377 matches found
glib: buffer overflow in set_connect_msg()
A flaw was found in the Glib library. A buffer overflow condition can be triggered in certain conditions due to an off-by-one error in SOCKS4CONNMSGLEN. This issue may lead to an application crash or other undefined behavior...
13,000 MikroTik Routers Hijacked by Botnet for Malspam and Cyberattacks
A global network of about 13,000 hijacked Mikrotik routers has been employed as a botnet to propagate malware via spam campaigns, the latest addition to a list of botnets powered by MikroTik devices. The activity "takes advantage of misconfigured DNS records to pass email protection techniques,"...
PT-2025-54486
Name of the Vulnerable Software and Affected Versions libcurl versions prior to 7.87.0-150400.7.26.1 openSUSE Leap 15.6 affected versions not specified SUSE Linux Enterprise Server 15 SP4 affected versions not specified Description The issue relates to libcurl's handling of TLS options during...
Heels on fire. Hacking smart ski socks
TL;DR A silly-season BLE connectivity story Overheat people’s smart ski socks …but only when in Bluetooth range AND when the owner's phone is out of range of their feet! Having experienced painfully cold feet several times over the years while skiing, including once at minus 42°C in the Canadian...
Inferno Nettverk Dante 安全漏洞
Inferno Nettverk Dante is a free SOCKS server from Inferno Nettverk. A security vulnerability exists in Inferno Nettverk Dante versions 1.4.0 through 1.4.3 that stems from incorrect access control for some configurations...
MGASA-2024-0386 Updated glib2.0 packages fix security vulnerability
Buffer overflow in socks proxy code in glib 2.82.1. CVE-2024-52533...
Updated glib2.0 packages fix security vulnerability
Buffer overflow in socks proxy code in glib 2.82.1. CVE-2024-52533...
CLSA-2024-1732555216 Fix CVE(s): CVE-2024-52533
SECURITY UPDATE: Buffer overflow due to off-by-one error in gsocks4aproxy.c - debian/patches/CVE-2024-52533.patch: Fix single byte buffer overflow in connect messages due to incorrect calculation in SOCKS4CONNMSGLEN - CVE-2024-52533...
OESA-2024-2437 glib2 security update
GLib is a bundle of three formerly five low-level system libraries written in C and developed mainly by GNOME. GLib's code was separated from GTK, so it can be used by software other than GNOME and has been developed in parallel ever since. Security Fixes: gio/gsocks4aproxy.c in GNOME GLib before...
OESA-2024-2435 glib2 security update
GLib is a bundle of three formerly five low-level system libraries written in C and developed mainly by GNOME. GLib's code was separated from GTK, so it can be used by software other than GNOME and has been developed in parallel ever since. Security Fixes: gio/gsocks4aproxy.c in GNOME GLib before...
OESA-2024-2381 glib2 security update
GLib is a bundle of three formerly five low-level system libraries written in C and developed mainly by GNOME. GLib's code was separated from GTK, so it can be used by software other than GNOME and has been developed in parallel ever since. Security Fixes: gio/gsocks4aproxy.c in GNOME GLib before...
SUSE CVE-2024-52533
gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4CONNMSGLEN is not sufficient for a trailing '\0' character...
DEBIAN-CVE-2024-52533
gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4CONNMSGLEN is not sufficient for a trailing '\0' character...
Moderate: python3.12-urllib3 security update
urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries: • Thread safety. • Connection pooling. • Client-side SSL/TLS verification. • File uploads with multipart encoding. • Helpers for retrying request...
openSUSE Security Advisory (openSUSE-SU-2024:0119-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OPENSUSE-SU-2024:0119-1 Security update for tinyproxy
This update for tinyproxy fixes the following issues: - Update to release 1.11.2 Fix potential use-after-free in header handling CVE-2023-49606, boo1223746 Prevent junk from showing up in error page in invalid requests CVE-2022-40468, CVE-2023-40533, boo1223743 - Move tinyproxy program to /usr/bi...
NTLM Relay Gat - Powerful Tool Designed To Automate The Exploitation Of NTLM Relays
NTLM Relay Gat is a powerful tool designed to automate the exploitation of NTLM relays using ntlmrelayx.py from the Impacket tool suite. By leveraging the capabilities of ntlmrelayx.py, NTLM Relay Gat streamlines the process of exploiting NTLM relay vulnerabilities, offering a range of...
PT-2024-14675 · Linux +8 · Linux Kernel +8
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A deadlock situation in the Linux kernel has been resolved by changing j1939 socks lock to an rwlock. The deadlock occurred due to a circular lock dependency between j1939 socks lock,...
Living off the land with native SSH and split tunnelling
TL;DR Attackers can use Microsoft native SSH client to forward out internal network traffic Windows native SSH is common The attack only needs minimal set-up and commands Quicker and more cost effective for an attacker than using C2 infrastructure Reduces likelihood of Blue team detection...
CVE-2024-25398
In Srelay the SOCKS proxy and Relay v.0.4.8p3, a specially crafted network payload can trigger a denial of service condition and disrupt the service...