#auth

Dell has notified some customers about a data breach reported to include 49 million records.

By Waqas Dell has announced a data breach, while a hacker using the alias Menelik is selling 49 million Dell customer data on the notorious Breach Forums. This is a post from HackRead.com Read the original post: Dell Discloses Data Breach As Hacker Sells 49 Million Customer Data

Under a pilot program, CISA has sent out more than 2,000 alerts to registered organizations regarding the existence of any unpatched vulnerabilities in CISA’s KEV catalog.

Openmediavault versions prior to 7.0.32 have a vulnerability that occurs when users in the web-admin group enter commands on the crontab by selecting the root shell. As a result of exploiting the vulnerability, authenticated web-admin users can run commands with root privileges and receive reverse shell connections.

RIOT versions 2024.01 and below suffers from multiple buffer overflows, ineffective size checks, and out-of-bounds memory access vulnerabilities.

Panel Amadey.d.c malware suffers from cross site scripting vulnerabilities.

Clinic Queuing System version 1.0 suffers from a remote code execution vulnerability.

Debian Linux Security Advisory 5685-1 - Several security vulnerabilities have been discovered in Wordpress, a popular content management framework, which may lead to exposure of sensitive information to an unauthorized actor in WordPress or allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack.

**Important: Exploiting this vulnerability requires the attacker to have access to your Frigate instance, which means they could also just delete all of your recordings or perform any other action. If you have configured authentication in front of Frigate via a reverse proxy, then this vulnerability is not exploitable without first getting around your authentication method. For many obvious reasons in addition to this one, please don't expose your Frigate instance publicly without any kind of authentication.** ## Summary When uploading a file or retrieving the filename, a user may intentionally use a large Unicode filename which would lead to a application-level denial of service. This is due to no limitation set on the length of the filename and the costy use of the Unicode normalization with the form NFKD under the hood of `secure_filename()`. I idenfied multiple vulnerable paths on [blakeblackshear/frigate](https://www.github.com/blakeblackshear/frigate/) repository. In all of th...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Historian SE Vulnerabilities: Missing Release of Resource after Effective Lifetime, Improper Check or Handling of Exceptional Conditions 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell Automation FactoryTalk Historian SE, a data management application, are affected: FactoryTalk Historian SE: Versions v9.0 and prior 3.2 Vulnerability Overview 3.2.1 MISSING RELEASE OF RESOURCE AFTER EFFECTIVE LIFETIME CWE-772 FactoryTalk Historian SE utilizes the AVEVA PI Server, which contains a vulnerability that could allow an unauthenticated user to cause a partial denial-of-service condition in the PI Message Subsystem of a PI Server by consuming available memory. This vulnerability exists in Fa...