Feroxbuster - A Fast, Simple, Recursive Content Discovery Tool Written In Rust

What the heck is a ferox anyway? Ferox is short for Ferric Oxide. Ferric Oxide, simply put, is rust. The name rustbuster was taken, so I decided on a variation. What's it do tho? feroxbuster is a tool designed to perform Forced Browsing. Forced browsing is an attack where the aim is to enumerate...

abrute (>=0.1.7 <=0.1.8), aderyn_core (>=0.0.7 <=0.0.9) +775 more potentially affected by unknown CVE via term_size (>=0.1.1 <=1.0.0-beta.2)

termsize CARGO version =0.1.1, =0.1.7, =0.0.7, =0.0.8, =0.1.0, =0.0.2, =1.0.1, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =0.0.1, =1.2.0, =2.1.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2020-0163...

safe-transfers (=0.1.0), sn_transfers (=0.2.0) potentially affected by unknown CVE via safe-nd (>=0.11.7 <=0.9.0)

safe-nd CARGO version =0.11.7, =0.9.0 is affected by a known vulnerability. The following packages have a transitive dependency on safe-nd and may be impacted: - safe-transfers =0.1.0 - sntransfers =0.2.0 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2020-0063...

CLI-game-of-life (=0.1.0), RustyBox (=0.1.0) +1581 more potentially affected by CVE-2020-35922 via mio (=0.7.14)

mio CARGO version =0.7.14 is affected by a known vulnerability. The following packages have a transitive dependency on mio and may be impacted: - CLI-game-of-life =0.1.0 - RustyBox =0.1.0 - RustyVault =0.1.0, =0.1.0, =2.0.0-beta.1, =0.1.0, =0.9.0, =0.9.0, =0.1.0, =0.1.0, =0.1.0, =0.4.0 and more...

`mio` invalidly assumes the memory layout of std::net::SocketAddr

The mio crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. The standard library does not say anything about the...

aoaddons (>=0.1.1 <=0.2.0), bls_signature_aggregator (=0.1.0) +2 more potentially affected by unknown CVE via fake_clock (>=0.1.0 <=0.3.1)

fakeclock CARGO version =0.1.0, =0.1.1, =0.6.0, =0.1.0, =1.3.1 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2020-0065...

[ASA-202011-1] firefox: multiple issues

Arch Linux Security Advisory ASA-202011-1 ========================================= Severity: Critical Date : 2020-11-02 CVE-ID : CVE-2020-15254 CVE-2020-15680 CVE-2020-15681 CVE-2020-15682 CVE-2020-15683 CVE-2020-15684 CVE-2020-15969 Package : firefox Type : multiple issues Remote : Yes Link :...

async-mutex (>=1.0.1 <=1.4.1), blocking-permit (>=0.1.0 <=1.2.1) +18 more potentially affected by CVE-2020-35915 via futures-intrusive (>=0.2.2 <=0.3.1)

futures-intrusive CARGO version =0.2.2, =1.0.1, =0.1.0, =0.4.0, =0.4.0, =0.4.0, =0.2.0, =0.10.0, =0.3.6, =0.3.7 - raii-counter-futures =0.1.0 - stm32f1xx-futures =0.1.0 - switchyard =0.1.0 and more Source cves: CVE-2020-35915 Source advisory: OSV:RUSTSEC-2020-0072...

RUSTSEC-2020-0122 beef::Cow lacks a Sync bound on its Send trait allowing for data races

Affected versions of this crate did not have a T: Sync bound in the Send impl for Cow. This allows users to create data races by making Cow contain types that are Send && !Sync like Cell or RefCell. Such data races can lead to memory corruption. The flaw was corrected in commit d1c7658 by adding...

almond (=0.2.0), ascesis (=0.0.6) +86 more potentially affected by CVE-2020-36442 via beef (>=0.1.5 <=0.4.4)

beef CARGO version =0.1.5, =0.2.0, =0.1.0, =0.5.6, =0.1.0, =0.1.0, =0.5.4, =0.2.0, =0.2.0, =0.1.0, =0.1.2 and more Source cves: CVE-2020-36442 Source advisory: OSV:RUSTSEC-2020-0122...

Remote Code Execution (RCE)

firefox is vulnerable to remote code execution RCE. The vulnerability exists through an undefined behavior in bounded channel of crossbeam rust crate...

AskAI (=0.1.0), BeerHolderBot (>=0.1.0 <=0.3.8) +26495 more potentially affected by CVE-2020-35905 via futures-util (=0.3.32)

futures-util CARGO version =0.3.32 is affected by a known vulnerability. The following packages have a transitive dependency on futures-util and may be impacted: - AskAI =0.1.0 - BeerHolderBot =0.1.0, =0.1.0, =1.0.2, =0.1.0, =0.1.0, =0.1.0, =1.0.0, =1.0.1 and more Source cves: CVE-2020-35905 Sour...

RUSTSEC-2020-0059 MutexGuard::map can cause a data race in safe code

Affected versions of the crate had a Send/Sync implementation for MappedMutexGuard that only considered variance on T, while MappedMutexGuard dereferenced to U. This could of led to data races in safe Rust code when a closure used in MutexGuard::map returns U that is unrelated to T. The issue was...

Security Vulnerabilities fixed in Firefox 82 — Mozilla

A use-after-free bug in the usersctp library was reported upstream. We assume this could have led to memory corruption and a potentially exploitable crash. In the crossbeam rust crate, the bounded channel incorrectly assumed that Vec::fromiter had allocated capacity that was the same as the numbe...

CVE-2020-15254

Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that Vec::fromiter has allocated capacity that same as the number of iterator elements. Vec::fromiter does not actually guarantee that and may allocate extra...

IMAPServer (=0.1.0), acme-dns-rust (>=1.0.0 <=1.0.6) +92 more potentially affected by unknown CVE via block-cipher (>=0.7.1 <=0.8.0)

block-cipher CARGO version =0.7.1, =1.0.0, =0.4.0, =0.4.0, =0.7.0, =0.1.0, =0.1.1, =0.1.1, =0.8.1, =0.2.0, =0.5.0, =0.2.0, =0.7.0, =0.8.0 - chacha20 =0.5.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2020-0057...

gltfgen (>=0.4.5 <=0.5.0), gut (>=0.5.0 <=0.6.2) potentially affected by CVE-2020-35903 via dync (>=0.3.2 <=0.4.0)

dync CARGO version =0.3.2, =0.4.5, =0.5.0, =0.6.2 Source cves: CVE-2020-35903 Source advisory: OSV:RUSTSEC-2020-0050...

An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the InlineArray implementation an unaligned reference may be generated for a type that has a large alignment requirement.

...

An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation insert_from can have a memory-safety issue upon a panic.

...

An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation the array size is not checked when constructed with From<InlineArray<A T>>.

...