Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ppdev: An error check was added in registerdevice. In registerdevice, the return value of idasimpleget is unchecked. In this case, idasimpleget will use an invalid index value. To address this issue, the index should be checked...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005061)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005061 advisory. In the Linux kernel, the following vulnerability has been resolved: ppdev: Add an error check in registerdevice In registerdevice, the return value of idasimpleget i...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003792)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003792 advisory. A memory leak in the ipmibmcregister function in drivers/char/ipmi/ipmimsghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service...

EUVD-2022-0725

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-36015

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ppdev: Add an error check in registerdevice In registerdevice, the return value of...

DEBIAN-CVE-2022-48934

In the Linux kernel, the following vulnerability has been resolved: nfp: flower: Fix a potential leak in nfptunneladdsharedmac idasimpleget returns an id between min 0 and max NFPMAXMACINDEX inclusive. So NFPMAXMACINDEX 0xff is a valid id. In order for the error handling path to work correctly, t...

SUSE CVE-2024-36015

In the Linux kernel, the following vulnerability has been resolved: ppdev: Add an error check in registerdevice In registerdevice, the return value of idasimpleget is unchecked, in witch idasimpleget will use an invalid index value. To address this issue, index should be checked after idasimplege...

DEBIAN-CVE-2024-36015

In the Linux kernel, the following vulnerability has been resolved: ppdev: Add an error check in registerdevice In registerdevice, the return value of idasimpleget is unchecked, in witch idasimpleget will use an invalid index value. To address this issue, index should be checked after idasimplege...

UBUNTU-CVE-2024-36015

In the Linux kernel, the following vulnerability has been resolved: ppdev: Add an error check in registerdevice In registerdevice, the return value of idasimpleget is unchecked, in witch idasimpleget will use an invalid index value. To address this issue, index should be checked after idasimplege...

DEBIAN-CVE-2021-47361

In the Linux kernel, the following vulnerability has been resolved: mcb: fix error handling in mcballocbus There are two bugs: 1 If idasimpleget fails then this code calls putdevicecarrier but we haven't yet called getdevicecarrier and probably that leads to a use after free. 2 After...

SUSE CVE-2019-19046

A memory leak in the ipmibmcregister function in drivers/char/ipmi/ipmimsghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service memory consumption by triggering idasimpleget failure, aka CID-4aa7afb0ee20. NOTE: third parties dispute the relevance of this becau...

CVE-2022-4147

Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. Simple GET or POST requests made with XMLHttpRequest are the ones which have no event listeners registered on the object returned by the XMLHttpRequest upload property and have no ReadableStream object used in...

@garment/plugin-runner-publish (>=0.13.7 <=0.18.0), bower-npm-resolver (=0.11.0) +4 more potentially affected by CVE-2022-0355 via simple-get (=3.0.3)

simple-get NPM version =3.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on simple-get and may be impacted: - @garment/plugin-runner-publish =0.13.7, =3.2.4, =2.0.3, =2.0.5 Source cves: CVE-2022-0355 Source advisory: OSV:GHSA-WPG7-2C88-R8XV...

high-availability-object-storage (=0.1.8), saz-tools (>=0.0.10 <=0.0.17) potentially affected by CVE-2022-0355 via simple-get (=4.0.0)

simple-get NPM version =4.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on simple-get and may be impacted: - high-availability-object-storage =0.1.8 - saz-tools =0.0.10, =0.0.17 Source cves: CVE-2022-0355 Source advisory: OSV:GHSA-WPG7-2C88-R8XV...

Exposure of Sensitive Information in simple-get

In versions of simple-get prior to 4.0.1, 3.1.1, and 2.8.2, when fetching a remote url with a cookie location response, headers will be followed, potentially resulting in an exposure of the session cookie to a third party...

3drudder-js (>=1.0.0 <=2.0.7), @131/fuse-bindings (>=2.11.0 <=2.11.1) +833 more potentially affected by CVE-2022-0355 via simple-get (>=1.4.3 <=2.7.1)

simple-get NPM version =1.4.3, =1.0.0, =2.11.0, =1.16.0, =1.0.2, =1.0.0, =1.0.0, =1.0.8, =1.0.0, =1.6.0, =0.2.1, =0.2.75, =0.3.4 and more Source cves: CVE-2022-0355 Source advisory: OSV:GHSA-WPG7-2C88-R8XV...

GHSA-WPG7-2C88-R8XV Exposure of Sensitive Information in simple-get

In versions of simple-get prior to 4.0.1, 3.1.1, and 2.8.2, when fetching a remote url with a cookie location response, headers will be followed, potentially resulting in an exposure of the session cookie to a third party...

CVE-2022-0355

Improper Removal of Sensitive Information Before Storage or Transfer in NPM simple-get prior to 4.0.1...

CVE-2022-0355

CVE-2022-0355 affects the Node.js package simple-get (versions earlier than 4.0.1). The root cause is improper handling of sensitive data before storage or transfer, allowing exposure of session cookies when fetching remote URLs. Impact can include session hijacking or unauthorized access, depend...

Simple-Get 信息泄露漏洞

Simple-Get is one of the simplest ways to make Http get requests in the US. An information disclosure vulnerability exists in simple-get that stems from exposing sensitive information to unauthorized participants in NPM...