GHSA-MXG3-432P-MR72 goshs: SSH host key verification disabled, allowing transparent MITM of every tunnelled HTTP request

Summary The --tunnel / -t flag opens an outbound SSH connection to localhost.run:22 with HostKeyCallback: ssh.InsecureIgnoreHostKey. The Go documentation for that function states verbatim: "It should not be used for production code." With the callback disabled the client accepts any host key the...

EUVD-2005-0040

Malware in sbrugna...

EUVD-2002-1096

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2025-21674

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel Attempt to enable...

CVE-2025-21674 net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel Attempt to enable IPsec packet offload in tunnel mode in debug kernel generates the following kernel panic, which is happening due to two issues: 1. In SA ad...

CVE-2025-21674 net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel Attempt to enable IPsec packet offload in tunnel mode in debug kernel generates the following kernel panic, which is happening due to two issues: 1. In SA ad...

CVE-2025-21674

CVE-2025-21674 affects the Linux kernel mlx5e/mlx5_core with IPsec tunnel offload in tunnel mode. The issue caused a kernel panic due to two problems: (1) in SA add, the _bh() variant should be used when marking SA mode, and (2) an unnecessary flush_workqueue in SA delete routine. The failure is ...

CVE-2020-12819

A heap-based buffer overflow vulnerability in the processing of Link Control Protocol messages in FortiGate versions 5.6.12, 6.0.10, 6.2.4 and 6.4.1 and earlier may allow a remote attacker with valid SSL VPN credentials to crash the SSL VPN daemon by sending a large LCP packet, when tunnel mode i...

The vulnerability of the Tunnel Mode mode in the implementation of SSL VPN technology for FortiOS operating systems allows a perpetrator to cause a service failure.

The vulnerability of the Tunnel Mode mode in the FortiOS operating system-based SSL VPN technology stems from the fact that data operations go beyond the buffer in memory when processing LCP packets. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

Unable to access internal Websites with Android Secure Web using MAM SDK

On Android Secure Web with MAM SDK, accessing internal websites shows error 'ERREMPTYRESPONSE'. Further checking the logs, we see that Secure Web does not tunnel the connection to AG for internal websites. But for Legacy SDK, it works fine. Split Tunne - ON DNS suffixes - ADDED In the logs, we se...

PT-2020-6793 · Fortinet · Fortigate +1

Name of the Vulnerable Software and Affected Versions: FortiGate versions 5.6.12, 6.0.10, 6.2.4 and 6.4.1 and earlier Description: A heap-based buffer overflow vulnerability in the processing of Link Control Protocol messages may allow a remote attacker with valid SSL VPN credentials to crash the...

Secure Web with PAC File unable to authenticate fails with http 407 error

While evaluating XenMobile with Secure Web with PAC File,Webproxy after reading the PAC file request Authentication, but it seems that Secure Web does not provide authentication. Therefore we get an Authentication failure from the Webproxy on the webpage of the Proxy within Secure Web. MDX Settin...

How to Disable Single Sign-On in NetScaler

This article describes how to disable Single Sign-On in NetScaler. Background In XenMobile, in some use cases the app may want to perform NTLM authentication of a user that was not used during enrollment. In such situation, the app uses Full Tunnel mode and so would like to send the credentials...

CVE-2005-0039

Certain configurations of IPsec, when using Encapsulating Security Payload ESP in tunnel mode, integrity protection at a higher layer, or Authentication Header AH, allow remote attackers to decrypt IPSec communications by modifying the outer packet in ways that cause plaintext data from the inner...

CVE-2005-0039

Certain configurations of IPsec, when using Encapsulating Security Payload ESP in tunnel mode, integrity protection at a higher layer, or Authentication Header AH, allow remote attackers to decrypt IPSec communications by modifying the outer packet in ways that cause plaintext data from the inner...

CVE-2005-0039

Certain configurations of IPsec, when using Encapsulating Security Payload ESP in tunnel mode, integrity protection at a higher layer, or Authentication Header AH, allow remote attackers to decrypt IPSec communications by modifying the outer packet in ways that cause plaintext data from the inner...

CVE-2002-1108

Cisco Virtual Private Network VPN Client software 2.x.x, and 3.x before 3.6Rel, when configured with all tunnel mode, can be forced into acknowledging a TCP packet from outside the tunnel...

CVE-2002-1108

Cisco Virtual Private Network VPN Client software 2.x.x, and 3.x before 3.6Rel, when configured with all tunnel mode, can be forced into acknowledging a TCP packet from outside the tunnel...