VYPR

rpm package

opensuse/privoxy&distro=openSUSE Leap 15.2

pkg:rpm/opensuse/privoxy&distro=openSUSE%20Leap%2015.2

Vulnerabilities (11)

  • CVE-2021-44543Dec 23, 2021
    affected < 3.0.33-bp153.2.3.1fixed 3.0.33-bp153.2.3.1

    An XSS vulnerability was found in Privoxy which was fixed in cgi_error_no_template() by encode the template name when Privoxy is configured to servce the user-manual itself.

  • CVE-2021-44542Dec 23, 2021
    affected < 3.0.33-bp153.2.3.1fixed 3.0.33-bp153.2.3.1

    A memory leak vulnerability was found in Privoxy when handling errors.

  • CVE-2021-44541Dec 23, 2021
    affected < 3.0.33-bp153.2.3.1fixed 3.0.33-bp153.2.3.1

    A vulnerability was found in Privoxy which was fixed in process_encrypted_request_headers() by freeing header memory when failing to get the request destination.

  • CVE-2021-44540Dec 23, 2021
    affected < 3.0.33-bp153.2.3.1fixed 3.0.33-bp153.2.3.1

    A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by freeing memory of compiled pattern spec before bailing.

  • CVE-2021-20217Mar 25, 2021
    affected < 3.0.31-lp152.3.6.1fixed 3.0.31-lp152.3.6.1

    A flaw was found in Privoxy in versions before 3.0.31. An assertion failure triggered by a crafted CGI request may lead to denial of service. The highest threat from this vulnerability is to system availability.

  • CVE-2021-20216Mar 25, 2021
    affected < 3.0.31-lp152.3.6.1fixed 3.0.31-lp152.3.6.1

    A flaw was found in Privoxy in versions before 3.0.31. A memory leak that occurs when decompression fails unexpectedly may lead to a denial of service. The highest threat from this vulnerability is to system availability.

  • CVE-2021-20276Mar 9, 2021
    affected < 3.0.32-lp152.3.9.1fixed 3.0.32-lp152.3.9.1

    A flaw was found in privoxy before 3.0.32. Invalid memory access with an invalid pattern passed to pcre_compile() may lead to denial of service.

  • CVE-2021-20275Mar 9, 2021
    affected < 3.0.32-lp152.3.9.1fixed 3.0.32-lp152.3.9.1

    A flaw was found in privoxy before 3.0.32. A invalid read of size two may occur in chunked_body_is_complete() leading to denial of service.

  • CVE-2021-20274Mar 9, 2021
    affected < 3.0.32-lp152.3.9.1fixed 3.0.32-lp152.3.9.1

    A flaw was found in privoxy before 3.0.32. A crash may occur due a NULL-pointer dereference when the socks server misbehaves.

  • CVE-2021-20273Mar 9, 2021
    affected < 3.0.32-lp152.3.9.1fixed 3.0.32-lp152.3.9.1

    A flaw was found in privoxy before 3.0.32. A crash can occur via a crafted CGI request if Privoxy is toggled off.

  • CVE-2021-20272Mar 9, 2021
    affected < 3.0.32-lp152.3.9.1fixed 3.0.32-lp152.3.9.1

    A flaw was found in privoxy before 3.0.32. An assertion failure could be triggered with a crafted CGI request leading to server crash.