Summary
| Detail | |||
|---|---|---|---|
| Vendor | Privoxy | First view | 2013-03-11 |
| Product | Privoxy | Last view | 2021-12-23 |
| Version | 3.0.19 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:privoxy:privoxy | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 6.1 | 2021-12-23 | CVE-2021-44543 | An XSS vulnerability was found in Privoxy which was fixed in cgi_error_no_template() by encode the template name when Privoxy is configured to servce the user-manual itself. |
| 7.5 | 2021-12-23 | CVE-2021-44542 | A memory leak vulnerability was found in Privoxy when handling errors. |
| 7.5 | 2021-12-23 | CVE-2021-44541 | A vulnerability was found in Privoxy which was fixed in process_encrypted_request_headers() by freeing header memory when failing to get the request destination. |
| 7.5 | 2021-12-23 | CVE-2021-44540 | A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by freeing memory of compiled pattern spec before bailing. |
| 7.5 | 2021-05-25 | CVE-2021-20209 | A memory leak vulnerability was found in Privoxy before 3.0.29 in the show-status CGI handler when no action files are configured. |
| 7.5 | 2021-03-25 | CVE-2021-20217 | A flaw was found in Privoxy in versions before 3.0.31. An assertion failure triggered by a crafted CGI request may lead to denial of service. The highest threat from this vulnerability is to system availability. |
| 7.5 | 2021-03-25 | CVE-2021-20216 | A flaw was found in Privoxy in versions before 3.0.31. A memory leak that occurs when decompression fails unexpectedly may lead to a denial of service. The highest threat from this vulnerability is to system availability. |
| 7.5 | 2021-03-25 | CVE-2021-20215 | A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the show-status CGI handler when memory allocations fail can lead to a system crash. |
| 7.5 | 2021-03-25 | CVE-2021-20214 | A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the client-tags CGI handler when client tags are configured and memory allocations fail can lead to a system crash. |
| 7.5 | 2021-03-25 | CVE-2021-20213 | A flaw was found in Privoxy in versions before 3.0.29. Dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header and a memory allocation failed. |
| 7.5 | 2021-03-25 | CVE-2021-20212 | A flaw was found in Privoxy in versions before 3.0.29. Memory leak if multiple filters are executed and the last one is skipped due to a pcre error leading to a system crash. |
| 7.5 | 2021-03-25 | CVE-2021-20211 | A flaw was found in Privoxy in versions before 3.0.29. Memory leak when client tags are active can cause a system crash. |
| 7.5 | 2021-03-25 | CVE-2021-20210 | A flaw was found in Privoxy in versions before 3.0.29. Memory leak in the show-status CGI handler when no filter files are configured can lead to a system crash. |
| 7.5 | 2021-03-25 | CVE-2020-35502 | A flaw was found in Privoxy in versions before 3.0.29. Memory leaks when a response is buffered and the buffer limit is reached or Privoxy is running out of memory can lead to a system crash. |
| 7.5 | 2021-03-09 | CVE-2021-20276 | A flaw was found in privoxy before 3.0.32. Invalid memory access with an invalid pattern passed to pcre_compile() may lead to denial of service. |
| 7.5 | 2021-03-09 | CVE-2021-20275 | A flaw was found in privoxy before 3.0.32. A invalid read of size two may occur in chunked_body_is_complete() leading to denial of service. |
| 7.5 | 2021-03-09 | CVE-2021-20274 | A flaw was found in privoxy before 3.0.32. A crash may occur due a NULL-pointer dereference when the socks server misbehaves. |
| 7.5 | 2021-03-09 | CVE-2021-20273 | A flaw was found in privoxy before 3.0.32. A crash can occur via a crafted CGI request if Privoxy is toggled off. |
| 7.5 | 2021-03-09 | CVE-2021-20272 | A flaw was found in privoxy before 3.0.32. An assertion failure could be triggered with a crafted CGI request leading to server crash. |
| 7.8 | 2020-01-24 | CVE-2019-3699 | UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of privoxy on openSUSE Leap 15.1, Factory allows local attackers to escalate from user privoxy to root. This issue affects: openSUSE Leap 15.1 privoxy version 3.0.28-lp151.1.1 and prior versions. openSUSE Factory privoxy version 3.0.28-2.1 and prior versions. |
| 7.5 | 2016-01-27 | CVE-2016-1983 | The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header. |
| 7.5 | 2016-01-27 | CVE-2016-1982 | The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content. |
| 7.5 | 2015-02-10 | CVE-2015-1031 | Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow remote attackers to have unspecified impact via vectors related to (1) the unmap function in list.c or (2) "two additional unconfirmed use-after-free complaints made by Coverity scan." NOTE: some of these details are obtained from third party information. |
| 5 | 2015-02-03 | CVE-2015-1382 | parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header. |
| 5 | 2015-02-03 | CVE-2015-1381 | Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 50% (5) | CWE-20 | Improper Input Validation |
| 20% (2) | CWE-401 | Failure to Release Memory Before Removing Last Reference ('Memory L... |
| 20% (2) | CWE-399 | Resource Management Errors |
| 10% (1) | CWE-125 | Out-of-bounds Read |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2016-03-11 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2016-663.nasl - Type: ACT_GATHER_INFO |
| 2016-03-04 | Name: The remote Fedora host is missing a security update. File: fedora_2016-bc7acd24c6.nasl - Type: ACT_GATHER_INFO |
| 2016-03-04 | Name: The remote Fedora host is missing a security update. File: fedora_2016-29995fbd42.nasl - Type: ACT_GATHER_INFO |
| 2016-02-03 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2016-132.nasl - Type: ACT_GATHER_INFO |
| 2016-02-03 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2016-130.nasl - Type: ACT_GATHER_INFO |
| 2016-02-01 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3460.nasl - Type: ACT_GATHER_INFO |
| 2016-01-26 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_d9e1b569c3d811e5b5fe002590263bf5.nasl - Type: ACT_GATHER_INFO |
| 2016-01-26 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_ad82b0e9c3d611e5b5fe002590263bf5.nasl - Type: ACT_GATHER_INFO |
| 2016-01-26 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_a763a0e7c3d911e5b5fe002590263bf5.nasl - Type: ACT_GATHER_INFO |
| 2016-01-26 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_89d4ed09c3d711e5b5fe002590263bf5.nasl - Type: ACT_GATHER_INFO |
| 2016-01-25 | Name: The remote Debian host is missing a security update. File: debian_DLA-398.nasl - Type: ACT_GATHER_INFO |
| 2015-03-26 | Name: The remote Debian host is missing a security update. File: debian_DLA-142.nasl - Type: ACT_GATHER_INFO |
| 2015-02-25 | Name: The remote web proxy is affected by multiple denial of service vulnerabilities. File: privoxy_3_0_23.nasl - Type: ACT_GATHER_INFO |
| 2015-02-09 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2015-115.nasl - Type: ACT_GATHER_INFO |
| 2015-02-02 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3145.nasl - Type: ACT_GATHER_INFO |
| 2015-01-29 | Name: The remote web proxy is affected by multiple vulnerabilities. File: privoxy_3_0_22.nasl - Type: ACT_GATHER_INFO |
| 2015-01-21 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3133.nasl - Type: ACT_GATHER_INFO |
| 2014-06-13 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2013-242.nasl - Type: ACT_GATHER_INFO |
| 2013-04-12 | Name: The remote web proxy is affected by multiple information disclosure vulnerabi... File: privoxy_3_0_21.nasl - Type: ACT_GATHER_INFO |
| 2013-03-22 | Name: The remote Fedora host is missing a security update. File: fedora_2013-3753.nasl - Type: ACT_GATHER_INFO |
| 2013-03-22 | Name: The remote Fedora host is missing a security update. File: fedora_2013-3756.nasl - Type: ACT_GATHER_INFO |
