27 matches found
CVE-2026-46128
A flaw was found in the Linux kernel's Intelligent Platform Management Interface IPMI subsystem. This vulnerability occurs when the kernel processes event message buffer responses from Baseboard Management Controllers BMCs. Some BMCs may return an empty message instead of an expected error, which...
EUVD-2021-2462
Malware in sbrugna...
EUVD-2022-29889
Malicious code in bioql PyPI...
CVE-2022-25146
The Remote App module in Liferay Portal Liferay Portal v7.4.3.4 through v7.4.3.8 and Liferay DXP 7.4 before update 5 does not check if the origin of event messages it receives matches the origin of the Remote App, allowing attackers to exfiltrate the CSRF token via a crafted event message...
Explorer for Microsoft Teams: "System event messages are unsupported."
Challenge When exploring Teams channel messages, some messages are listed with an empty Author and Subject value. Attempting to preview one of these messages causes the following warning to be displayed: System event messages are unsupported. Cause This warning occurs because system messages cann...
CVE-2020-35216
An issue in Atomix v3.1.5 allows attackers to cause a denial of service DoS via false member down event messages...
BIT-LIFERAY-2022-25146
The Remote App module in Liferay Portal Liferay Portal v7.4.3.4 through v7.4.3.8 and Liferay DXP 7.4 before update 5 does not check if the origin of event messages it receives matches the origin of the Remote App, allowing attackers to exfiltrate the CSRF token via a crafted event message...
Liferay Portal and Liferay DXP fails to check origin of event messages
The Remote App module before 2.0.21 from Liferay Portal v7.4.3.4 through v7.4.3.8 and Liferay DXP 7.4 before update 5 does not check if the origin of event messages it receives matches the origin of the Remote App, allowing attackers to exfiltrate the CSRF token via a crafted event message...
GHSA-GHW5-998M-VW4W Liferay Portal and Liferay DXP fails to check origin of event messages
The Remote App module before 2.0.21 from Liferay Portal v7.4.3.4 through v7.4.3.8 and Liferay DXP 7.4 before update 5 does not check if the origin of event messages it receives matches the origin of the Remote App, allowing attackers to exfiltrate the CSRF token via a crafted event message...
Liferay Portal Information Disclosure Vulnerability (CNVD-2022-19509)
Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB and JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay Portal has an information disclosure vulnerability that can be exploited by...
CVE-2022-25146
The Remote App module in Liferay Portal Liferay Portal v7.4.3.4 through v7.4.3.8 and Liferay DXP 7.4 before update 5 does not check if the origin of event messages it receives matches the origin of the Remote App, allowing attackers to exfiltrate the CSRF token via a crafted event message...
CVE-2022-25146
The Remote App module in Liferay Portal Liferay Portal v7.4.3.4 through v7.4.3.8 and Liferay DXP 7.4 before update 5 does not check if the origin of event messages it receives matches the origin of the Remote App, allowing attackers to exfiltrate the CSRF token via a crafted event message...
多款Liferay产品 访问控制错误漏洞
Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB and JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay Portal has an information disclosure vulnerability that can be exploited by...
GHSA-2FQW-684C-PVP7 An issue in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via false link event messages sent to a master ONOS node.
An issue in Atomix v3.1.5 allows attackers to cause a denial of service DoS via false link event messages sent to a master ONOS node...
CVE-2020-35213
An issue in Atomix v3.1.5 allows attackers to cause a denial of service DoS via false link event messages sent to a master ONOS node...
kernel: Use-after-free in userfaultfd_event_wait_completion function in userfaultfd.c
A flaw was found in the Linux kernel's handling of fork failure when dealing with event messages in the userfaultfd code. Failure to fork correctly can create a fork event that will be removed from an already freed list of events...
kernel: Use-after-free in userfaultfd_event_wait_completion function in userfaultfd.c
A flaw was found in the Linux kernel's handling of fork failure when dealing with event messages in the userfaultfd code. Failure to fork correctly can create a fork event that will be removed from an already freed list of events...
DEBIAN-CVE-2017-15126
A use-after-free flaw was found in fs/userfaultfd.c in the Linux kernel before 4.13.6. The issue is related to the handling of fork failure when dealing with event messages. Failure to fork correctly can lead to a situation where a fork event will be removed from an already freed list of events...
CVE-2017-15126
A use-after-free flaw was found in fs/userfaultfd.c in the Linux kernel before 4.13.6. The issue is related to the handling of fork failure when dealing with event messages. Failure to fork correctly can lead to a situation where a fork event will be removed from an already freed list of events...
CVE-2017-15126
A use-after-free flaw was found in fs/userfaultfd.c in the Linux kernel before 4.13.6. The issue is related to the handling of fork failure when dealing with event messages. Failure to fork correctly can lead to a situation where a fork event will be removed from an already freed list of events...