277 matches found
ALPINE-CVE-2023-49606
A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially crafted HTTP header can trigger reuse of previously freed memory, which leads to memory corruption and could lead to remote code execution. An attacker needs to make ...
DEBIAN-CVE-2023-49606
A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially crafted HTTP header can trigger reuse of previously freed memory, which leads to memory corruption and could lead to remote code execution. An attacker needs to make ...
CVE-2023-49606
A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially crafted HTTP header can trigger reuse of previously freed memory, which leads to memory corruption and could lead to remote code execution. An attacker needs to make ...
CVE-2023-40533
Rejected reason: This CVE ID is a duplicate of CVE-2022-40468...
UBUNTU-CVE-2023-49606
A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially crafted HTTP header can trigger reuse of previously freed memory, which leads to memory corruption and could lead to remote code execution. An attacker needs to make ...
CVE-2023-49606
A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially crafted HTTP header can trigger reuse of previously freed memory, which leads to memory corruption and could lead to remote code execution. An attacker needs to make ...
CVE-2023-49606
A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially crafted HTTP header can trigger reuse of previously freed memory, which leads to memory corruption and could lead to remote code execution. An attacker needs to make ...
CVE-2023-49606
CVE-2023-49606 is a use-after-free in Tinyproxy’s HTTP Connection Headers parsing (affecting 1.11.1 and 1.10.0). A specially crafted, unauthenticated HTTP request can trigger reuse of freed memory, causing memory corruption and potentially remote code execution. Public advisories confirm fixes in...
CVE-2023-49606
A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially crafted HTTP header can trigger reuse of previously freed memory, which leads to memory corruption and could lead to remote code execution. An attacker needs to make ...
CVE-2023-49606
A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially crafted HTTP header can trigger reuse of previously freed memory, which leads to memory corruption and could lead to remote code execution. An attacker needs to make ...
CVE-2023-40533
CVE-2023-40533 is a duplicate of CVE-2022-40468 and is not a separate active vulnerability entry. Connected advisories confirm Tinyproxy vulnerabilities affecting header handling and heap data leakage (notably CVE-2022-40468 and related issues) with remediation through updates to Tinyproxy. Debia...
CVE-2023-40533
Removed by vendor...
编号撤回
Tinyproxy is a small, efficient HTTP/SSL proxy daemon from Tinyproxy Open Source. This CVE number has been withdrawn...
Tinyproxy HTTP request parsing uninitialized memory vulnerability
Talos Vulnerability Report TALOS-2023-1902 Tinyproxy HTTP request parsing uninitialized memory vulnerability May 1, 2024 CVE Number CVE-2023-40533 SUMMARY An uninitialized memory use vulnerability exists in Tinyproxy 1.11.1 while parsing HTTP requests. In certain configurations, a specially craft...
Tinyproxy 资源管理错误漏洞
Tinyproxy is a lightweight HTTP/HTTPS proxy server that is primarily used to forward HTTP requests across a computer network. A memory misreference vulnerability exists in Tinyproxy HTTP header handling, which is caused by post-release usage in HTTP connection header parsing. An attacker could...
PT-2024-12893 · Tinyproxy · Tinyproxy
Name of the Vulnerable Software and Affected Versions: Tinyproxy version 1.11.1 Description: An uninitialized memory use issue exists while parsing HTTP requests. In certain configurations, a specially crafted HTTP request can result in disclosure of data allocated on the heap, which could contai...
Tinyproxy HTTP Connection Headers use-after-free vulnerability
Talos Vulnerability Report TALOS-2023-1889 Tinyproxy HTTP Connection Headers use-after-free vulnerability May 1, 2024 CVE Number CVE-2023-49606 SUMMARY A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially crafted HTTP...
PT-2024-3314 · Tinyproxy +2 · Tinyproxy +2
Name of the Vulnerable Software and Affected Versions: Tinyproxy versions 1.10.0 through 1.11.1 Description: A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy. This vulnerability can be triggered by a specially crafted HTTP header, leading to memory...
Tinyproxy <= 1.11.1 Information Disclosure Vulnerability
Tinyproxy is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:banu:tinyproxy"; i...
New Hacker Group 'GambleForce' Tageting APAC Firms Using SQL Injection Attacks
A previously unknown hacker outfit called GambleForce has been attributed to a series of SQL injection attacks against companies primarily in the Asia-Pacific APAC region since at least September 2023. "GambleForce uses a set of basic yet very effective techniques, including SQL injections and th...