Privoxy : Security Vulnerabilities, CVEs,
An XSS vulnerability was found in Privoxy which was fixed in cgi_error_no_template() by encode the template name when Privoxy is configured to servce the user-manual itself.
Max CVSS
6.1
EPSS Score
0.08%
Published
2021-12-23
Updated
2021-12-29
A memory leak vulnerability was found in Privoxy when handling errors.
Max CVSS
7.5
EPSS Score
0.10%
Published
2021-12-23
Updated
2021-12-29
A vulnerability was found in Privoxy which was fixed in process_encrypted_request_headers() by freeing header memory when failing to get the request destination.
Max CVSS
7.5
EPSS Score
0.10%
Published
2021-12-23
Updated
2022-01-03
A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by freeing memory of compiled pattern spec before bailing.
Max CVSS
7.5
EPSS Score
0.10%
Published
2021-12-23
Updated
2022-01-06
A flaw was found in privoxy before 3.0.32. Invalid memory access with an invalid pattern passed to pcre_compile() may lead to denial of service.
Max CVSS
7.5
EPSS Score
0.15%
Published
2021-03-09
Updated
2022-08-05
A flaw was found in privoxy before 3.0.32. A invalid read of size two may occur in chunked_body_is_complete() leading to denial of service.
Max CVSS
7.5
EPSS Score
0.17%
Published
2021-03-09
Updated
2022-08-05
A flaw was found in privoxy before 3.0.32. A crash may occur due a NULL-pointer dereference when the socks server misbehaves.
Max CVSS
7.5
EPSS Score
0.18%
Published
2021-03-09
Updated
2021-12-14
A flaw was found in privoxy before 3.0.32. A crash can occur via a crafted CGI request if Privoxy is toggled off.
Max CVSS
7.5
EPSS Score
0.32%
Published
2021-03-09
Updated
2021-12-08
A flaw was found in privoxy before 3.0.32. An assertion failure could be triggered with a crafted CGI request leading to server crash.
Max CVSS
7.5
EPSS Score
0.82%
Published
2021-03-09
Updated
2021-12-07
A flaw was found in Privoxy in versions before 3.0.31. An assertion failure triggered by a crafted CGI request may lead to denial of service. The highest threat from this vulnerability is to system availability.
Max CVSS
7.8
EPSS Score
0.11%
Published
2021-03-25
Updated
2021-12-14
A flaw was found in Privoxy in versions before 3.0.31. A memory leak that occurs when decompression fails unexpectedly may lead to a denial of service. The highest threat from this vulnerability is to system availability.
Max CVSS
7.8
EPSS Score
0.23%
Published
2021-03-25
Updated
2022-08-05
A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the show-status CGI handler when memory allocations fail can lead to a system crash.
Max CVSS
7.8
EPSS Score
0.16%
Published
2021-03-25
Updated
2021-12-14
A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the client-tags CGI handler when client tags are configured and memory allocations fail can lead to a system crash.
Max CVSS
7.8
EPSS Score
0.16%
Published
2021-03-25
Updated
2021-12-14
A flaw was found in Privoxy in versions before 3.0.29. Dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header and a memory allocation failed.
Max CVSS
7.5
EPSS Score
0.16%
Published
2021-03-25
Updated
2021-12-14
A flaw was found in Privoxy in versions before 3.0.29. Memory leak if multiple filters are executed and the last one is skipped due to a pcre error leading to a system crash.
Max CVSS
7.8
EPSS Score
0.18%
Published
2021-03-25
Updated
2021-12-14
A flaw was found in Privoxy in versions before 3.0.29. Memory leak when client tags are active can cause a system crash.
Max CVSS
7.8
EPSS Score
0.18%
Published
2021-03-25
Updated
2021-12-14
A flaw was found in Privoxy in versions before 3.0.29. Memory leak in the show-status CGI handler when no filter files are configured can lead to a system crash.
Max CVSS
7.8
EPSS Score
0.18%
Published
2021-03-25
Updated
2021-12-10
A memory leak vulnerability was found in Privoxy before 3.0.29 in the show-status CGI handler when no action files are configured.
Max CVSS
7.5
EPSS Score
0.23%
Published
2021-05-25
Updated
2021-12-14
A flaw was found in Privoxy in versions before 3.0.29. Memory leaks when a response is buffered and the buffer limit is reached or Privoxy is running out of memory can lead to a system crash.
Max CVSS
7.8
EPSS Score
0.18%
Published
2021-03-25
Updated
2021-12-10
UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of privoxy on openSUSE Leap 15.1, Factory allows local attackers to escalate from user privoxy to root. This issue affects: openSUSE Leap 15.1 privoxy version 3.0.28-lp151.1.1 and prior versions. openSUSE Factory privoxy version 3.0.28-2.1 and prior versions.
Max CVSS
7.8
EPSS Score
0.04%
Published
2020-01-24
Updated
2021-09-14
The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header.
Max CVSS
7.5
EPSS Score
3.05%
Published
2016-01-27
Updated
2016-12-06
The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content.
Max CVSS
7.5
EPSS Score
2.56%
Published
2016-01-27
Updated
2016-12-06
parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header.
Max CVSS
5.0
EPSS Score
3.19%
Published
2015-02-03
Updated
2018-10-30
Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors.
Max CVSS
5.0
EPSS Score
6.61%
Published
2015-02-03
Updated
2018-10-30
jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body.
Max CVSS
5.0
EPSS Score
1.85%
Published
2015-02-03
Updated
2018-10-30