‼ CVE-2021-33089 ‼
📖 Read
via "National Vulnerability Database".
Improper access control in the software installer for the Intel(R) NUC HDMI Firmware Update Tool for NUC8i3BE, NUC8i5BE, NUC8i7BE before version 1.78.4.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41190 ‼
📖 Read
via "National Vulnerability Database".
The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents that contain both “manifestsâ€? and “layersâ€? fields could be interpreted as either a manifest or an index in the absence of an accompanying Content-Type header. If a Content-Type header changed between two pulls of the same digest, a client may interpret the resulting content differently. The OCI Distribution Specification has been updated to require that a mediaType value present in a manifest or index match the Content-Type header used during the push and pull operations. Clients pulling from a registry may distrust the Content-Type header and reject an ambiguous document that contains both “manifestsâ€? and “layersâ€? fields or “manifestsâ€? and “configâ€? fields if they are unable to update to version 1.0.1 of the spec.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41277 ‼
📖 Read
via "National Vulnerability Database".
Metabase is an open source data analytics platform. In affected versions a security issue has been discovered with the custom GeoJSON map (`admin->settings->maps->custom maps->add a map`) support and potential local file inclusion (including environment variables). URLs were not validated prior to being loaded. This issue is fixed in a new maintenance release (0.40.5 and 1.40.5), and any subsequent release after that. If you’re unable to upgrade immediately, you can mitigate this by including rules in your reverse proxy or load balancer or WAF to provide a validation filter before the application.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33091 ‼
📖 Read
via "National Vulnerability Database".
Insecure inherited permissions in the installer for the Intel(R) NUC M15 Laptop Kit audio driver pack before version 1.3 may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-0096 ‼
📖 Read
via "National Vulnerability Database".
Improper authentication in the software installer for the Intel(R) NUC HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN, NUC7i7DN before version 1.78.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-0198 ‼
📖 Read
via "National Vulnerability Database".
Improper access control in the firmware for the Intel(R) Ethernet Network Controller E810 before version 1.5.5.6 may allow a privileged user to potentially enable a denial of service via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-0120 ‼
📖 Read
via "National Vulnerability Database".
Improper initialization in the installer for some Intel(R) Graphics DCH Drivers for Windows 10 before version 27.20.100.9316 may allow an authenticated user to potentially enable denial of service via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43551 ‼
📖 Read
via "National Vulnerability Database".
A remote attacker with write access to PI Vision could inject code into a display. Unauthorized information disclosure, modification, or deletion is possible if a victim views or interacts with the infected display using Microsoft Internet Explorer. The impact affects PI System data and other data accessible with victim’s user permissions.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-0082 ‼
📖 Read
via "National Vulnerability Database".
Uncontrolled search path in software installer for Intel(R) PROSet/Wireless WiFi in Windows 10 may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-8741 ‼
📖 Read
via "National Vulnerability Database".
Improper permissions in the installer for the Intel(R) Thunderbolt(TM) non-DCH driver, all versions, for Windows may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-0180 ‼
📖 Read
via "National Vulnerability Database".
Uncontrolled resource consumption in the Intel(R) HAXM software before version 7.6.6 may allow an unauthenticated user to potentially enable privilege escalation via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41164 ‼
📖 Read
via "National Vulnerability Database".
CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter (ACF) module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been recognized and patched. The fix will be available in version 4.17.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-0121 ‼
📖 Read
via "National Vulnerability Database".
Improper access control in the installer for some Intel(R) Iris(R) Xe MAX Dedicated Graphics Drivers for Windows 10 before version 27.20.100.9466 may allow authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-0069 ‼
📖 Read
via "National Vulnerability Database".
Improper input validation in firmware for some Intel(R) PROSet/Wireless WiFi in multiple operating systems and some Killer(TM) WiFi in Windows 10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33086 ‼
📖 Read
via "National Vulnerability Database".
Out-of-bounds write in firmware for some Intel(R) NUCs may allow an authenticated user to potentially enable denial of service via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33059 ‼
📖 Read
via "National Vulnerability Database".
Improper input validation in the Intel(R) Administrative Tools for Intel(R) Network Adapters driver for Windows before version 1.4.0.15, may allow a privileged user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
❌ Fake Ransomware Infection Hits WordPress Sites ❌
📖 Read
via "Threat Post".
WordPress sites have been splashed with ransomware warnings that are as real as dime-store cobwebs made out of spun polyester.📖 Read
via "Threat Post".
Threat Post
Fake Ransomware Infection Hits WordPress Sites
WordPress sites have been splashed with ransomware gore that’s as real as dime-store cobwebs made out of spun polyester.
❌ Netflix Bait: Phishers Target Streamers with Fake Service Signups ❌
📖 Read
via "Threat Post".
Lures dressed up to look like movie and TV streaming offers are swiping payment data.📖 Read
via "Threat Post".
Threat Post
Netflix Bait: Phishers Target Streamers with Fake Service Signups
Lures dressed up to look like movie and TV streaming offers are swiping payment data.
🕴 Can I Have XDR Without EDR? 🕴
📖 Read
via "Dark Reading".
Yes, extended detection and response is possible without endpoint detection and response, but here's why having both is helpful.📖 Read
via "Dark Reading".
Dark Reading
Can I Have XDR Without EDR?
Yes, extended detection and response is possible without endpoint detection and response, but here's why having both is helpful.
‼ CVE-2021-43997 ‼
📖 Read
via "National Vulnerability Database".
Amazon FreeRTOS 10.2.0 through 10.4.5 on the ARMv7-M and ARMv8-M MPU platforms does not prevent non-kernel code from calling the xPortRaisePrivilege and vPortResetPrivilege internal functions. This is fixed in 10.4.6 and in 10.4.3-LTS Patch 2.📖 Read
via "National Vulnerability Database".
🕴 CISA Releases Incident and Vulnerability Response Playbooks to Strengthen Cybersecurity for Federal Civilian Agencies 🕴
📖 Read
via "Dark Reading".
Effort part of President Biden’s executive order to improve the nation’s sybersecurity.📖 Read
via "Dark Reading".
Dark Reading
CISA Releases Incident and Vulnerability Response Playbooks to Strengthen Cybersecurity for Federal Civilian Agencies
Effort part of President Biden’s executive order to improve the nation’s sybersecurity.