CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Privoxy » Privoxy » * * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-44543 79 XSS 2021-12-23 2021-12-29
2.6
None Remote High Not required None Partial None
An XSS vulnerability was found in Privoxy which was fixed in cgi_error_no_template() by encode the template name when Privoxy is configured to servce the user-manual itself.
2 CVE-2021-44542 401 2021-12-23 2021-12-29
5.0
None Remote Low Not required None None Partial
A memory leak vulnerability was found in Privoxy when handling errors.
3 CVE-2021-44541 401 2021-12-23 2022-01-03
5.0
None Remote Low Not required None None Partial
A vulnerability was found in Privoxy which was fixed in process_encrypted_request_headers() by freeing header memory when failing to get the request destination.
4 CVE-2021-44540 401 2021-12-23 2022-01-06
5.0
None Remote Low Not required None None Partial
A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by freeing memory of compiled pattern spec before bailing.
5 CVE-2021-20276 119 DoS Overflow 2021-03-09 2021-12-07
5.0
None Remote Low Not required None None Partial
A flaw was found in privoxy before 3.0.32. Invalid memory access with an invalid pattern passed to pcre_compile() may lead to denial of service.
6 CVE-2021-20275 119 DoS Overflow 2021-03-09 2021-12-14
5.0
None Remote Low Not required None None Partial
A flaw was found in privoxy before 3.0.32. A invalid read of size two may occur in chunked_body_is_complete() leading to denial of service.
7 CVE-2021-20274 476 2021-03-09 2021-12-14
5.0
None Remote Low Not required None None Partial
A flaw was found in privoxy before 3.0.32. A crash may occur due a NULL-pointer dereference when the socks server misbehaves.
8 CVE-2021-20273 20 2021-03-09 2021-12-08
5.0
None Remote Low Not required None None Partial
A flaw was found in privoxy before 3.0.32. A crash can occur via a crafted CGI request if Privoxy is toggled off.
9 CVE-2021-20272 617 2021-03-09 2021-12-07
5.0
None Remote Low Not required None None Partial
A flaw was found in privoxy before 3.0.32. An assertion failure could be triggered with a crafted CGI request leading to server crash.
10 CVE-2021-20217 617 DoS 2021-03-25 2021-12-14
7.8
None Remote Low Not required None None Complete
A flaw was found in Privoxy in versions before 3.0.31. An assertion failure triggered by a crafted CGI request may lead to denial of service. The highest threat from this vulnerability is to system availability.
11 CVE-2021-20216 400 DoS 2021-03-25 2021-12-14
7.8
None Remote Low Not required None None Complete
A flaw was found in Privoxy in versions before 3.0.31. A memory leak that occurs when decompression fails unexpectedly may lead to a denial of service. The highest threat from this vulnerability is to system availability.
12 CVE-2021-20215 401 2021-03-25 2021-12-14
7.8
None Remote Low Not required None None Complete
A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the show-status CGI handler when memory allocations fail can lead to a system crash.
13 CVE-2021-20214 401 2021-03-25 2021-12-14
7.8
None Remote Low Not required None None Complete
A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the client-tags CGI handler when client tags are configured and memory allocations fail can lead to a system crash.
14 CVE-2021-20213 476 2021-03-25 2021-12-14
4.3
None Remote Medium Not required None None Partial
A flaw was found in Privoxy in versions before 3.0.29. Dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header and a memory allocation failed.
15 CVE-2021-20212 401 2021-03-25 2021-12-14
7.8
None Remote Low Not required None None Complete
A flaw was found in Privoxy in versions before 3.0.29. Memory leak if multiple filters are executed and the last one is skipped due to a pcre error leading to a system crash.
16 CVE-2021-20211 401 2021-03-25 2021-12-14
7.8
None Remote Low Not required None None Complete
A flaw was found in Privoxy in versions before 3.0.29. Memory leak when client tags are active can cause a system crash.
17 CVE-2021-20210 401 2021-03-25 2021-12-10
7.8
None Remote Low Not required None None Complete
A flaw was found in Privoxy in versions before 3.0.29. Memory leak in the show-status CGI handler when no filter files are configured can lead to a system crash.
18 CVE-2021-20209 401 2021-05-25 2021-12-14
5.0
None Remote Low Not required None None Partial
A memory leak vulnerability was found in Privoxy before 3.0.29 in the show-status CGI handler when no action files are configured.
19 CVE-2020-35502 401 2021-03-25 2021-12-10
7.8
None Remote Low Not required None None Complete
A flaw was found in Privoxy in versions before 3.0.29. Memory leaks when a response is buffered and the buffer limit is reached or Privoxy is running out of memory can lead to a system crash.
20 CVE-2016-1983 20 DoS 2016-01-27 2016-12-06
5.0
None Remote Low Not required None None Partial
The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header.
21 CVE-2016-1982 20 DoS 2016-01-27 2016-12-06
5.0
None Remote Low Not required None None Partial
The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content.
22 CVE-2015-1382 20 DoS 2015-02-03 2018-10-30
5.0
None Remote Low Not required None None Partial
parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header.
23 CVE-2015-1381 399 DoS 2015-02-03 2018-10-30
5.0
None Remote Low Not required None None Partial
Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors.
24 CVE-2015-1380 20 DoS 2015-02-03 2018-10-30
5.0
None Remote Low Not required None None Partial
jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body.
25 CVE-2015-1201 DoS 2015-01-20 2015-01-22
5.0
None Remote Low Not required None None Partial
Privoxy before 3.0.22 allows remote attackers to cause a denial of service (file descriptor consumption) via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
26 CVE-2015-1031 2015-02-10 2015-03-04
7.5
None Remote Low Not required Partial Partial Partial
Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow remote attackers to have unspecified impact via vectors related to (1) the unmap function in list.c or (2) "two additional unconfirmed use-after-free complaints made by Coverity scan." NOTE: some of these details are obtained from third party information.
27 CVE-2015-1030 399 DoS 2015-01-20 2015-02-04
5.0
None Remote Low Not required None None Partial
Memory leak in the rfc2553_connect_to function in jbsocket.c in Privoxy before 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests that are rejected because the socket limit is reached.
Total number of vulnerabilities : 27   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.