87 matches found
MiracleLinux 4 : samba-3.6.23-43.AXS4 (AXSA:2017-1658:03)
The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2017-1658:03 advisory. Samba is the suite of programs by which a lot of PC-related machines share files, printers, and other information such as lists of available files and...
CVE-2024-1658
The Grid Shortcodes WordPress plugin before 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2022-1658
Vulnerable versions of the Jupiter Theme = 6.10.1 allow arbitrary plugin deletion by any authenticated user, including users with the subscriber role, via the abbremoveplugin AJAX action registered in the framework/admin/control-panel/logic/plugin-management.php file. Using this functionality, an...
CVE-2025-1658
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...
CVE-2025-1658 DWFX File Parsing Out-of-Bounds Read Vulnerability
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...
CVE-2025-1658 DWFX File Parsing Out-of-Bounds Read Vulnerability
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...
RHEL 9 : kernel (RHSA-2025:1658)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:1658 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Integer Overflow in...
IoT Devices in Password-Spraying Botnet
Microsoft is warning Azure cloud users that a Chinese controlled botnet is engaging in "highly evasive" password spraying. Not sure about the "highly evasive" part; the techniques seem basically what you get in a distributed password-guessing attack: "Any threat actor using the CovertNetwork-1658...
Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft
Microsoft has revealed that a Chinese threat actor it tracks as Storm-0940 is leveraging a botnet called Quad7 to orchestrate highly evasive password spray attacks. The tech giant has given the botnet the name CovertNetwork-1658, stating the password spray operations are used to steal credentials...
RHEL 4 : glibc (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - glibc: posixspawnfileactionsaddopen fails to copy the path argument CVE-2014-4043 - glibc: heap/stack gap...
CVE-2024-1658
creationtimestamp| type| source ---|---|--- 2024-03-18 17:26:54+00:00| seen| https://t.me/ctinow/210757 2024-03-18 17:31:59+00:00| seen| https://t.me/ctinow/210771 2025-03-27 21:27:42+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/9217...
CVE-2024-1658
The Grid Shortcodes WordPress plugin before 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-1658 Grid Shortcodes < 1.1.1 - Contributor+ Stored XSS
The Grid Shortcodes WordPress plugin before 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-1658
CVE-2024-1658 affects the Grid Shortcodes WordPress plugin prior to 1.1.1. The root cause is that the plugin does not validate and escape certain shortcode attributes before outputting them in a page/post, enabling a Stored XSS when the shortcode is embedded. Impact: users with the contributor ro...
Huawei EulerOS: Security Advisory for libtasn1 (EulerOS-SA-2023-1658)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux 2 : hivex (ALAS-2021-1658)
The version of hivex installed on the remote host is prior to 1.3.10-6.11. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2021-1658 advisory. A flaw was found in the hivex library. It is caused due to a lack of bounds check within the hivexopen function. An attacker coul...
CVE-2022-1658 Jupiter Theme <= 6.10.1 - Authenticated Arbitrary Plugin Deletion
Vulnerable versions of the Jupiter Theme = 6.10.1 allow arbitrary plugin deletion by any authenticated user, including users with the subscriber role, via the abbremoveplugin AJAX action registered in the framework/admin/control-panel/logic/plugin-management.php file. Using this functionality, an...
CVE-2022-1658
Vulnerability exists in WordPress Jupiter premium/theme (Jupiter Theme) versions up to 6.10.1, where an authenticated user can delete plugins via the abb_remove_plugin AJAX action (no capability/nonce checks). Affected sites using Jupiter Theme
CVE-2022-1658
creationtimestamp| type| source ---|---|--- 2022-05-19 15:47:01+00:00| seen| https://t.me/truesecator/2959 2022-06-13 18:17:54+00:00| seen| https://t.me/cibsecurity/44293...
Security Bulletin: Resilient is affected by a potential leak of internal information due to exposed generated source files (CVE-2017-1658)
Summary Security Bulletin: Resilient is affected by a potential leak of internal information due to exposed generated source files CVE-2017-1658 Vulnerability Details Summary Resilient has addressed the following vulnerability by removing external access to generated source files. Vulnerability...