Privoxy
Products
1- 29 CVEs
Recent CVEs
29| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-1983 | Hig | 0.49 | 7.5 | 0.03 | Jan 27, 2016 | The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header. | ||
| CVE-2016-1982 | Hig | 0.49 | 7.5 | 0.03 | Jan 27, 2016 | The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content. | ||
| CVE-2013-2503 | 0.03 | — | 0.05 | Mar 11, 2013 | Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code. | |||
| CVE-2021-44543 | 0.00 | — | 0.01 | Dec 23, 2021 | An XSS vulnerability was found in Privoxy which was fixed in cgi_error_no_template() by encode the template name when Privoxy is configured to servce the user-manual itself. | |||
| CVE-2021-44542 | 0.00 | — | 0.01 | Dec 23, 2021 | A memory leak vulnerability was found in Privoxy when handling errors. | |||
| CVE-2021-44541 | 0.00 | — | 0.01 | Dec 23, 2021 | A vulnerability was found in Privoxy which was fixed in process_encrypted_request_headers() by freeing header memory when failing to get the request destination. | |||
| CVE-2021-44540 | 0.00 | — | 0.01 | Dec 23, 2021 | A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by freeing memory of compiled pattern spec before bailing. | |||
| CVE-2021-20209 | 0.00 | — | 0.02 | May 25, 2021 | A memory leak vulnerability was found in Privoxy before 3.0.29 in the show-status CGI handler when no action files are configured. | |||
| CVE-2021-20217 | 0.00 | — | 0.01 | Mar 25, 2021 | A flaw was found in Privoxy in versions before 3.0.31. An assertion failure triggered by a crafted CGI request may lead to denial of service. The highest threat from this vulnerability is to system availability. | |||
| CVE-2021-20216 | 0.00 | — | 0.02 | Mar 25, 2021 | A flaw was found in Privoxy in versions before 3.0.31. A memory leak that occurs when decompression fails unexpectedly may lead to a denial of service. The highest threat from this vulnerability is to system availability. | |||
| CVE-2021-20215 | 0.00 | — | 0.02 | Mar 25, 2021 | A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the show-status CGI handler when memory allocations fail can lead to a system crash. | |||
| CVE-2021-20214 | 0.00 | — | 0.02 | Mar 25, 2021 | A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the client-tags CGI handler when client tags are configured and memory allocations fail can lead to a system crash. | |||
| CVE-2021-20213 | 0.00 | — | 0.02 | Mar 25, 2021 | A flaw was found in Privoxy in versions before 3.0.29. Dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header and a memory allocation failed. | |||
| CVE-2021-20212 | 0.00 | — | 0.02 | Mar 25, 2021 | A flaw was found in Privoxy in versions before 3.0.29. Memory leak if multiple filters are executed and the last one is skipped due to a pcre error leading to a system crash. | |||
| CVE-2021-20211 | 0.00 | — | 0.02 | Mar 25, 2021 | A flaw was found in Privoxy in versions before 3.0.29. Memory leak when client tags are active can cause a system crash. | |||
| CVE-2021-20210 | 0.00 | — | 0.02 | Mar 25, 2021 | A flaw was found in Privoxy in versions before 3.0.29. Memory leak in the show-status CGI handler when no filter files are configured can lead to a system crash. | |||
| CVE-2020-35502 | 0.00 | — | 0.02 | Mar 25, 2021 | A flaw was found in Privoxy in versions before 3.0.29. Memory leaks when a response is buffered and the buffer limit is reached or Privoxy is running out of memory can lead to a system crash. | |||
| CVE-2021-20276 | 0.00 | — | 0.02 | Mar 9, 2021 | A flaw was found in privoxy before 3.0.32. Invalid memory access with an invalid pattern passed to pcre_compile() may lead to denial of service. | |||
| CVE-2021-20275 | 0.00 | — | 0.02 | Mar 9, 2021 | A flaw was found in privoxy before 3.0.32. A invalid read of size two may occur in chunked_body_is_complete() leading to denial of service. | |||
| CVE-2021-20274 | 0.00 | — | 0.02 | Mar 9, 2021 | A flaw was found in privoxy before 3.0.32. A crash may occur due a NULL-pointer dereference when the socks server misbehaves. |
- risk 0.49cvss 7.5epss 0.03
The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header.
- risk 0.49cvss 7.5epss 0.03
The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content.
- CVE-2013-2503Mar 11, 2013risk 0.03cvss —epss 0.05
Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code.
- CVE-2021-44543Dec 23, 2021risk 0.00cvss —epss 0.01
An XSS vulnerability was found in Privoxy which was fixed in cgi_error_no_template() by encode the template name when Privoxy is configured to servce the user-manual itself.
- CVE-2021-44542Dec 23, 2021risk 0.00cvss —epss 0.01
A memory leak vulnerability was found in Privoxy when handling errors.
- CVE-2021-44541Dec 23, 2021risk 0.00cvss —epss 0.01
A vulnerability was found in Privoxy which was fixed in process_encrypted_request_headers() by freeing header memory when failing to get the request destination.
- CVE-2021-44540Dec 23, 2021risk 0.00cvss —epss 0.01
A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by freeing memory of compiled pattern spec before bailing.
- CVE-2021-20209May 25, 2021risk 0.00cvss —epss 0.02
A memory leak vulnerability was found in Privoxy before 3.0.29 in the show-status CGI handler when no action files are configured.
- CVE-2021-20217Mar 25, 2021risk 0.00cvss —epss 0.01
A flaw was found in Privoxy in versions before 3.0.31. An assertion failure triggered by a crafted CGI request may lead to denial of service. The highest threat from this vulnerability is to system availability.
- CVE-2021-20216Mar 25, 2021risk 0.00cvss —epss 0.02
A flaw was found in Privoxy in versions before 3.0.31. A memory leak that occurs when decompression fails unexpectedly may lead to a denial of service. The highest threat from this vulnerability is to system availability.
- CVE-2021-20215Mar 25, 2021risk 0.00cvss —epss 0.02
A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the show-status CGI handler when memory allocations fail can lead to a system crash.
- CVE-2021-20214Mar 25, 2021risk 0.00cvss —epss 0.02
A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the client-tags CGI handler when client tags are configured and memory allocations fail can lead to a system crash.
- CVE-2021-20213Mar 25, 2021risk 0.00cvss —epss 0.02
A flaw was found in Privoxy in versions before 3.0.29. Dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header and a memory allocation failed.
- CVE-2021-20212Mar 25, 2021risk 0.00cvss —epss 0.02
A flaw was found in Privoxy in versions before 3.0.29. Memory leak if multiple filters are executed and the last one is skipped due to a pcre error leading to a system crash.
- CVE-2021-20211Mar 25, 2021risk 0.00cvss —epss 0.02
A flaw was found in Privoxy in versions before 3.0.29. Memory leak when client tags are active can cause a system crash.
- CVE-2021-20210Mar 25, 2021risk 0.00cvss —epss 0.02
A flaw was found in Privoxy in versions before 3.0.29. Memory leak in the show-status CGI handler when no filter files are configured can lead to a system crash.
- CVE-2020-35502Mar 25, 2021risk 0.00cvss —epss 0.02
A flaw was found in Privoxy in versions before 3.0.29. Memory leaks when a response is buffered and the buffer limit is reached or Privoxy is running out of memory can lead to a system crash.
- CVE-2021-20276Mar 9, 2021risk 0.00cvss —epss 0.02
A flaw was found in privoxy before 3.0.32. Invalid memory access with an invalid pattern passed to pcre_compile() may lead to denial of service.
- CVE-2021-20275Mar 9, 2021risk 0.00cvss —epss 0.02
A flaw was found in privoxy before 3.0.32. A invalid read of size two may occur in chunked_body_is_complete() leading to denial of service.
- CVE-2021-20274Mar 9, 2021risk 0.00cvss —epss 0.02
A flaw was found in privoxy before 3.0.32. A crash may occur due a NULL-pointer dereference when the socks server misbehaves.