web analytics

Drupal core – Moderately critical – Multiple vulnerabilities – SA-CORE-2022-015

Project: Drupal coreDate: 2022-July-20Security risk: Moderately critical 11∕25 AC:Complex/A:User/CI:Some/II:Some/E:Theoretical/TD:UncommonVulnerability: Multiple vulnerabilitiesDescription: The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities.This advisory is not covered by

More info:

https://www.drupal.org/sa-core-2022-015Leer másÚltimas Vulnerabilidades

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

Joas Antonio
Guide for Multi-Cloud Read Team AWS – GCP – AZURE by Joas Antonio
Guide for Multi-Cloud Read Team...
CISO2CISO Notepad Series
The sqreen DevSecOps Security Checklist
The sqreen DevSecOps Security Checklist
HADESS
DevSecOps Guides – Comprehensive resource for integrating security into the software development by HADESS
DevSecOps Guides – Comprehensive resource...
Splunk
81 Siem Very important Use Cases for your SOC by SPLUNK
81 Siem Very important Use...
NCSC
NCSC Cyber Security for Small Business “SMEs” Guide.
NCSC Cyber Security for Small...
RedHat
State of Kubernetes Security Report 2022 by RedHat
State of Kubernetes Security Report...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...
IZZMIER
Incident Response Playbooks & Workflows Ready for use in your SOC & Redteams
Incident Response Playbooks & Workflows...
LOGPOINT
396 Use Cases & Siem Rules Code ready for use for Mitre Attacks Events Detection in Your SOC by Logpoint
396 Use Cases & Siem...
Forrester - Allie Mellen
Adapt Or Die: XDR Is On A Collision Course With SIEM And SOAR – EDR Is Dead, Long Live XDR by Allie Mellen – Forrester
Adapt Or Die: XDR Is...
CYBER LEADERSHIP INTITUTE
CISO PLAYBOOK: FIRST 100 DAYS Setting the CISO up for success
CISO PLAYBOOK: FIRST 100 DAYS...

LASTEST PUBLISHED POSTS

Marcos Jaimovich
FIRST.Org CVSS V4.0 Releasead – Navigation the Evolution – Dive into CVSS 4.0 Unveiled by Marcos Jaimovich
FIRST.Org CVSS V4.0 Releasead –...
ministry of security
ZERO TRUST
ZERO TRUST
WIRESHARK FOR SECURITY PROFESSIONALS
WIRESHARK FOR SECURITY PROFESSIONALS
Common Windows, Linux and Web Server Systems Hacking Techniques
Common Windows, Linux and Web...
Windows
Windows – Privilege Escalation
Windows – Privilege Escalation
TRAFICOM
What to do in case of a ransomware incident – instructions for management
What to do in case...
OWASP
WEB APPLICATION PENTESTING CHECKLIST
WEB APPLICATION PENTESTING CHECKLIST
ACSC
Guidelines for secure AI system development
Guidelines for secure AI system...
TLP.CLEAR
PHISHING GUIDANCE: STOPPING THE ATTACK CYCLE AT PHASE ONE
PHISHING GUIDANCE: STOPPING THE ATTACK...
Computer & Communications Industry Association
State Landscape Privacy
State Landscape Privacy
Sage
Vendor Assessment Checklist
Vendor Assessment Checklist
Kaspersky
Updated MATA attacks industrial companies in Eastern Europe
Updated MATA attacks industrial companies...

More Latest Published Posts

Semperis
TOP 5 SCARIEST Identity Security Threats
TOP 5 SCARIEST Identity Security Threats
ENISA
ENISA THREAT LANDSCAPE 2023
ENISA THREAT LANDSCAPE 2023
Auditboard
Threat intelligence: Eyes on the enemy
Threat intelligence: Eyes on the enemy
ThreatRadar
Threat Intel Roundup: VMWare Aria, qBit, VBS, Redline
Threat Intel Roundup: VMWare Aria, qBit, VBS, Redline
ThreatRadar
Threat Intel Roundup: VCenter, fsutil, AsyncRAT, Linkedin
Threat Intel Roundup: VCenter, fsutil, AsyncRAT, Linkedin
Cybersecurity & Infrastructure Security Agency
CISA Playbooks Incident and Vulnerability Response
CISA Playbooks Incident and Vulnerability Response
Cybersecurity & Infrastructure Security Agency
CISA CYBERSECURITY STRATEGIC PLAN FY2024–2026
CISA CYBERSECURITY STRATEGIC PLAN FY2024–2026
CheckPoint
CHECKPOINT CYBER SECURITY REPORT 2023
CHECKPOINT CYBER SECURITY REPORT 2023
CYTAD
Checklist de Cibersegurad para PME
Checklist de Cibersegurad para PME
CCN Español
CCN CERT IA 35 23 Ciberamenazas y Tendencias
CCN CERT IA 35 23 Ciberamenazas y Tendencias
LOGPOINT
Cactus Ransomware
Cactus Ransomware
Australian Government
Business Continuity in a Box
Business Continuity in a Box
IGNITE Technologies
Burpsuite for Pentester Course
Burpsuite for Pentester Course
Thecyphere
Building Secure AWS Environments
Building Secure AWS Environments
Hades
Browser Attack Surface
Browser Attack Surface
Claro Empresas
Boletin de Ciberseguridad CSOC Claro Empresas
Boletin de Ciberseguridad CSOC Claro Empresas
TrustedSec
BloodHood Unleashed
BloodHood Unleashed
BELGIUM INTERNATIONAL CHAMBER OF COMMERCE
Belgian Cyber Security Guide
Belgian Cyber Security Guide
Securedebug
Azure DevOps Security CheckList
Azure DevOps Security CheckList
aws
AWS Best Practices for DDoS Resiliency
AWS Best Practices for DDoS Resiliency
osint - Open Source Intelligence
Awesome OSINT Open Source Intelligence
Awesome OSINT Open Source Intelligence
Awesome Cobalt BoF
Awesome Cobalt BoF
Auditboard
Audit Management Playbook
Audit Management Playbook
DevSecOps Guide
Attacking Against DevOps Environment
Attacking Against DevOps Environment
Eslam Hassan
Attacking Active Directory Initial Attack Vectors
Attacking Active Directory Initial Attack Vectors
ThreatRadar
Threat Intel Roundup: Splunk, D0nut, DarkGate, SentinelAgent
Threat Intel Roundup: Splunk, D0nut, DarkGate, SentinelAgent
ministry of security
Threat Hunting vs Threat Assesssment
Threat Hunting vs Threat Assesssment
Cyborg Security
THREAT HUNTING FRAMEWORK
THREAT HUNTING FRAMEWORK