EUVD-2020-1427

Malware in sbrugna...

EUVD-2024-41745

Malicious code in bioql PyPI...

CVE-2024-45647

IBM Security Verify Access 10.0.0 through 10.0.8 and IBM Security Verify Access Docker 10.0.0 through 10.0.8 could allow could an unverified user to change the password of an expired user without prior knowledge of that password...

CVE-2024-45647

IBM Security Verify Access (versions 10.0.0–10.0.8) and IBM Security Verify Access Docker (10.0.0–10.0.8) are affected by CVE-2024-45647, which allows an unauthenticated or unverified user to change the password of an expired user without the password. The underlying issue is CWE-620 (Unverified ...

CVE-2024-45647 IBM Security Verify Access unverified password change

IBM Security Verify Access 10.0.0 through 10.0.8 and IBM Security Verify Access Docker 10.0.0 through 10.0.8 could allow could an unverified user to change the password of an expired user without prior knowledge of that password...

Token Validation Bypass

spreeapi is vulnerable to token validation bypass. Failure to check for the expiry of the doorkeepertoken allows an attacker to access Storefront API v2 endpoints using expired user tokens...

CVE-2020-15269

In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens could be used to access Storefront API v2 endpoints. The issue is patched in versions 3.7.11, 4.0.4 and 4.1.11. A workaround without upgrading is described in the linked advisory...

GHSA-F8CM-364F-Q9QH Ensure that doorkeeper_token is valid when authenticating requests in API v2 calls

Impact The perpetrator who previously obtained an old expired user token could use it to access Storefront API v2 endpoints. Patches Please upgrade to 3.7.11, 4.0.4, or 4.1.11 depending on your used Spree version. Workarounds In your project directory create a decorator file...

CVE-2018-20238

Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote attackers to authenticate using an expired user session via an insufficient session expiration vulnerability...

CVE-2018-20238

CVE-2018-20238 affects Atlassian Crowd: remote attackers can authenticate using an expired user session due to insufficient session expiration. Affected versions are Crowd prior to 3.2.7 and 3.3.0 up to 3.3.4. This is described as an authentication issue in various REST resources, enabling sessio...

Expired user in Active Directory do not stop user from cloning via SSH

User who is bind with a SSH key can still clone while their account has expired on the Active Directory. However, this user will not able to login to Stash. Another scenario on the same concept works where the user bind with the SSH key is disabled in AD and that user will not be able to clone or...

Security Advisory: Cisco Secure Access Control Server Novell Directory Service Expired/Disabled User Authentication Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Cisco Security Advisory: Cisco Secure Access Control Server Novell Directory Service Expired/Disabled User Authentication Vulnerability ========================================================================== Revision 1.0 For Public Release 2002 February 07...