Privoxy
by Privoxy
CVEs (29)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-20273 | 0.00 | — | 0.02 | Mar 9, 2021 | A flaw was found in privoxy before 3.0.32. A crash can occur via a crafted CGI request if Privoxy is toggled off. | |||
| CVE-2021-20272 | 0.00 | — | 0.02 | Mar 9, 2021 | A flaw was found in privoxy before 3.0.32. An assertion failure could be triggered with a crafted CGI request leading to server crash. | |||
| CVE-2019-3699 | 0.00 | — | 0.00 | Jan 24, 2020 | UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of privoxy on openSUSE Leap 15.1, Factory allows local attackers to escalate from user privoxy to root. This issue affects: openSUSE Leap 15.1 privoxy version 3.0.28-lp151.1.1 and prior versions. openSUSE… | |||
| CVE-2015-1031 | 0.00 | — | 0.02 | Feb 10, 2015 | Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow remote attackers to have unspecified impact via vectors related to (1) the unmap function in list.c or (2) "two additional unconfirmed use-after-free complaints made by Coverity scan." NOTE: some of these… | |||
| CVE-2015-1382 | 0.00 | — | 0.03 | Feb 3, 2015 | parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header. | |||
| CVE-2015-1381 | 0.00 | — | 0.03 | Feb 3, 2015 | Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors. | |||
| CVE-2015-1380 | 0.00 | — | 0.03 | Feb 3, 2015 | jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body. | |||
| CVE-2015-1201 | 0.00 | — | 0.01 | Jan 20, 2015 | Privoxy before 3.0.22 allows remote attackers to cause a denial of service (file descriptor consumption) via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||
| CVE-2015-1030 | 0.00 | — | 0.02 | Jan 20, 2015 | Memory leak in the rfc2553_connect_to function in jbsocket.c in Privoxy before 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests that are rejected because the socket limit is reached. |
- CVE-2021-20273Mar 9, 2021risk 0.00cvss —epss 0.02
A flaw was found in privoxy before 3.0.32. A crash can occur via a crafted CGI request if Privoxy is toggled off.
- CVE-2021-20272Mar 9, 2021risk 0.00cvss —epss 0.02
A flaw was found in privoxy before 3.0.32. An assertion failure could be triggered with a crafted CGI request leading to server crash.
- CVE-2019-3699Jan 24, 2020risk 0.00cvss —epss 0.00
UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of privoxy on openSUSE Leap 15.1, Factory allows local attackers to escalate from user privoxy to root. This issue affects: openSUSE Leap 15.1 privoxy version 3.0.28-lp151.1.1 and prior versions. openSUSE…
- CVE-2015-1031Feb 10, 2015risk 0.00cvss —epss 0.02
Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow remote attackers to have unspecified impact via vectors related to (1) the unmap function in list.c or (2) "two additional unconfirmed use-after-free complaints made by Coverity scan." NOTE: some of these…
- CVE-2015-1382Feb 3, 2015risk 0.00cvss —epss 0.03
parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header.
- CVE-2015-1381Feb 3, 2015risk 0.00cvss —epss 0.03
Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors.
- CVE-2015-1380Feb 3, 2015risk 0.00cvss —epss 0.03
jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body.
- CVE-2015-1201Jan 20, 2015risk 0.00cvss —epss 0.01
Privoxy before 3.0.22 allows remote attackers to cause a denial of service (file descriptor consumption) via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
- CVE-2015-1030Jan 20, 2015risk 0.00cvss —epss 0.02
Memory leak in the rfc2553_connect_to function in jbsocket.c in Privoxy before 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests that are rejected because the socket limit is reached.
Page 2 of 2