Tinyproxy HTTP Connection Headers Use After Free Vulnerability (CVE-2023-49606)

A significant unpatched vulnerability in the HTTP/HTTPS proxy tool exposes¬†more than 50,000 Tinyproxy service hosts on the internet. Tracked as CVE-2023-49606, the vulnerability has a critical severity rating with a CVSS score of 9.8. This is a use-after-free vulnerability in the HTTP Connection Headers parsing in Tinyproxy. A specially crafted HTTP header can trigger the … Continue reading “Tinyproxy HTTP Connection Headers Use After Free Vulnerability (CVE-2023-49606)”

Google Chrome Zero-Day Use-After-Free Vulnerability (CVE-2021-30554)

The seventh zero-day of Google Chrome was talk of the town in mid-June 2021, two weeks after the sixth zero-day was observed in the wild. The earlier six zero-days were: CVE-2021-21148 – February 4th, 2021 CVE-2021-21166 – March 2nd, 2021 CVE-2021-21193 – March 12th, 2021 CVE-2021-21220 – April 13th, 2021 CVE-2021-21224 – April 20th, 2021 … Continue reading “Google Chrome Zero-Day Use-After-Free Vulnerability (CVE-2021-30554)”