Debian: Security Advisory (DLA-2592-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

IBM API Connect 安全漏洞

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing, and securing APIs, microservices, and more. IBM API Connect suffers from a security vulnerability that allows an attacker to be able to use ...

[SECURITY] [DLA 2592-1] golang-1.8 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2592-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler March 13, 2021 https://wiki.debian.org/LTS -...

Researchers Spotted Malware Written in Nim Programming Language

Cybersecurity researchers have unwrapped an "interesting email campaign" undertaken by a threat actor that has taken to distributing a new malware written in Nim programming language. Dubbed "NimzaLoader" by Proofpoint researchers, the development marks one of the rare instances of Nim malware...

Researchers Spotted Malware Written in Nim Programming Language

Cybersecurity researchers have unwrapped an "interesting email campaign" undertaken by a threat actor that has taken to distributing a new malware written in Nim programming language. Dubbed "NimzaLoader" by Proofpoint researchers, the development marks one of the rare instances of Nim malware...

Rust Resource Management Error Vulnerability (CNVD-2021-17263)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in scratchpad crate before 1.3.1 for Rust, which stems from the move elements function being able to use double free. no details of the vulnerability are currently available...

Rust Buffer Overflow Vulnerability (CNVD-2021-17258)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A buffer overflow vulnerability exists in quinn crate before 0.7.0 for Rust, which stems from having invalid memory access to certain versions of the standard library. No details of the vulnerability are current...

Unspecified Vulnerability in Rust (CNVD-2021-17265)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in toodee crate before 0.3.0 for Rust, which can be exploited by an attacker to read the contents of uninitialized memory locations...

Rust Resource Management Error Vulnerability

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in toodee crate before 0.3.0 for Rust, which stems from causing a double free when the iterator is panic.No details of the vulnerability are provided at this time...

Rust Buffer Overflow Vulnerability (CNVD-2021-17261)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A buffer overflow vulnerability exists in bytestruct crate before 0.6.1 for Rust, which stems from a problem with the deserialization method that results in the loss of uninitialized memory. No details of the...

Rust Number Error Vulnerability

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in bam crate before 0.1.3 for Rust, which stems from an integer underflow and out-of-bounds write during loading of a bgzip block, no details of the vulnerability are provided at...

Rust Resource Management Error Vulnerability (CNVD-2021-17260)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A resource management error vulnerability exists in stackdst crate before 0.6.1 for Rust, which stems from the pushinner behavior, with double free at val.clone.No detailed vulnerability details are provided at...

Unspecified Vulnerability in Rust (CNVD-2021-17262)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in nanoarena crate before 0.5.2 for Rust, which can be exploited by attackers to cause a write out-of-bounds or use-after-free...

Go Denial of Service Vulnerability (CNVD-2021-19693)

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. The archive/zip in Go is not working when attempting to use Reader.zip on zip archive files with filenames starting with . / begins with a ZIP archive file using the Reader.Open A...

CVE-2021-27918

encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader for xml.NewTokenDecoder returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method...

Nim-Based Malware Loader Spreads Via Spear-Phishing Emails

The TA800 threat group is distributing a malware loader, which researchers call NimzaLoader, via ongoing, highly-targeted spear-phishing emails. While previous Twitter analysis identified this loader as a mere variant of TA800’s existing BazaLoader malware, new research cites evidence that...

USN-4758-1: Go vulnerability

It was discovered that Go applications incorrectly handled uploaded content. If a user were tricked into visiting a malicious page, a remote attacker could exploit this with a crafted file to conduct cross-site scripting XSS attacks...

Important: Red Hat Security Advisory: nodejs:14 security and bug fix update

An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: nodejs:10 security update

An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Important: nodejs:14 security and bug fix update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 14.16.0. Security Fixes: nodejs: HTTP2 'unknownProtocol' cause DoS by resource...