Nessus Network Monitor leverages third-party software to help provide underlying functionality. Several third-party components (OpenSSL and jQuery UI) were found to contain vulnerabilities, and updated versions have been made available by the providers.
Out of caution and in line with best practice, Tenable opted to upgrade the bundled components to address the potential impact of these issues. Nessus Network Monitor 6.0.1 updates OpenSSL to version 1.1.1n and jQueryUI to 1.13.0 to address the identified vulnerabilities.
The WPGraphQL WordPress plugin before 0.3.5 doesn’t properly restrict access to information about other users’ roles on the affected site. Because of this, a remote attacker could forge a GraphQL query to retrieve the account roles of every user on the site.
IBM Cloud Pak System 2.3.0 through 2.3.3.3 Interim Fix 1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197498.
* Mon May 9 2022 Attila Lakatos <alakatos@redhat.com> – 8.2204.0-1
– rebase to 8.2204.0
resolves: rhbz#1951970
– CVE-2022-24903 rsyslog: Heap-based overflow in TCP syslog server
resolves: rhbz#2082302
