Super Android Analyzer

Super Android Analyzer Secure, Unified, Powerful and Extensible Rust Android Analyzer SUPER is a command-line application that can be used in Windows, MacOS X and Linux, that analyzes .apk files in search for vulnerabilities. It does this by decompressing APKs and applying a series of rules to...

Browser-based GDB frontend: gdbGUI

A modern, browser-based frontend to gdb gnu debugger. Add breakpoints, view stack traces, and more in C, C++, Go, and Rust! Simply run gdbgui from the terminal and a new tab will open in your browse Features Debug a different program in each tab new gdb instance is spawned for each tab Set/remove...

AskAI (=0.1.0), BeerHolderBot (>=0.1.0 <=0.3.8) +14874 more potentially affected by CVE-2017-18587 via hyper (>=0.0.1 <=0.9.14)

hyper CARGO version =0.0.1, =0.1.0, =0.1.0, =1.0.2, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =1.0.0, =1.0.1, =0.0.2, =0.1.0, =0.1.2 and more Source cves: CVE-2017-18587 Source advisory: OSV:RUSTSEC-2017-0002...

Python's new string format vulnerability analysis-vulnerability warning-the black bar safety net

This article on Python introduced a formatted string of the new syntax of the security vulnerabilities in-depth analysis, and provide appropriate security solutions. When we are on untrusted user input using str. the format of the time, will bring security risks-for this problem, in fact I have...

RUSTSEC-2016-0001 SSL/TLS MitM vulnerability due to insecure defaults

All versions of rust-openssl prior to 0.9.0 contained numerous insecure defaults including off-by-default certificate verification and no API to perform hostname verification. Unless configured correctly by a developer, these defaults could allow an attacker to perform man-in-the-middle attacks...

SSL/TLS MitM vulnerability due to insecure defaults

All versions of rust-openssl prior to 0.9.0 contained numerous insecure defaults including off-by-default certificate verification and no API to perform hostname verification. Unless configured correctly by a developer, these defaults could allow an attacker to perform man-in-the-middle attacks...

PT-2016-4587 · Openssl · Rust-Openssl

Name of the Vulnerable Software and Affected Versions: rust-openssl versions prior to 0.9.0 Description: The issue is related to SSL/TLS man-in-the-middle attacks due to insecure defaults in the openssl crate for Rust. Specifically, certificate verification is off by default, and there is no API...

abstract-boot (>=0.2.0-beta.4 <=0.2.0-beta.7), ace-test-lib (=0.1.0) +711 more potentially affected by unknown CVE via rust-crypto (=0.2.36)

rust-crypto CARGO version =0.2.36 is affected by a known vulnerability. The following packages have a transitive dependency on rust-crypto and may be impacted: - abstract-boot =0.2.0-beta.4, =0.0.1, =0.0.1, =0.1.0, =0.0.1, =0.1.0, =0.2.0, =0.8.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.3.0 and more...

rust-crypto is unmaintained; switch to a modern alternative

The rust-crypto crate has not seen a release or GitHub commit since 2016, and its author is unresponsive. NOTE: The old rust-crypto crate with hyphen should not be confused with similarly named new RustCrypto GitHub Org without hyphen. The GitHub Org is actively maintained. We recommend you switc...

RUSTSEC-2016-0005 rust-crypto is unmaintained; switch to a modern alternative

The rust-crypto crate has not seen a release or GitHub commit since 2016, and its author is unresponsive. NOTE: The old rust-crypto crate with hyphen should not be confused with similarly named new RustCrypto GitHub Org without hyphen. The GitHub Org is actively maintained. We recommend you switc...

Panopticon - A Libre Cross-Platform Disassembler

Panopticon is a cross platform disassembler for reverse engineering written in Rust. Panopticon has functions for disassembling, analysing decompiling and patching binaries for various platforms and instruction sets. Panopticon comes with GUI for browsing control flow graphs, displaying analysis...

Security update for MozillaFirefox, mozilla-nss (important)

Mozilla Firefox was updated to 48.0 to fix security issues, bugs, and deliver various improvements. The following major changes are included: - Process separation e10s is enabled for some users - Add-ons that have not been verified and signed by Mozilla will not load - WebRTC enhancements - The...

baal (>=0.1.0 <=0.4.2), bit_crusher (=0.2.0) +20 more potentially affected by CVE-2016-10933 via portaudio (>=0.4.19 <=0.8.0)

portaudio CARGO version =0.4.19, =0.1.0, =0.1.0, =0.0.1, =0.2.0, =0.1.0, =0.3.0, =0.3.0, =0.5.0, =0.2.0, =0.4.0, =0.1.0, =0.2.0, =0.6.2, =0.11.0 and more Source cves: CVE-2016-10933 Source advisory: OSV:RUSTSEC-2016-0003...

RUSTSEC-2016-0002 HTTPS MitM vulnerability due to lack of hostname verification

When used on Windows platforms, all versions of Hyper prior to 0.9.4 did not perform hostname verification when making HTTPS requests. This allows an attacker to perform MitM attacks by preventing any valid CA-issued certificate, even if there's a hostname mismatch. The problem was addressed by...

HTTPS MitM vulnerability due to lack of hostname verification

When used on Windows platforms, all versions of Hyper prior to 0.9.4 did not perform hostname verification when making HTTPS requests. This allows an attacker to perform MitM attacks by preventing any valid CA-issued certificate, even if there's a hostname mismatch. The problem was addressed by...

binwalk

Binwalk v3 This is an updated version of the Binwalk firmware...