CVE-2021-21372

Nimble is a package manager for the Nim programming language. In Nim release version before versions 1.2.10 and 1.4.4, Nimble doCmd is used in different places and can be leveraged to execute arbitrary commands. An attacker can craft a malicious entry in the packages.json package list to trigger...

Nimble 信任管理问题漏洞

Nimble is an open source package manager for the Nim programming language. A trust management issue vulnerability exists in Nimble versions 1.2.10 and 1.4.4, which can be exploited by an attacker to deliver a modified list of packages containing malware packages, leading to untrusted code executi...

Adobe Fixes Critical ColdFusion Flaw in Emergency Update

In an unscheduled security update, Adobe is warning of a critical security flaw in its ColdFusion platform, used for building web applications. The security alert comes two weeks after Adobe’s regularly-scheduled updates. During these updates, the tech company issued patches for a slew of critica...

Convuster: macOS adware now in Rust

Introduction Traditionally, most malicious objects detected on the macOS platform are adware: besides the already familiar Shlayer family, the TOP 10 includes Bnodlero, Cimpli, Adload and Pirrit adware. As a rule, most tend to be written in C, Objective-C or Swift. Recently, however, cybercrimina...

Moderate: Red Hat Security Advisory: perl security update

An update for perl is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

Debian: Security Advisory (DLA-2591-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-2592-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Researchers Spotted Malware Written in Nim Programming Language

Cybersecurity researchers have unwrapped an "interesting email campaign" undertaken by a threat actor that has taken to distributing a new malware written in Nim programming language. Dubbed "NimzaLoader" by Proofpoint researchers, the development marks one of the rare instances of Nim malware...

Researchers Spotted Malware Written in Nim Programming Language

Cybersecurity researchers have unwrapped an "interesting email campaign" undertaken by a threat actor that has taken to distributing a new malware written in Nim programming language. Dubbed "NimzaLoader" by Proofpoint researchers, the development marks one of the rare instances of Nim malware...

Rust Resource Management Error Vulnerability (CNVD-2021-17263)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in scratchpad crate before 1.3.1 for Rust, which stems from the move elements function being able to use double free. no details of the vulnerability are currently available...

Rust Resource Management Error Vulnerability

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in toodee crate before 0.3.0 for Rust, which stems from causing a double free when the iterator is panic.No details of the vulnerability are provided at this time...

Unspecified Vulnerability in Rust (CNVD-2021-17265)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in toodee crate before 0.3.0 for Rust, which can be exploited by an attacker to read the contents of uninitialized memory locations...

Rust Buffer Overflow Vulnerability (CNVD-2021-17258)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A buffer overflow vulnerability exists in quinn crate before 0.7.0 for Rust, which stems from having invalid memory access to certain versions of the standard library. No details of the vulnerability are current...

Rust Number Error Vulnerability

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in bam crate before 0.1.3 for Rust, which stems from an integer underflow and out-of-bounds write during loading of a bgzip block, no details of the vulnerability are provided at...

Rust Buffer Overflow Vulnerability (CNVD-2021-17261)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A buffer overflow vulnerability exists in bytestruct crate before 0.6.1 for Rust, which stems from a problem with the deserialization method that results in the loss of uninitialized memory. No details of the...

Rust Resource Management Error Vulnerability (CNVD-2021-17260)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A resource management error vulnerability exists in stackdst crate before 0.6.1 for Rust, which stems from the pushinner behavior, with double free at val.clone.No detailed vulnerability details are provided at...

Go Denial of Service Vulnerability (CNVD-2021-19693)

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. The archive/zip in Go is not working when attempting to use Reader.zip on zip archive files with filenames starting with . / begins with a ZIP archive file using the Reader.Open A...

CVE-2021-27918

encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader for xml.NewTokenDecoder returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method...

Nim-Based Malware Loader Spreads Via Spear-Phishing Emails

The TA800 threat group is distributing a malware loader, which researchers call NimzaLoader, via ongoing, highly-targeted spear-phishing emails. While previous Twitter analysis identified this loader as a mere variant of TA800’s existing BazaLoader malware, new research cites evidence that...

USN-4758-1: Go vulnerability

It was discovered that Go applications incorrectly handled uploaded content. If a user were tricked into visiting a malicious page, a remote attacker could exploit this with a crafted file to conduct cross-site scripting XSS attacks...