MiracleLinux 9 : firefox-102.7.0-1.el9.ML.1 (AXSA:2023-5064:08)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-5064:08 advisory. Mozilla: libusrsctp library out of date CVE-2022-46871 Mozilla: Arbitrary file read from GTK drag and drop on Linux CVE-2023-23598 Mozilla: Memory...

EUVD-2026-1027

SnapGear Management Console SG560 version 3.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft a malicious web page that automatically submits a form to create a new super user account with full...

CVE-2022-1027

The Page Restriction WordPress WP WordPress plugin before 1.2.7 allows bad actors with administrator privileges to the settings page to inject Javascript code to its settings leading to stored Cross-Site Scripting that will only affect administrator users...

CVE-2021-1027

In setTransactionState of SurfaceFlinger, there is possible arbitrary code execution in a privileged process due to improper casting. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2020-1027

An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0913, CVE-2020-1000, CVE-2020-1003...

CVE-2013-1027

Installer in Apple Mac OS X before 10.8.5 provides an option to continue a package's installation after encountering a revoked certificate, which might allow user-assisted remote attackers to execute arbitrary code via a crafted package...

RHSA-2024:1027

creationtimestamp| type| source ---|---|--- 2024-02-28 20:16:55+00:00| seen| https://t.me/ctinow/195823...

CVE-2024-1027

CVE-2024-1027 is a vulnerability in the Post Handler of SourceCodester Facebook News Feed Like 1.0. Affected is an unknown function in Post Handler, with an unrestricted file upload vulnerability that can be exploited remotely. Multiple connected sources corroborate the issue, describing a critic...

CVE-2024-1027 SourceCodester Facebook News Feed Like Post unrestricted upload

A vulnerability, which was classified as critical, was found in SourceCodester Facebook News Feed Like 1.0. Affected is an unknown function of the component Post Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The identifier of this...

Ubuntu: Security Advisory (USN-6192-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated unarj packages fix security vulnerability

Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames. CVE-2004-0947 Directory traversal vulnerability in the -x extract command line option in unarj allows remote attackers to overwrite arbitrary files via an ar...

CVE-2023-1027

creationtimestamp| type| source ---|---|--- 2023-02-28 16:29:22+00:00| seen| https://t.me/cibsecurity/59095...

CVE-2023-1027

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the checkAllCategoryInSitemap function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to obtain post...

CVE-2023-1027

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the checkAllCategoryInSitemap function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to obtain post...

CVE-2023-1027

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the checkAllCategoryInSitemap function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to obtain post...

CVE-2023-1027

The CVE-2023-1027 issue affects the WP Meta SEO WordPress plugin up to version 4.5.3. Root cause: missing capability check in checkAllCategoryInSitemap, relying on nonce-based access control. Impact: authenticated users with subscriber-level access can generate sitemap data and obtain post catego...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2023-1027)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-1027

The Page Restriction WordPress WP WordPress plugin before 1.2.7 allows bad actors with administrator privileges to the settings page to inject Javascript code to its settings leading to stored Cross-Site Scripting that will only affect administrator users...

CVE-2022-1027 Page Restriction WordPress < 1.2.7 - Admin+ Stored Cross-Site Scripting

The Page Restriction WordPress WP WordPress plugin before 1.2.7 allows bad actors with administrator privileges to the settings page to inject Javascript code to its settings leading to stored Cross-Site Scripting that will only affect administrator users...

CVE-2022-1027

The CVE concerns the WordPress Page Restriction plugin (before 1.2.7). The vulnerability allows an administrator with settings-page access to inject JavaScript into the plugin’s settings, causing stored XSS that affects administrator users. Root cause: improper handling of input in the settings p...