1891 matches found
CVE-2025-43810
Insecure Direct Object Reference IDOR vulnerability with commerce order notes in Liferay Portal 7.3.5 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote authenticated users to from one virtual instance to add a...
CVE-2025-43810
Insecure Direct Object Reference IDOR vulnerability with commerce order notes in Liferay Portal 7.3.5 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote authenticated users to from one virtual instance to add a...
CVE-2025-43810
Insecure Direct Object Reference IDOR vulnerability with commerce order notes in Liferay Portal 7.3.5 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote authenticated users to from one virtual instance to add a...
CVE-2025-43810
CVE-2025-43810 affects Liferay Portal and Liferay DXP, where an insecure direct object reference via the parameter _com_liferay_commerce_order_web_internal_portlet_CommerceOrderPortlet_commerceOrderId allows a remote authenticated user to add a note to an order in a different virtual instance. Af...
IMDS Abused: Hunting Rare Behaviors to Uncover Exploits
When common processes start asking the wrong questions...
Sensitive Information Disclosure
Liferay Portal is vulnerable to Sensitive Information Disclosure.The vulnerability is due to improper tenant isolation because admin users of a virtual instance can add pages outside the default instance, allowing tenants to enumerate all other tenants...
PT-2025-39087
Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.3.5 through 7.4.3.112 Liferay DXP versions 2023.Q4.0 through 2023.Q4.8 Liferay DXP versions 2023.Q3.1 through 2023.Q3.10 Liferay versions 7.4 GA through update 92 Description An Insecure Direct Object Reference IDOR...
SUSE CVE-2023-53375
In the Linux kernel, the following vulnerability has been resolved: tracing: Free error logs of tracing instances When a tracing instance is removed, the error messages that hold errors that occurred in the instance needs to be freed. The following reports a memory leak: cd /sys/kernel/tracing...
CVE-2023-53375
In the Linux kernel, the following vulnerability has been resolved: tracing: Free error logs of tracing instances When a tracing instance is removed, the error messages that hold errors that occurred in the instance needs to be freed. The following reports a memory leak: cd /sys/kernel/tracing...
CVE-2023-53375
In the Linux kernel, the following vulnerability has been resolved: tracing: Free error logs of tracing instances When a tracing instance is removed, the error messages that hold errors that occurred in the instance needs to be freed. The following reports a memory leak: cd /sys/kernel/tracing...
DEBIAN-CVE-2023-53375
In the Linux kernel, the following vulnerability has been resolved: tracing: Free error logs of tracing instances When a tracing instance is removed, the error messages that hold errors that occurred in the instance needs to be freed. The following reports a memory leak: cd /sys/kernel/tracing...
CVE-2023-53375 tracing: Free error logs of tracing instances
In the Linux kernel, the following vulnerability has been resolved: tracing: Free error logs of tracing instances When a tracing instance is removed, the error messages that hold errors that occurred in the instance needs to be freed. The following reports a memory leak: cd /sys/kernel/tracing...
CVE-2023-53375
In the Linux kernel, the following vulnerability has been resolved: tracing: Free error logs of tracing instances When a tracing instance is removed, the error messages that hold errors that occurred in the instance needs to be freed. The following reports a memory leak: cd /sys/kernel/tracing...
CVE-2023-53375 tracing: Free error logs of tracing instances
In the Linux kernel, the following vulnerability has been resolved: tracing: Free error logs of tracing instances When a tracing instance is removed, the error messages that hold errors that occurred in the instance needs to be freed. The following reports a memory leak: cd /sys/kernel/tracing...
CVE-2023-53375
The CVE refers to a Linux kernel tracing issue: when a tracing instance is removed, the error logs from that instance were not freed, causing a memory leak reported by kmemleak. The problem statement and example trace are provided in the initial document, and connected advisories (EulerOS kernel ...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the failure to release error logs when removing a trace instance, which could lead to a memory leak...
UBUNTU-CVE-2022-50319
In the Linux kernel, the following vulnerability has been resolved: coresight: trbe: remove cpuhp instance node before remove cpuhp state cpuhpstateaddinstance and cpuhpstateremoveinstance should be used in pairs. Or there will lead to the warn on cpuhpremovemultistate since the cpuhpstep list is...
CVE-2022-50319
CVE-2022-50319 affects the Linux kernel’s coresight/trbe path. The vulnerability stems from cpuhp_state_add_instance() and cpuhp_state_remove_instance() not being used in proper pairs, which can trigger a warning in cpuhp_remove_multi_state() due to a non-empty cpuhp_step list, potentially leavin...
CVE-2022-50319 coresight: trbe: remove cpuhp instance node before remove cpuhp state
In the Linux kernel, the following vulnerability has been resolved: coresight: trbe: remove cpuhp instance node before remove cpuhp state cpuhpstateaddinstance and cpuhpstateremoveinstance should be used in pairs. Or there will lead to the warn on cpuhpremovemultistate since the cpuhpstep list is...
CVE-2022-50319 coresight: trbe: remove cpuhp instance node before remove cpuhp state
In the Linux kernel, the following vulnerability has been resolved: coresight: trbe: remove cpuhp instance node before remove cpuhp state cpuhpstateaddinstance and cpuhpstateremoveinstance should be used in pairs. Or there will lead to the warn on cpuhpremovemultistate since the cpuhpstep list is...