rpm package
opensuse/privoxy&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/privoxy&distro=openSUSE%20Tumbleweed
Vulnerabilities (19)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-44543 | — | < 3.0.33-1.1 | 3.0.33-1.1 | Dec 23, 2021 | An XSS vulnerability was found in Privoxy which was fixed in cgi_error_no_template() by encode the template name when Privoxy is configured to servce the user-manual itself. | ||
| CVE-2021-44542 | — | < 3.0.33-1.1 | 3.0.33-1.1 | Dec 23, 2021 | A memory leak vulnerability was found in Privoxy when handling errors. | ||
| CVE-2021-44541 | — | < 3.0.33-1.1 | 3.0.33-1.1 | Dec 23, 2021 | A vulnerability was found in Privoxy which was fixed in process_encrypted_request_headers() by freeing header memory when failing to get the request destination. | ||
| CVE-2021-44540 | — | < 3.0.33-1.1 | 3.0.33-1.1 | Dec 23, 2021 | A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by freeing memory of compiled pattern spec before bailing. | ||
| CVE-2021-20217 | — | < 3.0.32-2.3 | 3.0.32-2.3 | Mar 25, 2021 | A flaw was found in Privoxy in versions before 3.0.31. An assertion failure triggered by a crafted CGI request may lead to denial of service. The highest threat from this vulnerability is to system availability. | ||
| CVE-2021-20216 | — | < 3.0.32-2.3 | 3.0.32-2.3 | Mar 25, 2021 | A flaw was found in Privoxy in versions before 3.0.31. A memory leak that occurs when decompression fails unexpectedly may lead to a denial of service. The highest threat from this vulnerability is to system availability. | ||
| CVE-2021-20276 | — | < 3.0.32-2.3 | 3.0.32-2.3 | Mar 9, 2021 | A flaw was found in privoxy before 3.0.32. Invalid memory access with an invalid pattern passed to pcre_compile() may lead to denial of service. | ||
| CVE-2021-20275 | — | < 3.0.32-2.3 | 3.0.32-2.3 | Mar 9, 2021 | A flaw was found in privoxy before 3.0.32. A invalid read of size two may occur in chunked_body_is_complete() leading to denial of service. | ||
| CVE-2021-20274 | — | < 3.0.32-2.3 | 3.0.32-2.3 | Mar 9, 2021 | A flaw was found in privoxy before 3.0.32. A crash may occur due a NULL-pointer dereference when the socks server misbehaves. | ||
| CVE-2021-20273 | — | < 3.0.32-2.3 | 3.0.32-2.3 | Mar 9, 2021 | A flaw was found in privoxy before 3.0.32. A crash can occur via a crafted CGI request if Privoxy is toggled off. | ||
| CVE-2021-20272 | — | < 3.0.32-2.3 | 3.0.32-2.3 | Mar 9, 2021 | A flaw was found in privoxy before 3.0.32. An assertion failure could be triggered with a crafted CGI request leading to server crash. | ||
| CVE-2016-1983 | Hig | 7.5 | < 3.0.26-1.1 | 3.0.26-1.1 | Jan 27, 2016 | The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header. | |
| CVE-2016-1982 | Hig | 7.5 | < 3.0.26-1.1 | 3.0.26-1.1 | Jan 27, 2016 | The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content. | |
| CVE-2015-1031 | — | < 3.0.26-1.1 | 3.0.26-1.1 | Feb 10, 2015 | Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow remote attackers to have unspecified impact via vectors related to (1) the unmap function in list.c or (2) "two additional unconfirmed use-after-free complaints made by Coverity scan." NOTE: some of these deta | ||
| CVE-2015-1382 | — | < 3.0.26-1.1 | 3.0.26-1.1 | Feb 3, 2015 | parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header. | ||
| CVE-2015-1381 | — | < 3.0.26-1.1 | 3.0.26-1.1 | Feb 3, 2015 | Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors. | ||
| CVE-2015-1380 | — | < 3.0.26-1.1 | 3.0.26-1.1 | Feb 3, 2015 | jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body. | ||
| CVE-2015-1201 | — | < 3.0.26-1.1 | 3.0.26-1.1 | Jan 20, 2015 | Privoxy before 3.0.22 allows remote attackers to cause a denial of service (file descriptor consumption) via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||
| CVE-2015-1030 | — | < 3.0.26-1.1 | 3.0.26-1.1 | Jan 20, 2015 | Memory leak in the rfc2553_connect_to function in jbsocket.c in Privoxy before 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests that are rejected because the socket limit is reached. |
- CVE-2021-44543Dec 23, 2021affected < 3.0.33-1.1fixed 3.0.33-1.1
An XSS vulnerability was found in Privoxy which was fixed in cgi_error_no_template() by encode the template name when Privoxy is configured to servce the user-manual itself.
- CVE-2021-44542Dec 23, 2021affected < 3.0.33-1.1fixed 3.0.33-1.1
A memory leak vulnerability was found in Privoxy when handling errors.
- CVE-2021-44541Dec 23, 2021affected < 3.0.33-1.1fixed 3.0.33-1.1
A vulnerability was found in Privoxy which was fixed in process_encrypted_request_headers() by freeing header memory when failing to get the request destination.
- CVE-2021-44540Dec 23, 2021affected < 3.0.33-1.1fixed 3.0.33-1.1
A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by freeing memory of compiled pattern spec before bailing.
- CVE-2021-20217Mar 25, 2021affected < 3.0.32-2.3fixed 3.0.32-2.3
A flaw was found in Privoxy in versions before 3.0.31. An assertion failure triggered by a crafted CGI request may lead to denial of service. The highest threat from this vulnerability is to system availability.
- CVE-2021-20216Mar 25, 2021affected < 3.0.32-2.3fixed 3.0.32-2.3
A flaw was found in Privoxy in versions before 3.0.31. A memory leak that occurs when decompression fails unexpectedly may lead to a denial of service. The highest threat from this vulnerability is to system availability.
- CVE-2021-20276Mar 9, 2021affected < 3.0.32-2.3fixed 3.0.32-2.3
A flaw was found in privoxy before 3.0.32. Invalid memory access with an invalid pattern passed to pcre_compile() may lead to denial of service.
- CVE-2021-20275Mar 9, 2021affected < 3.0.32-2.3fixed 3.0.32-2.3
A flaw was found in privoxy before 3.0.32. A invalid read of size two may occur in chunked_body_is_complete() leading to denial of service.
- CVE-2021-20274Mar 9, 2021affected < 3.0.32-2.3fixed 3.0.32-2.3
A flaw was found in privoxy before 3.0.32. A crash may occur due a NULL-pointer dereference when the socks server misbehaves.
- CVE-2021-20273Mar 9, 2021affected < 3.0.32-2.3fixed 3.0.32-2.3
A flaw was found in privoxy before 3.0.32. A crash can occur via a crafted CGI request if Privoxy is toggled off.
- CVE-2021-20272Mar 9, 2021affected < 3.0.32-2.3fixed 3.0.32-2.3
A flaw was found in privoxy before 3.0.32. An assertion failure could be triggered with a crafted CGI request leading to server crash.
- affected < 3.0.26-1.1fixed 3.0.26-1.1
The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header.
- affected < 3.0.26-1.1fixed 3.0.26-1.1
The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content.
- CVE-2015-1031Feb 10, 2015affected < 3.0.26-1.1fixed 3.0.26-1.1
Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow remote attackers to have unspecified impact via vectors related to (1) the unmap function in list.c or (2) "two additional unconfirmed use-after-free complaints made by Coverity scan." NOTE: some of these deta
- CVE-2015-1382Feb 3, 2015affected < 3.0.26-1.1fixed 3.0.26-1.1
parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header.
- CVE-2015-1381Feb 3, 2015affected < 3.0.26-1.1fixed 3.0.26-1.1
Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors.
- CVE-2015-1380Feb 3, 2015affected < 3.0.26-1.1fixed 3.0.26-1.1
jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body.
- CVE-2015-1201Jan 20, 2015affected < 3.0.26-1.1fixed 3.0.26-1.1
Privoxy before 3.0.22 allows remote attackers to cause a denial of service (file descriptor consumption) via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
- CVE-2015-1030Jan 20, 2015affected < 3.0.26-1.1fixed 3.0.26-1.1
Memory leak in the rfc2553_connect_to function in jbsocket.c in Privoxy before 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests that are rejected because the socket limit is reached.