1253 matches found
CVE-2021-21373 Nimble falls back to insecure http url when fetching packages
Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS by default. In case of error it falls back to a non-TLS URL http://irclogs.nim-lang.org/packages.json. An attacker...
CVE-2021-21373
Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS by default. In case of error it falls back to a non-TLS URL http://irclogs.nim-lang.org/packages.json. An attacker...
CVE-2021-21374
CVE-2021-21374 affects Nimble (Nim package manager) where Nimble refresh may fetch the package list over HTTPS without full SSL/TLS verification due to httpClient defaults, enabling a MitM to deliver a modified package list and installable packages. If such packages are installed, this can lead t...
CVE-2021-21372
Nimble is a package manager for the Nim programming language. In Nim release version before versions 1.2.10 and 1.4.4, Nimble doCmd is used in different places and can be leveraged to execute arbitrary commands. An attacker can craft a malicious entry in the packages.json package list to trigger...
Nimble 信任管理问题漏洞
Nimble is an open source package manager for the Nim programming language. A trust management issue vulnerability exists in Nimble versions 1.2.10 and 1.4.4, which can be exploited by an attacker to deliver a modified list of packages containing malware packages, leading to untrusted code executi...
Adobe Fixes Critical ColdFusion Flaw in Emergency Update
In an unscheduled security update, Adobe is warning of a critical security flaw in its ColdFusion platform, used for building web applications. The security alert comes two weeks after Adobe’s regularly-scheduled updates. During these updates, the tech company issued patches for a slew of critica...
Convuster: macOS adware now in Rust
Introduction Traditionally, most malicious objects detected on the macOS platform are adware: besides the already familiar Shlayer family, the TOP 10 includes Bnodlero, Cimpli, Adload and Pirrit adware. As a rule, most tend to be written in C, Objective-C or Swift. Recently, however, cybercrimina...
Moderate: Red Hat Security Advisory: perl security update
An update for perl is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...
Debian: Security Advisory (DLA-2591-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-2592-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Researchers Spotted Malware Written in Nim Programming Language
Cybersecurity researchers have unwrapped an "interesting email campaign" undertaken by a threat actor that has taken to distributing a new malware written in Nim programming language. Dubbed "NimzaLoader" by Proofpoint researchers, the development marks one of the rare instances of Nim malware...
Researchers Spotted Malware Written in Nim Programming Language
Cybersecurity researchers have unwrapped an "interesting email campaign" undertaken by a threat actor that has taken to distributing a new malware written in Nim programming language. Dubbed "NimzaLoader" by Proofpoint researchers, the development marks one of the rare instances of Nim malware...
Unspecified Vulnerability in Rust (CNVD-2021-17265)
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in toodee crate before 0.3.0 for Rust, which can be exploited by an attacker to read the contents of uninitialized memory locations...
Rust Resource Management Error Vulnerability (CNVD-2021-17260)
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A resource management error vulnerability exists in stackdst crate before 0.6.1 for Rust, which stems from the pushinner behavior, with double free at val.clone.No detailed vulnerability details are provided at...
Rust Number Error Vulnerability
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in bam crate before 0.1.3 for Rust, which stems from an integer underflow and out-of-bounds write during loading of a bgzip block, no details of the vulnerability are provided at...
Rust Resource Management Error Vulnerability
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in toodee crate before 0.3.0 for Rust, which stems from causing a double free when the iterator is panic.No details of the vulnerability are provided at this time...
Rust Resource Management Error Vulnerability (CNVD-2021-17263)
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in scratchpad crate before 1.3.1 for Rust, which stems from the move elements function being able to use double free. no details of the vulnerability are currently available...
Rust Buffer Overflow Vulnerability (CNVD-2021-17261)
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A buffer overflow vulnerability exists in bytestruct crate before 0.6.1 for Rust, which stems from a problem with the deserialization method that results in the loss of uninitialized memory. No details of the...
Rust Buffer Overflow Vulnerability (CNVD-2021-17258)
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A buffer overflow vulnerability exists in quinn crate before 0.7.0 for Rust, which stems from having invalid memory access to certain versions of the standard library. No details of the vulnerability are current...
Go Denial of Service Vulnerability (CNVD-2021-19693)
Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. The archive/zip in Go is not working when attempting to use Reader.zip on zip archive files with filenames starting with . / begins with a ZIP archive file using the Reader.Open A...