Go Denial of Service Vulnerability (CNVD-2021-19693)

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. The archive/zip in Go is not working when attempting to use Reader.zip on zip archive files with filenames starting with . / begins with a ZIP archive file using the Reader.Open A...

CVE-2021-27918

encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader for xml.NewTokenDecoder returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method...

Nim-Based Malware Loader Spreads Via Spear-Phishing Emails

The TA800 threat group is distributing a malware loader, which researchers call NimzaLoader, via ongoing, highly-targeted spear-phishing emails. While previous Twitter analysis identified this loader as a mere variant of TA800’s existing BazaLoader malware, new research cites evidence that...

USN-4758-1: Go vulnerability

It was discovered that Go applications incorrectly handled uploaded content. If a user were tricked into visiting a malicious page, a remote attacker could exploit this with a crafted file to conduct cross-site scripting XSS attacks...

Important: Red Hat Security Advisory: nodejs:14 security and bug fix update

An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: nodejs:10 security update

An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Important: nodejs:14 security and bug fix update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 14.16.0. Security Fixes: nodejs: HTTP2 'unknownProtocol' cause DoS by resource...

The vulnerability of the “go get” command implementation in the Go programming language allows a perpetrator to execute arbitrary code.

The vulnerability of the “go get” command in the Go programming language is related to incorrect code generation management. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

[SECURITY] Fedora 33 Update: python3.9-3.9.2-1.fc33

Python 3.9 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries...

Rust Resource Management Error Vulnerability (CNVD-2021-13651)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A resource management error vulnerability exists in versions of Rust prior to 0.3.1 that stems from insertsliceclone generating two drop actions when a Clone exception occurs. No details of the vulnerability are...

Unspecified Vulnerability in Rust (CNVD-2021-13650)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in versions of Rust prior to 2021-02-04, and no details of the vulnerability are available at this time...

Rust Information Disclosure Vulnerability

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. An information disclosure vulnerability exists in versions of Rust prior to 0.1.3, which can be exploited to obtain sensitive information via a memory location that is never initialized by IoReader :: read...

Unspecified Vulnerability in Rust (CNVD-2021-13649)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in versions of Rust prior to 2021-02-04, which stems from the fact that byte-type data returned from an X server can be parsed into an arbitrary data type by...

Unspecified Vulnerability in Rust (CNVD-2021-13647)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in versions of Rust prior to 2021-02-04, and no details of the vulnerability are available at this time...

Rust Buffer Overflow Vulnerability (CNVD-2021-13648)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A buffer overflow vulnerability exists in versions of Rust prior to 2021-02-04, which stems from xcb::xproto::changeproperty allowing out-of-bounds read operations. No detailed vulnerability details are provided...

Rust Information Disclosure Vulnerability (CNVD-2021-13652)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. An information disclosure vulnerability exists in versions of Rust prior to 0.14.0, which can be exploited by an attacker to obtain sensitive information from uninitialized memory locations via a user-supplied...

Rust Buffer Overflow Vulnerability

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A buffer overflow vulnerability exists in versions of Rust prior to 0.17.0 that can be exploited by an attacker to overwrite a heap memory location...

rust-toolset:rhel8 bug fix and enhancement update

Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, the cargo-vendor plugin, and required libraries. Rust Toolset has been updated to version 1.47.0 BZ1883839. For detailed information on changes in this release, see the AlmaLinux.1...

[SECURITY] Fedora 33 Update: golang-1.15.7-1.fc33

The Go Programming Language...

Unspecified Vulnerability in Rust (CNVD-2021-13684)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in Rust prior to 9.0.0 that stems from an unsound conversion call in the asstring method. No details of the vulnerability are available at this time...