Oval Definition:	oval:org.opensuse.security:def:202121374
Revision Date: 2022-06-30 Version: 1 Title: CVE-2021-21374 Description: Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS without full verification of the SSL/TLS certificate due to the default setting of httpClient. An attacker able to perform MitM can deliver a modified package list containing malicious software packages. If the packages are installed and used the attack escalates to untrusted code execution. Family: unix Class: vulnerability Status: Reference(s): Mitre CVE-2021-21374 SUSE CVE-2021-21374 openSUSE-SU-2021:0618-1 openSUSE-SU-2021:0628-1 Platform(s): openSUSE Leap 15.2 openSUSE Tumbleweed SUSE Linux Enterprise High Performance Computing 15 SP2 SUSE Linux Enterprise Server 15 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.1 SUSE Manager Server 4.1 SUSE Package Hub for SUSE Linux Enterprise 15 SP2 Product(s): Definition Synopsis openSUSE Tumbleweed is installed AND nim-1.2.12-1.7 is installed Definition Synopsis SUSE Package Hub for SUSE Linux Enterprise 15 SP2 is installed AND nim-1.2.12-bp152.4.3.1 is installed Definition Synopsis openSUSE Leap 15.2 is installed AND Package Information nim-1.2.12-lp152.2.3.1 is installed AND nim is signed with openSUSE key
BACK