Drupal Patches Information Disclosure Vulnerabilities: a Comprehensive Overview

The Drupal project recently patched several information disclosure vulnerabilities that could affect websites using certain versions of the open-source CMS. It is important for organizations to understand these security issues and to make sure their websites are properly updated to prevent cyber attacks targeting confidential information. Drupal is an open-source content management system (CMS) used by millions of websites around the globe. Recently, several vulnerabilities have been identified in Drupal 8.3.x and 8.4.x that could have allowed attackers to access sensitive information. These vulnerabilities have been fixed with the release of Drupal 8.3.3 and 8.4.3. The information disclosure issues could have exposed email addresses, IP addresses, as well as other confidential data. It is important to note that these vulnerabilities only affected websites running a specific version of Drupal and cannot be exploited on sites running an updated version of the CMS. Organizations should take data protection seriously and ensure their websites are updated to the latest version of Drupal. It is also important to note that other security measures should also be taken to protect confidential data from malicious actors. These measures could include regular risk assessments, information integrity tests, patch management procedures, security threat detection and response, as well as network security and malware protection. Overall, the Drupal project has taken the necessary measures to protect its users from the information disclosure vulnerabilities. Organizations should make sure their websites are properly updated to prevent Cyber attacks targeting sensitive information. Additionally, proper security measures should be taken at all levels to ensure the confidentiality of their data and prevent data breaches.

This Cyber News was published on www.securityweek.com. Publication date: Tue, 24 Jan 2023 03:31:02 +0000


Cyber News related to Drupal Patches Information Disclosure Vulnerabilities: a Comprehensive Overview

Comprehensive Cloud Monitoring Platforms: Ensuring - Platforms for comprehensive cloud monitoring come into play in this situation. In this article, we will explore the significance of comprehensive cloud monitoring platforms and delve into some leading solutions available in the market today. ...
10 months ago Feeds.dzone.com
Drupal Patches Information Disclosure Vulnerabilities: a Comprehensive Overview - The Drupal project recently patched several information disclosure vulnerabilities that could affect websites using certain versions of the open-source CMS. It is important for organizations to understand these security issues and to make sure their ...
1 year ago Securityweek.com
New ISC Security Patches Released for 2021: What You Need to Know - The Internet Systems Consortium (ISC), the largest provider of open-source Internet infrastructure software, has released new security patches designed to mitigate data breaches and other cyber threats. These new security patches, released in January ...
1 year ago Thehackernews.com
GitLab Patches: Severe SAML Authentication Bypass Flaw Fixed - Security Boulevard - In addition to these patches, OmniAuth SAML has been upgraded to version 2.2.1 and Ruby-SAML to 1.17.0. It’s worth mentioning that the issue only impacts self-managed instances; therefore, users of GitLab Dedicated instances do not need to take any ...
1 week ago Securityboulevard.com
Microsoft's January 2024 Patch Tuesday Addresses 49 Vulnerabilities, Including Two Critical Vulnerabilities - Microsoft's first Patch Tuesday of 2024 has arrived, and it's a significant one. The tech giant has released fixes for a total of 49 vulnerabilities, including 12 remote code execution vulnerabilities and two critical vulnerabilities. These ...
9 months ago Securityboulevard.com
Ivanti discloses new zero-day flaw, releases delayed patches - Ivanti Wednesday released patches for two critical zero-day vulnerabilities that were disclosed earlier this month, but also warned customers of two new flaws, including a new zero-day that's under exploitation in the wild. In a security advisory on ...
8 months ago Techtarget.com
CVE-2021-42044 - An issue was discovered in the Mentor dashboard in the GrowthExperiments extension in MediaWiki through 1.36.2. The Growthexperiments-mentor-dashboard-mentee-overview-add-filter-total-edits-headline, ...
3 years ago
An Argument for Coordinated Disclosure of New Exploits - There were more than 23,000 vulnerabilities discovered and disclosed. While not all of them had associated exploits, it has become more and more common for there to be a proverbial race to the bottom to see who can be the first to release an exploit ...
4 months ago Darkreading.com
JetBrains, Rapid7 clash over vulnerability disclosure policies - A dispute between software maker JetBrains and security vendor Rapid7 has highlighted ongoing concerns with coordinated vulnerability disclosure policies and practices. On March 4, JetBrains disclosed two critical vulnerabilities tracked as ...
6 months ago Techtarget.com
CVE-2007-1035 - Unspecified vulnerability in certain demonstration scripts in getID3 1.7.1, as used in the Mediafield and Audio modules for Drupal, allows remote attackers to read and delete arbitrary files, list arbitrary directories, and write to empty files or ...
7 years ago
Titanium and LogRhythm: Elevating Visibility into Cybersecurity Risks in Pakistan - Titanium stands as the information security division of Pakistan's leading ISP Cybernet. Over the years, the company has expanded into diverse technology services including nation's enterprise cloud service provider and pioneering managed security & ...
7 months ago Securityboulevard.com
Privacy Policy 2024 - Personal information is any information that identifies you or would enable someone to contact you, which may include your name, email address, phone number and other non-public information that is associated with such information. Information We ...
9 months ago Bitsight.com
21 Vulnerabilities in Sierra Wireless Routers Could Expose Critical Infrastructure to Attacks - Some Sierra Wireless cellular routers are affected by 21 vulnerabilities, including ones that could pose a significant risk to impacted organizations, including in critical infrastructure sectors, according to network security and risk management ...
10 months ago Securityweek.com
21 Vulnerabilities in Sierra Wireless Routers Could Expose Critical Infrastructure to Attacks - Some Sierra Wireless cellular routers are affected by 21 vulnerabilities, including ones that could pose a significant risk to impacted organizations, including in critical infrastructure sectors, according to network security and risk management ...
10 months ago Packetstormsecurity.com
How to Keep Your Data Secure: Leaks, Breaches, Patches and Tweaks - In today’s world, data security is more important than ever. With the rise of cybercrime, data breaches, and security threats, it’s essential to stay vigilant when it comes to protecting your data. In this article, we discuss the latest news on ...
1 year ago Nakedsecurity.sophos.com
Key software patch testing best practices - To ensure a predictable rollout when a patch is deployed across your network, it is important to test it first in a nonproduction environment. Companies install software and firmware patches to fix bugs, remove vulnerabilities and add new features, ...
5 months ago Techtarget.com
Threat Brief: Ivanti Vulnerabilities CVE-2023-46805 and CVE-2024-21887 - On Jan. 10, 2024, Ivanti disclosed two new vulnerabilities in their Ivanti Connect Secure and Ivanti Policy Secure gateways: CVE-2023-46805 and CVE-2024-21887. The first CVE is a High severity authentication bypass vulnerability, and the second CVE ...
8 months ago Unit42.paloaltonetworks.com
VMWare Patches Two Critical Vulnerabilities - How to Stay Secure - VMWare, one of the leading providers in virtualization solutions, recently released patches for two critical vulnerabilities. The vulnerabilities, identified as CVE-2023-10000 and CVE-2023-20001, have been determined to have severe security ...
1 year ago Thehackernews.com
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
4 months ago Securityaffairs.com
Top 10 NinjaOne Alternatives to Consider in 2024 - Atera: Best for IT teams needing a unified platform for network and device management, including patch management and automation. Kaseya VSA: Best for IT operations looking for comprehensive IT management including remote control, patch management, ...
3 months ago Heimdalsecurity.com
Tripwire Patch Priority Index for September 2024 | Tripwire - These patches resolve over 35 vulnerabilities, including elevation of privilege, information disclosure, security feature bypass, denial of service, and remote code execution vulnerabilities. First on the list are patches for Microsoft Excel, Visio, ...
1 week ago Tripwire.com
Revolutionizing WordPress Bug Bounty and Security: Latest Enhancements to the Wordfence Bug Bounty Program - Our team has triaged around 2,140 vulnerability submissions, with about 1,320 deemed in-scope. Together with our researchers and software vendors, we've protected millions of websites from vulnerabilities - and this is just the beginning. We're ...
4 months ago Wordfence.com
Google Patches 25 Android Flaws, Including Critical Privilege Escalation Bug - Google has released patches for 25 documented security vulnerabilities in the Android operating system, including a critical-severity flaw in the Framework component. The critical bug, tracked as CVE-2024-31320, impacts Android versions 12 and 12L ...
3 months ago Packetstormsecurity.com
Creating a formula for effective vulnerability prioritization - In this Help Net Security interview, Michael Gorelik, CTO and Head of Malware Research at Morphisec, provides insights into the business impact of vulnerabilities. Gorelik discusses challenges posed by regulatory frameworks, incomplete asset ...
9 months ago Helpnetsecurity.com
Critical Vulnerabilities Patched In OpenText Enterprise Content Management System - On April 30, Open Text released a security alert regarding nine critical vulnerabilities found in its Enterprise Content Management System (ECM). OpenText is a software vendor based in Waterloo, Canada, providing enterprise solutions for content, ...
1 year ago Securityweek.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)