Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Package Hub 15 SP5 package tinyproxy, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (5)
CVE-2023-49606 — CVSS 9.8 (critical): A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially crafted…
CVE-2022-40468 — CVSS 7.5 (high): Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit…
CVE-2017-11747 — CVSS 5.5 (medium): main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-root account, which…
CVE-2012-3505 — CVSS 5.0 (medium): Tinyproxy 1.8.3 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via (1) a large number of…
CVE-2023-40533: Rejected reason: This CVE ID is a duplicate of CVE-2022-40468