never Expire' Passwords Can Be a Risky Decision

Password resets can be frustrating for end users. Nobody likes being interrupted by the 'time to change your password' notification – and they like it even less when the new passwords they create are rejected by their organization's password policy. IT teams share the pain, with resetting passwor...

SUSE-RU-2023:4991-1 Recommended update for mariadb104

This update for mariadb104 fixes the following issues: - Implement version 10.4 of MariaDB jscPED-2455: It is possible to use more than one authentication plugin for each user account. The root user account is being created with the ability to use two authentication plugins. All user accounts,...

SUSE CVE-2022-1049

A flaw was found in the Pacemaker configuration tool pcs. The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login...