Category Archives: Advisories

CVE-2019-25060

Read Time:13 Second

The WPGraphQL WordPress plugin before 0.3.5 doesn’t properly restrict access to information about other users’ roles on the affected site. Because of this, a remote attacker could forge a GraphQL query to retrieve the account roles of every user on the site.

Read More

CVE-2021-20479

Read Time:11 Second

IBM Cloud Pak System 2.3.0 through 2.3.3.3 Interim Fix 1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197498.

Read More

rsyslog-8.2204.0-1.fc37

Read Time:19 Second

FEDORA-2022-f2c4c83cc1

Packages in this update:

rsyslog-8.2204.0-1.fc37

Update description:

Automatic update for rsyslog-8.2204.0-1.fc37.

Changelog

* Mon May 9 2022 Attila Lakatos <alakatos@redhat.com> – 8.2204.0-1
– rebase to 8.2204.0
resolves: rhbz#1951970
– CVE-2022-24903 rsyslog: Heap-based overflow in TCP syslog server
resolves: rhbz#2082302

Read More

USN-5244-2: DBus vulnerability

Read Time:20 Second

USN-5244-1 fixed a vulnerability in DBus. This update provides
the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.

Original advisory details:

Daniel Onaca discovered that DBus contained a use-after-free vulnerability,
caused by the incorrect handling of usernames sharing the same UID. An
attacker could possibly use this issue to cause DBus to crash, resulting
in a denial of service.

Read More