Drupal has released a security update to address a critical vulnerability in a third-party library with documented or deployed exploits available in the wild."The Drupal project uses the pear Archive_Tar library, which has released a security update that impacts Drupal," the Drupal security team said.Drupal is used by roughly 2.4% of all sites with content m

Security updates released this week by the developers of the Drupal content management system (CMS) patch a vulnerability identified in a third-party library.Core patches were made available for Drupal 9.1, 9.0, 8.9, and 7, to resolve a security flaw affecting PEAR Archive_Tar, and which also impacts Drupal. The third-party library has been designed to suppo

Yesterday, seven Dnsmasq vulnerabilities were disclosed, collectively known as DNSPooq, that attackers can use to launch DNS Cache Poisoning, denial of service, and possibly remote code execution attacks, on affected devices.Dnsmasq is a widely used open-source Domain Name System (DNS) forwarding application commonly installed on routers, oper

Google has released Chrome 88 to the stable channel with several security improvements inside, including patches for 36 vulnerabilities, one of which is rated critical severity, and dropped support for Adobe Flash.The removal of Flash support isn’t surprising, considering that the software reached end-of-life on December 31, 2020, and Adobe started blocking

This is the story of a vulnerability that was brought about by the incorrect use of an encryption technique. After it was discovered by researchers, the vulnerability was patched and that should have been the end of the story. Unfortunately the patch caused problems of its own, which made it very unpopular. Cybercriminals seized the opportunity to use the vu

Microsoft this week published a reminder for organizations that a February 9 security update will kick off the second phase of patching for the Zerologon vulnerability.Tracked as CVE-2020-1472 and addressed on August 2020 Patch Tuesday, the critical vulnerability was identified in the Microsoft Windows Netlogon Remote Protocol (MS-NRPC) and can be abused to

An undisclosed Cross-Site Scripting (XSS) vulnerability in Apache Velocity Tools can be exploited by unauthenticated attackers to target government sites, including NASA.Although 90 days have elapsed since the vulnerability was reported and patched, BleepingComputer is not aware of a formal disclosure made by the project.Apache Velocity i

A security researcher discovered a flaw in the F5 BIG-IP product that can be exploited to conduct denial-of-service (DoS) attacks. The security expert Nikita Abramov from Positive Technologies discovered a DoS vulnerability, tracked as CVE-2020-27716, that affects certain versions of F5 BIG-IP Access Policy Manager (APM). The F5 BIG-IP Access Policy Ma

A vulnerability discovered by a researcher in a BIG-IP product from F5 Networks can be exploited to launch remote denial-of-service (DoS) attacks.The security flaw was discovered by Nikita Abramov, a researcher at cybersecurity solutions provider Positive Technologies, and it impacts certain versions of BIG-IP Access Policy Manager (APM), a secure access sol

Security teams have an abundance of data, but most of it lacks the context necessary to improve remediation outcomes.Today, vulnerability management teams have so much data on hand that processing and analyzing it takes as much time as remediation efforts. This occurs in great part because each of the many tools used for remediating vulnerabilities provides

Every second Tuesday of the month it’s ‘Patch Tuesday’. On Patch Tuesday Microsoft habitually issues a lot of patches for bugs and vulnerabilities in its software. It’s always important to patch, but the update that was released on January 12 is one to pay attention to. That’s because it contains a patch for a vulnerability i

Online surveys and form building software as a service Typeform has patched an information hijacking vulnerability.The flaw which existed in Typeform's Zendesk Sell app integration could let attackers quietly redirect form submissions with potentially sensitive data to themselves.Typeform form IDs indexed by search eng

# Trovent Security Advisory 2010-01 ######################################Email address enumeration in reset password###########################################Overview########Advisory ID: TRSA-2010-01Advisory version: 1.0Advisory status: PublicAdvisory URL: https://trovent.io/security-advisory-2010-01Affected product: Web application Rocket.ChatAffected ver

A free micropatch fixing a local privilege escalation (LPE) vulnerability in Microsoft's Windows PsExec management tool is now available through the 0patch platform.PsExec is a fully interactive telnet-replacement that allows system admins to execute programs on remote systems. PsExec tool is also integrated into and used by enterprise tools to remotely laun

-----------------------------------------------------------------------------IPS Community Suite <= 4.5.4 (Downloads REST API) SQL Injection Vulnerability-----------------------------------------------------------------------------[-] Software Link:https://invisioncommunity.com[-] Affected Versions:Version 4.5.4 and prior versions.[-] Vulnerability Descri