The WPGraphQL WordPress plugin before 0.3.5 doesn’t properly restrict access to information about other users’ roles on the affected site. Because of this, a remote attacker could forge a GraphQL query to retrieve the account roles of every user on the site.
IBM Cloud Pak System 2.3.0 through 2.3.3.3 Interim Fix 1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197498.
vim-8.2.4927-1.fc36
patchlevel 4927
Security fixes for CVE-2022-1616, CVE-2022-1619, CVE-2022-1619
rsyslog-8.2204.0-1.fc37
Automatic update for rsyslog-8.2204.0-1.fc37.
* Mon May 9 2022 Attila Lakatos <alakatos@redhat.com> – 8.2204.0-1
– rebase to 8.2204.0
resolves: rhbz#1951970
– CVE-2022-24903 rsyslog: Heap-based overflow in TCP syslog server
resolves: rhbz#2082302
rsyslog-8.2204.0-1.fc36
Rebase to 8.2204.0
Add patch to resolve potential heap buffer overflow, details: https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8
rsyslog-8.2204.0-1.fc35
Rebase to 8.2204.0-1
Add patch resolving a potential heap buffer overflow, details: https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8
USN-5244-1 fixed a vulnerability in DBus. This update provides
the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
Original advisory details:
Daniel Onaca discovered that DBus contained a use-after-free vulnerability,
caused by the incorrect handling of usernames sharing the same UID. An
attacker could possibly use this issue to cause DBus to crash, resulting
in a denial of service.
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
