βΌ CVE-2021-41277 βΌ
π Read
via "National Vulnerability Database".
Metabase is an open source data analytics platform. In affected versions a security issue has been discovered with the custom GeoJSON map (`admin->settings->maps->custom maps->add a map`) support and potential local file inclusion (including environment variables). URLs were not validated prior to being loaded. This issue is fixed in a new maintenance release (0.40.5 and 1.40.5), and any subsequent release after that. If youΓΒ’Γ’β¬ÒβΒ’re unable to upgrade immediately, you can mitigate this by including rules in your reverse proxy or load balancer or WAF to provide a validation filter before the application.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33091 βΌ
π Read
via "National Vulnerability Database".
Insecure inherited permissions in the installer for the Intel(R) NUC M15 Laptop Kit audio driver pack before version 1.3 may allow an authenticated user to potentially enable escalation of privilege via local access.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0096 βΌ
π Read
via "National Vulnerability Database".
Improper authentication in the software installer for the Intel(R) NUC HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN, NUC7i7DN before version 1.78.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0198 βΌ
π Read
via "National Vulnerability Database".
Improper access control in the firmware for the Intel(R) Ethernet Network Controller E810 before version 1.5.5.6 may allow a privileged user to potentially enable a denial of service via local access.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0120 βΌ
π Read
via "National Vulnerability Database".
Improper initialization in the installer for some Intel(R) Graphics DCH Drivers for Windows 10 before version 27.20.100.9316 may allow an authenticated user to potentially enable denial of service via local access.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43551 βΌ
π Read
via "National Vulnerability Database".
A remote attacker with write access to PI Vision could inject code into a display. Unauthorized information disclosure, modification, or deletion is possible if a victim views or interacts with the infected display using Microsoft Internet Explorer. The impact affects PI System data and other data accessible with victimΓ’β¬β’s user permissions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0082 βΌ
π Read
via "National Vulnerability Database".
Uncontrolled search path in software installer for Intel(R) PROSet/Wireless WiFi in Windows 10 may allow an authenticated user to potentially enable escalation of privilege via local access.π Read
via "National Vulnerability Database".
βΌ CVE-2020-8741 βΌ
π Read
via "National Vulnerability Database".
Improper permissions in the installer for the Intel(R) Thunderbolt(TM) non-DCH driver, all versions, for Windows may allow an authenticated user to potentially enable escalation of privilege via local access.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0180 βΌ
π Read
via "National Vulnerability Database".
Uncontrolled resource consumption in the Intel(R) HAXM software before version 7.6.6 may allow an unauthenticated user to potentially enable privilege escalation via local access.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41164 βΌ
π Read
via "National Vulnerability Database".
CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter (ACF) module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been recognized and patched. The fix will be available in version 4.17.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0121 βΌ
π Read
via "National Vulnerability Database".
Improper access control in the installer for some Intel(R) Iris(R) Xe MAX Dedicated Graphics Drivers for Windows 10 before version 27.20.100.9466 may allow authenticated user to potentially enable escalation of privilege via local access.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0069 βΌ
π Read
via "National Vulnerability Database".
Improper input validation in firmware for some Intel(R) PROSet/Wireless WiFi in multiple operating systems and some Killer(TM) WiFi in Windows 10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33086 βΌ
π Read
via "National Vulnerability Database".
Out-of-bounds write in firmware for some Intel(R) NUCs may allow an authenticated user to potentially enable denial of service via local access.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33059 βΌ
π Read
via "National Vulnerability Database".
Improper input validation in the Intel(R) Administrative Tools for Intel(R) Network Adapters driver for Windows before version 1.4.0.15, may allow a privileged user to potentially enable escalation of privilege via local access.π Read
via "National Vulnerability Database".
β Fake Ransomware Infection Hits WordPress Sites β
π Read
via "Threat Post".
WordPress sites have been splashed with ransomware warnings that are as real as dime-store cobwebs made out of spun polyester.π Read
via "Threat Post".
Threat Post
Fake Ransomware Infection Hits WordPress Sites
WordPress sites have been splashed with ransomware gore thatβs as real as dime-store cobwebs made out of spun polyester.
β Netflix Bait: Phishers Target Streamers with Fake Service Signups β
π Read
via "Threat Post".
Lures dressed up to look like movie and TV streaming offers are swiping payment data.π Read
via "Threat Post".
Threat Post
Netflix Bait: Phishers Target Streamers with Fake Service Signups
Lures dressed up to look like movie and TV streaming offers are swiping payment data.
π΄ Can I Have XDR Without EDR? π΄
π Read
via "Dark Reading".
Yes, extended detection and response is possible without endpoint detection and response, but here's why having both is helpful.π Read
via "Dark Reading".
Dark Reading
Can I Have XDR Without EDR?
Yes, extended detection and response is possible without endpoint detection and response, but here's why having both is helpful.
βΌ CVE-2021-43997 βΌ
π Read
via "National Vulnerability Database".
Amazon FreeRTOS 10.2.0 through 10.4.5 on the ARMv7-M and ARMv8-M MPU platforms does not prevent non-kernel code from calling the xPortRaisePrivilege and vPortResetPrivilege internal functions. This is fixed in 10.4.6 and in 10.4.3-LTS Patch 2.π Read
via "National Vulnerability Database".
π΄ CISA Releases Incident and Vulnerability Response Playbooks to Strengthen Cybersecurity for Federal Civilian Agencies π΄
π Read
via "Dark Reading".
Effort part of President Bidenβs executive order to improve the nationβs sybersecurity.π Read
via "Dark Reading".
Dark Reading
CISA Releases Incident and Vulnerability Response Playbooks to Strengthen Cybersecurity for Federal Civilian Agencies
Effort part of President Bidenβs executive order to improve the nationβs sybersecurity.
π΄ Sift Acquires Passwordless Authentication Pioneer Keyless to Provide Secure, Frictionless Authentication π΄
π Read
via "Dark Reading".
Biometric authentication innovator eliminates password-based account takeover and enables PSD2 Strong Customer Authentication while preserving user privacy.π Read
via "Dark Reading".
Dark Reading
Sift Acquires Passwordless Authentication Pioneer Keyless to Provide Secure, Frictionless Authentication
Biometric authentication innovator eliminates password-based account takeover and enables PSD2 Strong Customer Authentication while preserving user privacy.
π΄ Palo Alto Networks Delivers What's Next in Security at Ignite '21 π΄
π Read
via "Dark Reading".
Cybersecurity company introduces solutions aimed at network security, cloud security and security operations.π Read
via "Dark Reading".
Dark Reading
Palo Alto Networks Delivers What's Next in Security at Ignite '21
Cybersecurity company introduces solutions aimed at network security, cloud security and security operations.