Most Tinyproxy Instances are potentially vulnerable to flaw CVE-2023-49606 | allinfosecnews.com

May 8, 2024, 9:19 a.m. | Pierluigi Paganini

Security Affairs securityaffairs.co

A critical Remote Code Execution vulnerability in the Tinyproxy service potentially impacted 50,000 Internet-Exposing hosts. Researchers from Cisco Talos reported a use-after-free vulnerability in the HTTP Connection Headers parsing of Tinyproxy 1.11.1 and Tinyproxy 1.10.0. The issue is tracked as CVE-2023-49606 and received a CVSS score of 9.8. The exploitation of the issue can potentially lead […]

breaking news cisco cisco talos code code execution critical cve cvss cvss score exploitation exposing flaw free hacking headers http information security news internet issue it information security parsing pierluigi paganini remote code remote code execution researchers score security service talos tinyproxy use-after-free vulnerability vulnerable

More from securityaffairs.co / Security Affairs

Healthcare firm WebTPA data breach impacted 2.5 million individuals 4 hours ago | securityaffairs.co

administrator breach breaking news cyber crime +16

Security Affairs newsletter Round 472 by Pierluigi Paganini – INTERNATIONAL EDITION 5 hours ago | securityaffairs.co

articles box breaking news cybercrime +20

North Korea-linked Kimsuky used a new Linux backdoor in recent attacks 7 hours ago | securityaffairs.co

apt attacks backdoor campaign +18

North Korea-linked IT workers infiltrated hundreds of US firms 1 day, 3 hours ago | securityaffairs.co

arizona breaking news charged charges +15

Turla APT used two new backdoors to infiltrate a European ministry of foreign affairs 1 day, 20 hours ago | securityaffairs.co

apt backdoor backdoors breach +18

City of Wichita disclosed a data breach after the recent ransomware attack 2 days, 5 hours ago | securityaffairs.co

attack breach breaking news city +19

CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog 2 days, 8 hours ago | securityaffairs.co

agency binding operational directive bod breaking news +24

CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog 2 days, 9 hours ago | securityaffairs.co

agency breaking news catalog chrome +35

North Korea-linked Kimsuky APT attack targets victims via Messenger 2 days, 11 hours ago | securityaffairs.co

accounts agency amp analysis +32

Information Security Engineers

@ D. E. Shaw Research | New York City

View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada

View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

View on infosec-jobs.com

Senior Security Analyst

@ Oracle | United States

View on infosec-jobs.com

Associate Vulnerability Management Specialist

@ Diebold Nixdorf | Hyderabad, Telangana, India

View on infosec-jobs.com

Cybersecurity Architect, Infrastructure & Technical Security

@ KCB Group | Kenya

View on infosec-jobs.com