Lucene search
+L

6 matches found

Tenable Nessus
Tenable Nessus
added 2022/08/28 12:0 a.m.35 views

openSUSE 15 Security Update : nim (openSUSE-SU-2022:10101-1)

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10101-1 advisory. Includes upstream security fixes for: boo1175333, CVE-2020-15693 httpClient is vulnerable to a CR-LF injection boo1175334, CVE-2020-15692...

10CVSS7.2AI score0.04205EPSS
Exploits7References26
OSV
OSV
added 2022/08/24 2:33 a.m.3 views

OPENSUSE-SU-2022:10095-1 Security update for nim

This update for nim fixes the following issues: Includes upstream security fixes for: boo1175333, CVE-2020-15693 httpClient is vulnerable to a CR-LF injection boo1175334, CVE-2020-15692 mishandle of argument to browsers.openDefaultBrowser boo1175332, CVE-2020-15694 httpClient.get.contentLength...

10CVSS8.1AI score0.04205EPSS
Exploits7References19
OpenVAS
OpenVAS
added 2021/04/27 12:0 a.m.26 views

openSUSE: Security Advisory for nim (openSUSE-SU-2021:0618-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.8CVSS7.2AI score0.03635EPSS
Exploits3References2
NVD
NVD
added 2021/03/26 10:15 p.m.24 views

CVE-2021-21373

Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS by default. In case of error it falls back to a non-TLS URL http://irclogs.nim-lang.org/packages.json. An attacker...

7.5CVSS0.01155EPSS
Exploits1References3
Cvelist
Cvelist
added 2021/03/26 9:25 p.m.21 views

CVE-2021-21373 Nimble falls back to insecure http url when fetching packages

Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS by default. In case of error it falls back to a non-TLS URL http://irclogs.nim-lang.org/packages.json. An attacker...

7.5CVSS8.4AI score0.01155EPSS
Exploits1References3
CVE
CVE
added 2021/03/26 9:25 p.m.183 views

CVE-2021-21373

CVE-2021-21373 affects Nimble, the Nim package manager. The issue arises when nimble refresh fetches the package list over HTTPS but falls back to an insecure HTTP URL on error, enabling a MitM to deliver a malicious package list. If affected packages are installed, this can lead to untrusted cod...

7.5CVSS7.2AI score0.01155EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder