Search CVE reports


Toggle filters

1 – 6 of 6 results


CVE-2023-49606

Medium priority

Some fixes available 1 of 5

A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially crafted HTTP header can trigger reuse of previously freed memory, which leads to memory corruption...

1 affected package

tinyproxy

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tinyproxy Vulnerable Vulnerable Vulnerable Not affected Not affected
Show less packages

CVE-2022-40468

Medium priority

Some fixes available 4 of 8

Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in process_request() function.

1 affected package

tinyproxy

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tinyproxy Not affected Fixed Fixed Fixed Fixed
Show less packages

CVE-2017-11747

Medium priority

Some fixes available 3 of 5

main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root...

1 affected package

tinyproxy

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tinyproxy Not affected Not affected Fixed Fixed
Show less packages

CVE-2012-3505

Medium priority

Some fixes available 1 of 10

Tinyproxy 1.8.3 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via (1) a large number of headers or (2) a large number of forged headers that trigger hash collisions predictably. bucket.

1 affected package

tinyproxy

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tinyproxy
Show less packages

CVE-2011-1843

Medium priority
Ignored

Integer overflow in conf.c in Tinyproxy before 1.8.3 might allow remote attackers to bypass intended access restrictions in opportunistic circumstances via a TCP connection, related to improper handling of invalid port numbers.

1 affected package

tinyproxy

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tinyproxy
Show less packages

CVE-2011-1499

Medium priority

Some fixes available 2 of 5

acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging...

1 affected package

tinyproxy

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
tinyproxy
Show less packages