15 matches found
EUVD-2021-16092
Malware in sbrugna...
EUVD-2021-8682
Malicious code in bioql PyPI...
EUVD-2021-8683
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-29495
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nim is a statically typed compiled systems programming language. In Nim standard library before 1.4.2, httpClient SSL/TLS certificate verification was disabled ...
NimPlant - A Light-Weight First-Stage C2 Implant Written In Nim
ByCas van Cooten @chvancooten, with special thanks to some awesome folks: Fabian Mosch @S3cur3Th1sSh1t for sharing dynamic invocation implementation in Nim and the Ekko sleep mask function snovvcrash @snovvcrash for adding the initial version of execute-assembly & self-deleting implant option...
CVE-2022-23602
CVE-2022-23602 affects Nimforum prior to 2.2.0. A user can create a thread/post with an include pointing to a local file, causing Nimforum to render the file; this can also be triggered via the post preview endpoint. Consequence includes exposure of sensitive data such as forum.json secrets. Vers...
DEBIAN-CVE-2021-21372
Nimble is a package manager for the Nim programming language. In Nim release version before versions 1.2.10 and 1.4.4, Nimble doCmd is used in different places and can be leveraged to execute arbitrary commands. An attacker can craft a malicious entry in the packages.json package list to trigger...
Remote code execution
Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS by default. In case of error it falls back to a non-TLS URL http://irclogs.nim-lang.org/packages.json. An attacker...
CVE-2021-21373
Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS by default. In case of error it falls back to a non-TLS URL http://irclogs.nim-lang.org/packages.json. An attacker...
CVE-2021-21373 Nimble falls back to insecure http url when fetching packages
Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS by default. In case of error it falls back to a non-TLS URL http://irclogs.nim-lang.org/packages.json. An attacker...
CVE-2021-21372
Nimble is a package manager for the Nim programming language. In Nim release version before versions 1.2.10 and 1.4.4, Nimble doCmd is used in different places and can be leveraged to execute arbitrary commands. An attacker can craft a malicious entry in the packages.json package list to trigger...
Nimble 信任管理问题漏洞
Nimble is an open source package manager for the Nim programming language. A trust management issue vulnerability exists in Nimble versions 1.2.10 and 1.4.4, which can be exploited by an attacker to deliver a modified list of packages containing malware packages, leading to untrusted code executi...
Researchers Spotted Malware Written in Nim Programming Language
Cybersecurity researchers have unwrapped an "interesting email campaign" undertaken by a threat actor that has taken to distributing a new malware written in Nim programming language. Dubbed "NimzaLoader" by Proofpoint researchers, the development marks one of the rare instances of Nim malware...
Researchers Spotted Malware Written in Nim Programming Language
Cybersecurity researchers have unwrapped an "interesting email campaign" undertaken by a threat actor that has taken to distributing a new malware written in Nim programming language. Dubbed "NimzaLoader" by Proofpoint researchers, the development marks one of the rare instances of Nim malware...
Nim Input Validation Error Vulnerability
Nim is a statically typed programming language from the Nim community. An input validation error vulnerability exists in versions of Nim prior to 1.2.6, which stems from a failure of the standard library asyncftpclient to check whether a message contains line breaks. No details of the vulnerabili...