Vulnerabilites related to privoxy - privoxy
cve-2021-44542
Vulnerability from cvelistv5
Published
2021-12-23 19:48
Modified
2024-08-04 04:25
Severity ?
EPSS score ?
Summary
A memory leak vulnerability was found in Privoxy when handling errors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2C | x_refsource_MISC | |
| https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=c48d1d6d08 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:25:16.827Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2C", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=c48d1d6d08", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Privoxy", vendor: "n/a", versions: [ { status: "affected", version: "Privoxy 3.0.33", }, ], }, ], descriptions: [ { lang: "en", value: "A memory leak vulnerability was found in Privoxy when handling errors.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-401", description: "CWE-401", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-23T19:48:43", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2C", }, { tags: [ "x_refsource_MISC", ], url: "https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=c48d1d6d08", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2021-44542", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Privoxy", version: { version_data: [ { version_value: "Privoxy 3.0.33", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A memory leak vulnerability was found in Privoxy when handling errors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-401", }, ], }, ], }, references: { reference_data: [ { name: "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html,", refsource: "MISC", url: "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html,", }, { name: "https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=c48d1d6d08", refsource: "MISC", url: "https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=c48d1d6d08", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2021-44542", datePublished: "2021-12-23T19:48:43", dateReserved: "2021-12-03T00:00:00", dateUpdated: "2024-08-04T04:25:16.827Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-44541
Vulnerability from cvelistv5
Published
2021-12-23 19:48
Modified
2024-08-04 04:25
Severity ?
EPSS score ?
Summary
A vulnerability was found in Privoxy which was fixed in process_encrypted_request_headers() by freeing header memory when failing to get the request destination.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2C | x_refsource_MISC | |
| https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=652b4b7cb0 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:25:16.504Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2C", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=652b4b7cb0", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Privoxy", vendor: "n/a", versions: [ { status: "affected", version: "Privoxy 3.0.33", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in Privoxy which was fixed in process_encrypted_request_headers() by freeing header memory when failing to get the request destination.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-401", description: "CWE-401", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-23T19:48:42", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2C", }, { tags: [ "x_refsource_MISC", ], url: "https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=652b4b7cb0", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2021-44541", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Privoxy", version: { version_data: [ { version_value: "Privoxy 3.0.33", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability was found in Privoxy which was fixed in process_encrypted_request_headers() by freeing header memory when failing to get the request destination.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-401", }, ], }, ], }, references: { reference_data: [ { name: "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html,", refsource: "MISC", url: "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html,", }, { name: "https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=652b4b7cb0", refsource: "MISC", url: "https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=652b4b7cb0", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2021-44541", datePublished: "2021-12-23T19:48:42", dateReserved: "2021-12-03T00:00:00", dateUpdated: "2024-08-04T04:25:16.504Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20211
Vulnerability from cvelistv5
Published
2021-03-25 18:57
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
A flaw was found in Privoxy in versions before 3.0.29. Memory leak when client tags are active can cause a system crash.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.privoxy.org/3.0.29/user-manual/whatsnew.html | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1928733 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202107-16 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:30:07.596Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1928733", }, { name: "GLSA-202107-16", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202107-16", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "privoxy", vendor: "n/a", versions: [ { status: "affected", version: "Privoxy 3.0.29", }, ], }, ], descriptions: [ { lang: "en", value: "A flaw was found in Privoxy in versions before 3.0.29. Memory leak when client tags are active can cause a system crash.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-401", description: "CWE-401", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-08T06:06:56", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1928733", }, { name: "GLSA-202107-16", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202107-16", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2021-20211", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "privoxy", version: { version_data: [ { version_value: "Privoxy 3.0.29", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A flaw was found in Privoxy in versions before 3.0.29. Memory leak when client tags are active can cause a system crash.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-401", }, ], }, ], }, references: { reference_data: [ { name: "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html", refsource: "MISC", url: "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1928733", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1928733", }, { name: "GLSA-202107-16", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202107-16", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2021-20211", datePublished: "2021-03-25T18:57:08", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:30:07.596Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20213
Vulnerability from cvelistv5
Published
2021-03-25 18:57
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
A flaw was found in Privoxy in versions before 3.0.29. Dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header and a memory allocation failed.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.privoxy.org/3.0.29/user-manual/whatsnew.html | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1928739 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202107-16 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:30:07.645Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1928739", }, { name: "GLSA-202107-16", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202107-16", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "privoxy", vendor: "n/a", versions: [ { status: "affected", version: "Privoxy 3.0.29", }, ], }, ], descriptions: [ { lang: "en", value: "A flaw was found in Privoxy in versions before 3.0.29. Dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header and a memory allocation failed.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-08T06:06:49", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1928739", }, { name: "GLSA-202107-16", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202107-16", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2021-20213", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "privoxy", version: { version_data: [ { version_value: "Privoxy 3.0.29", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A flaw was found in Privoxy in versions before 3.0.29. Dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header and a memory allocation failed.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-476", }, ], }, ], }, references: { reference_data: [ { name: "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html", refsource: "MISC", url: "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1928739", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1928739", }, { name: "GLSA-202107-16", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202107-16", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2021-20213", datePublished: "2021-03-25T18:57:26", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:30:07.645Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-1983
Vulnerability from cvelistv5
Published
2016-01-27 20:00
Modified
2024-08-05 23:17
Severity ?
EPSS score ?
Summary
The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2016/dsa-3460 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.openwall.com/lists/oss-security/2016/01/22/3 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/01/21/4 | mailing-list, x_refsource_MLIST | |
| http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.302&r2=1.303 | x_refsource_CONFIRM | |
| http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176492.html | vendor-advisory, x_refsource_FEDORA | |
| http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176475.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.privoxy.org/announce.txt | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:17:49.920Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "DSA-3460", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3460", }, { name: "[oss-security] 20160121 Re: CVE request for Privoxy 3.0.24", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/01/22/3", }, { name: "[oss-security] 20160121 CVE request for Privoxy 3.0.24", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/01/21/4", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.302&r2=1.303", }, { name: "FEDORA-2016-bc7acd24c6", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176492.html", }, { name: "FEDORA-2016-29995fbd42", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176475.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.privoxy.org/announce.txt", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-01-21T00:00:00", descriptions: [ { lang: "en", value: "The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-02T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "DSA-3460", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3460", }, { name: "[oss-security] 20160121 Re: CVE request for Privoxy 3.0.24", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/01/22/3", }, { name: "[oss-security] 20160121 CVE request for Privoxy 3.0.24", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/01/21/4", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.302&r2=1.303", }, { name: "FEDORA-2016-bc7acd24c6", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176492.html", }, { name: "FEDORA-2016-29995fbd42", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176475.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.privoxy.org/announce.txt", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-1983", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "DSA-3460", refsource: "DEBIAN", url: "http://www.debian.org/security/2016/dsa-3460", }, { name: "[oss-security] 20160121 Re: CVE request for Privoxy 3.0.24", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/01/22/3", }, { name: "[oss-security] 20160121 CVE request for Privoxy 3.0.24", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/01/21/4", }, { name: "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.302&r2=1.303", refsource: "CONFIRM", url: "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.302&r2=1.303", }, { name: "FEDORA-2016-bc7acd24c6", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176492.html", }, { name: "FEDORA-2016-29995fbd42", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176475.html", }, { name: "http://www.privoxy.org/announce.txt", refsource: "CONFIRM", url: "http://www.privoxy.org/announce.txt", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-1983", datePublished: "2016-01-27T20:00:00", dateReserved: "2016-01-21T00:00:00", dateUpdated: "2024-08-05T23:17:49.920Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-1030
Vulnerability from cvelistv5
Published
2015-01-20 15:00
Modified
2024-08-06 04:33
Severity ?
EPSS score ?
Summary
Memory leak in the rfc2553_connect_to function in jbsocket.c in Privoxy before 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests that are rejected because the socket limit is reached.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/62123 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2015/01/11/1 | mailing-list, x_refsource_MLIST | |
| http://www.privoxy.org/announce.txt | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T04:33:19.230Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "62123", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/62123", }, { name: "[oss-security] 20150110 Re: CVE Request for Privoxy Version: 3.0.22", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2015/01/11/1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.privoxy.org/announce.txt", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-01-07T00:00:00", descriptions: [ { lang: "en", value: "Memory leak in the rfc2553_connect_to function in jbsocket.c in Privoxy before 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests that are rejected because the socket limit is reached.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2015-01-20T14:57:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "62123", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/62123", }, { name: "[oss-security] 20150110 Re: CVE Request for Privoxy Version: 3.0.22", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2015/01/11/1", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.privoxy.org/announce.txt", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-1030", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Memory leak in the rfc2553_connect_to function in jbsocket.c in Privoxy before 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests that are rejected because the socket limit is reached.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "62123", refsource: "SECUNIA", url: "http://secunia.com/advisories/62123", }, { name: "[oss-security] 20150110 Re: CVE Request for Privoxy Version: 3.0.22", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2015/01/11/1", }, { name: "http://www.privoxy.org/announce.txt", refsource: "CONFIRM", url: "http://www.privoxy.org/announce.txt", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-1030", datePublished: "2015-01-20T15:00:00", dateReserved: "2015-01-10T00:00:00", dateUpdated: "2024-08-06T04:33:19.230Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20209
Vulnerability from cvelistv5
Published
2021-05-25 19:34
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
A memory leak vulnerability was found in Privoxy before 3.0.29 in the show-status CGI handler when no action files are configured.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.privoxy.org/3.0.29/user-manual/whatsnew.html | x_refsource_MISC | |
| https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=c62254a686 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1928726 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202107-16 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:30:07.426Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=c62254a686", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1928726", }, { name: "GLSA-202107-16", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202107-16", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "privoxy", vendor: "n/a", versions: [ { status: "affected", version: "before 3.0.29", }, ], }, ], descriptions: [ { lang: "en", value: "A memory leak vulnerability was found in Privoxy before 3.0.29 in the show-status CGI handler when no action files are configured.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-401", description: "CWE-401", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-08T06:06:43", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=c62254a686", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1928726", }, { name: "GLSA-202107-16", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202107-16", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2021-20209", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "privoxy", version: { version_data: [ { version_value: "before 3.0.29", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A memory leak vulnerability was found in Privoxy before 3.0.29 in the show-status CGI handler when no action files are configured.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-401", }, ], }, ], }, references: { reference_data: [ { name: "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html", refsource: "MISC", url: "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html", }, { name: "https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=c62254a686", refsource: "MISC", url: "https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=c62254a686", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1928726", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1928726", }, { name: "GLSA-202107-16", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202107-16", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2021-20209", datePublished: "2021-05-25T19:34:09", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:30:07.426Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20274
Vulnerability from cvelistv5
Published
2021-03-09 13:11
Modified
2024-08-03 17:37
Severity ?
EPSS score ?
Summary
A flaw was found in privoxy before 3.0.32. A crash may occur due a NULL-pointer dereference when the socks server misbehaves.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.privoxy.org/announce.txt | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1936662 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202107-16 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:37:23.763Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.privoxy.org/announce.txt", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1936662", }, { name: "GLSA-202107-16", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202107-16", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "privoxy", vendor: "n/a", versions: [ { status: "affected", version: "privoxy 3.0.32", }, ], }, ], descriptions: [ { lang: "en", value: "A flaw was found in privoxy before 3.0.32. A crash may occur due a NULL-pointer dereference when the socks server misbehaves.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-08T06:06:58", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.privoxy.org/announce.txt", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1936662", }, { name: "GLSA-202107-16", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202107-16", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2021-20274", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "privoxy", version: { version_data: [ { version_value: "privoxy 3.0.32", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A flaw was found in privoxy before 3.0.32. A crash may occur due a NULL-pointer dereference when the socks server misbehaves.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-476", }, ], }, ], }, references: { reference_data: [ { name: "https://www.privoxy.org/announce.txt", refsource: "MISC", url: "https://www.privoxy.org/announce.txt", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1936662", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1936662", }, { name: "GLSA-202107-16", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202107-16", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2021-20274", datePublished: "2021-03-09T13:11:46", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:37:23.763Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-1031
Vulnerability from cvelistv5
Published
2015-02-10 19:00
Modified
2024-08-06 04:33
Severity ?
EPSS score ?
Summary
Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow remote attackers to have unspecified impact via vectors related to (1) the unmap function in list.c or (2) "two additional unconfirmed use-after-free complaints made by Coverity scan." NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2015/dsa-3133 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/62123 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2015/01/11/1 | mailing-list, x_refsource_MLIST | |
| http://www.privoxy.org/announce.txt | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T04:33:19.316Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "DSA-3133", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2015/dsa-3133", }, { name: "62123", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/62123", }, { name: "[oss-security] 20150110 Re: CVE Request for Privoxy Version: 3.0.22", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2015/01/11/1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.privoxy.org/announce.txt", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-01-07T00:00:00", descriptions: [ { lang: "en", value: "Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow remote attackers to have unspecified impact via vectors related to (1) the unmap function in list.c or (2) \"two additional unconfirmed use-after-free complaints made by Coverity scan.\" NOTE: some of these details are obtained from third party information.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2015-02-19T13:57:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "DSA-3133", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2015/dsa-3133", }, { name: "62123", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/62123", }, { name: "[oss-security] 20150110 Re: CVE Request for Privoxy Version: 3.0.22", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2015/01/11/1", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.privoxy.org/announce.txt", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-1031", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow remote attackers to have unspecified impact via vectors related to (1) the unmap function in list.c or (2) \"two additional unconfirmed use-after-free complaints made by Coverity scan.\" NOTE: some of these details are obtained from third party information.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "DSA-3133", refsource: "DEBIAN", url: "http://www.debian.org/security/2015/dsa-3133", }, { name: "62123", refsource: "SECUNIA", url: "http://secunia.com/advisories/62123", }, { name: "[oss-security] 20150110 Re: CVE Request for Privoxy Version: 3.0.22", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2015/01/11/1", }, { name: "http://www.privoxy.org/announce.txt", refsource: "CONFIRM", url: "http://www.privoxy.org/announce.txt", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-1031", datePublished: "2015-02-10T19:00:00", dateReserved: "2015-01-10T00:00:00", dateUpdated: "2024-08-06T04:33:19.316Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20217
Vulnerability from cvelistv5
Published
2021-03-25 18:57
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
A flaw was found in Privoxy in versions before 3.0.31. An assertion failure triggered by a crafted CGI request may lead to denial of service. The highest threat from this vulnerability is to system availability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1923252 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202107-16 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:30:07.475Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1923252", }, { name: "GLSA-202107-16", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202107-16", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "privoxy", vendor: "n/a", versions: [ { status: "affected", version: "privoxy 3.0.31", }, ], }, ], descriptions: [ { lang: "en", value: "A flaw was found in Privoxy in versions before 3.0.31. An assertion failure triggered by a crafted CGI request may lead to denial of service. The highest threat from this vulnerability is to system availability.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-617", description: "CWE-617", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-08T06:07:05", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1923252", }, { name: "GLSA-202107-16", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202107-16", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2021-20217", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "privoxy", version: { version_data: [ { version_value: "privoxy 3.0.31", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A flaw was found in Privoxy in versions before 3.0.31. An assertion failure triggered by a crafted CGI request may lead to denial of service. The highest threat from this vulnerability is to system availability.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-617", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1923252", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1923252", }, { name: "GLSA-202107-16", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202107-16", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2021-20217", datePublished: "2021-03-25T18:57:55", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:30:07.475Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20212
Vulnerability from cvelistv5
Published
2021-03-25 18:57
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
A flaw was found in Privoxy in versions before 3.0.29. Memory leak if multiple filters are executed and the last one is skipped due to a pcre error leading to a system crash.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.privoxy.org/3.0.29/user-manual/whatsnew.html | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1928736 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202107-16 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:30:07.442Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1928736", }, { name: "GLSA-202107-16", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202107-16", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "privoxy", vendor: "n/a", versions: [ { status: "affected", version: "Privoxy 3.0.29", }, ], }, ], descriptions: [ { lang: "en", value: "A flaw was found in Privoxy in versions before 3.0.29. Memory leak if multiple filters are executed and the last one is skipped due to a pcre error leading to a system crash.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-401", description: "CWE-401", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-08T06:06:41", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1928736", }, { name: "GLSA-202107-16", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202107-16", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2021-20212", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "privoxy", version: { version_data: [ { version_value: "Privoxy 3.0.29", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A flaw was found in Privoxy in versions before 3.0.29. Memory leak if multiple filters are executed and the last one is skipped due to a pcre error leading to a system crash.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-401", }, ], }, ], }, references: { reference_data: [ { name: "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html", refsource: "MISC", url: "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1928736", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1928736", }, { name: "GLSA-202107-16", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202107-16", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2021-20212", datePublished: "2021-03-25T18:57:16", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:30:07.442Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-44543
Vulnerability from cvelistv5
Published
2021-12-23 19:48
Modified
2024-08-04 04:25
Severity ?
EPSS score ?
Summary
An XSS vulnerability was found in Privoxy which was fixed in cgi_error_no_template() by encode the template name when Privoxy is configured to servce the user-manual itself.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2C | x_refsource_MISC | |
| https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=0e668e9409c | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:25:16.806Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2C", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=0e668e9409c", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "privoxy", vendor: "n/a", versions: [ { status: "affected", version: "Privoxy 3.0.33", }, ], }, ], descriptions: [ { lang: "en", value: "An XSS vulnerability was found in Privoxy which was fixed in cgi_error_no_template() by encode the template name when Privoxy is configured to servce the user-manual itself.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-23T19:48:44", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2C", }, { tags: [ "x_refsource_MISC", ], url: "https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=0e668e9409c", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2021-44543", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "privoxy", version: { version_data: [ { version_value: "Privoxy 3.0.33", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An XSS vulnerability was found in Privoxy which was fixed in cgi_error_no_template() by encode the template name when Privoxy is configured to servce the user-manual itself.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-79", }, ], }, ], }, references: { reference_data: [ { name: "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html,", refsource: "MISC", url: "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html,", }, { name: "https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=0e668e9409c", refsource: "MISC", url: "https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=0e668e9409c", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2021-44543", datePublished: "2021-12-23T19:48:44", dateReserved: "2021-12-03T00:00:00", dateUpdated: "2024-08-04T04:25:16.806Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20214
Vulnerability from cvelistv5
Published
2021-03-25 18:57
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the client-tags CGI handler when client tags are configured and memory allocations fail can lead to a system crash.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.privoxy.org/3.0.29/user-manual/whatsnew.html | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1928742 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202107-16 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:30:07.500Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1928742", }, { name: "GLSA-202107-16", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202107-16", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "privoxy", vendor: "n/a", versions: [ { status: "affected", version: "Privoxy 3.0.29", }, ], }, ], descriptions: [ { lang: "en", value: "A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the client-tags CGI handler when client tags are configured and memory allocations fail can lead to a system crash.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-401", description: "CWE-401", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-08T06:06:36", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1928742", }, { name: "GLSA-202107-16", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202107-16", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2021-20214", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "privoxy", version: { version_data: [ { version_value: "Privoxy 3.0.29", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the client-tags CGI handler when client tags are configured and memory allocations fail can lead to a system crash.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-401", }, ], }, ], }, references: { reference_data: [ { name: "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html", refsource: "MISC", url: "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1928742", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1928742", }, { name: "GLSA-202107-16", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202107-16", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2021-20214", datePublished: "2021-03-25T18:57:34", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:30:07.500Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-1201
Vulnerability from cvelistv5
Published
2015-01-20 15:00
Modified
2024-09-16 19:40
Severity ?
EPSS score ?
Summary
Privoxy before 3.0.22 allows remote attackers to cause a denial of service (file descriptor consumption) via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/62123 | third-party-advisory, x_refsource_SECUNIA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T04:33:20.822Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "62123", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/62123", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Privoxy before 3.0.22 allows remote attackers to cause a denial of service (file descriptor consumption) via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2015-01-20T15:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "62123", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/62123", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-1201", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Privoxy before 3.0.22 allows remote attackers to cause a denial of service (file descriptor consumption) via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "62123", refsource: "SECUNIA", url: "http://secunia.com/advisories/62123", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-1201", datePublished: "2015-01-20T15:00:00Z", dateReserved: "2015-01-20T00:00:00Z", dateUpdated: "2024-09-16T19:40:41.345Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20210
Vulnerability from cvelistv5
Published
2021-03-25 18:57
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
A flaw was found in Privoxy in versions before 3.0.29. Memory leak in the show-status CGI handler when no filter files are configured can lead to a system crash.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.privoxy.org/3.0.29/user-manual/whatsnew.html | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1928729 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202107-16 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:30:07.406Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1928729", }, { name: "GLSA-202107-16", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202107-16", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "privoxy", vendor: "n/a", versions: [ { status: "affected", version: "Privoxy 3.0.29", }, ], }, ], descriptions: [ { lang: "en", value: "A flaw was found in Privoxy in versions before 3.0.29. Memory leak in the show-status CGI handler when no filter files are configured can lead to a system crash.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-401", description: "CWE-401", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-08T06:06:54", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1928729", }, { name: "GLSA-202107-16", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202107-16", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2021-20210", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "privoxy", version: { version_data: [ { version_value: "Privoxy 3.0.29", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A flaw was found in Privoxy in versions before 3.0.29. Memory leak in the show-status CGI handler when no filter files are configured can lead to a system crash.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-401", }, ], }, ], }, references: { reference_data: [ { name: "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html", refsource: "MISC", url: "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1928729", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1928729", }, { name: "GLSA-202107-16", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202107-16", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2021-20210", datePublished: "2021-03-25T18:57:02", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:30:07.406Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-1982
Vulnerability from cvelistv5
Published
2016-01-27 20:00
Modified
2024-08-05 23:17
Severity ?
EPSS score ?
Summary
The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2016/dsa-3460 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.openwall.com/lists/oss-security/2016/01/22/3 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/01/21/4 | mailing-list, x_refsource_MLIST | |
| http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176492.html | vendor-advisory, x_refsource_FEDORA | |
| http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176475.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.privoxy.org/announce.txt | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:17:50.331Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "DSA-3460", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3460", }, { name: "[oss-security] 20160121 Re: CVE request for Privoxy 3.0.24", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/01/22/3", }, { name: "[oss-security] 20160121 CVE request for Privoxy 3.0.24", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/01/21/4", }, { name: "FEDORA-2016-bc7acd24c6", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176492.html", }, { name: "FEDORA-2016-29995fbd42", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176475.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.privoxy.org/announce.txt", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-01-21T00:00:00", descriptions: [ { lang: "en", value: "The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-02T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "DSA-3460", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3460", }, { name: "[oss-security] 20160121 Re: CVE request for Privoxy 3.0.24", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/01/22/3", }, { name: "[oss-security] 20160121 CVE request for Privoxy 3.0.24", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/01/21/4", }, { name: "FEDORA-2016-bc7acd24c6", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176492.html", }, { name: "FEDORA-2016-29995fbd42", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176475.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.privoxy.org/announce.txt", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-1982", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "DSA-3460", refsource: "DEBIAN", url: "http://www.debian.org/security/2016/dsa-3460", }, { name: "[oss-security] 20160121 Re: CVE request for Privoxy 3.0.24", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/01/22/3", }, { name: "[oss-security] 20160121 CVE request for Privoxy 3.0.24", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/01/21/4", }, { name: "FEDORA-2016-bc7acd24c6", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176492.html", }, { name: "FEDORA-2016-29995fbd42", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176475.html", }, { name: "http://www.privoxy.org/announce.txt", refsource: "CONFIRM", url: "http://www.privoxy.org/announce.txt", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-1982", datePublished: "2016-01-27T20:00:00", dateReserved: "2016-01-21T00:00:00", dateUpdated: "2024-08-05T23:17:50.331Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20275
Vulnerability from cvelistv5
Published
2021-03-09 13:12
Modified
2024-08-03 17:37
Severity ?
EPSS score ?
Summary
A flaw was found in privoxy before 3.0.32. A invalid read of size two may occur in chunked_body_is_complete() leading to denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.privoxy.org/announce.txt | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1936666 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/202107-16 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:37:23.667Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.privoxy.org/announce.txt", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1936666", }, { name: "[debian-lts-announce] 20210309 [SECURITY] [DLA 2587-1] privoxy security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html", }, { name: "GLSA-202107-16", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202107-16", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "privoxy", vendor: "n/a", versions: [ { status: "affected", version: "privoxy 3.0.32", }, ], }, ], descriptions: [ { lang: "en", value: "A flaw was found in privoxy before 3.0.32. A invalid read of size two may occur in chunked_body_is_complete() leading to denial of service.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-08T06:07:03", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.privoxy.org/announce.txt", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1936666", }, { name: "[debian-lts-announce] 20210309 [SECURITY] [DLA 2587-1] privoxy security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html", }, { name: "GLSA-202107-16", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202107-16", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2021-20275", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "privoxy", version: { version_data: [ { version_value: "privoxy 3.0.32", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A flaw was found in privoxy before 3.0.32. A invalid read of size two may occur in chunked_body_is_complete() leading to denial of service.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-119", }, ], }, ], }, references: { reference_data: [ { name: "https://www.privoxy.org/announce.txt", refsource: "MISC", url: "https://www.privoxy.org/announce.txt", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1936666", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1936666", }, { name: "[debian-lts-announce] 20210309 [SECURITY] [DLA 2587-1] privoxy security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html", }, { name: "GLSA-202107-16", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202107-16", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2021-20275", datePublished: "2021-03-09T13:12:05", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:37:23.667Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-2503
Vulnerability from cvelistv5
Published
2013-03-11 17:00
Modified
2024-08-06 15:44
Severity ?
EPSS score ?
Summary
Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code.
References
| ▼ | URL | Tags |
|---|---|---|
| http://blog.c22.cc/2013/03/11/privoxy-proxy-authentication-credential-exposure-cve-2013-2503/ | x_refsource_MISC | |
| http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.188&view=markup | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-updates/2013-03/msg00118.html | vendor-advisory, x_refsource_SUSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T15:44:32.095Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://blog.c22.cc/2013/03/11/privoxy-proxy-authentication-credential-exposure-cve-2013-2503/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.188&view=markup", }, { name: "openSUSE-SU-2013:0564", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2013-03/msg00118.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-03-07T00:00:00", descriptions: [ { lang: "en", value: "Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-04-11T09:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://blog.c22.cc/2013/03/11/privoxy-proxy-authentication-credential-exposure-cve-2013-2503/", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.188&view=markup", }, { name: "openSUSE-SU-2013:0564", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2013-03/msg00118.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-2503", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://blog.c22.cc/2013/03/11/privoxy-proxy-authentication-credential-exposure-cve-2013-2503/", refsource: "MISC", url: "http://blog.c22.cc/2013/03/11/privoxy-proxy-authentication-credential-exposure-cve-2013-2503/", }, { name: "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.188&view=markup", refsource: "CONFIRM", url: "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.188&view=markup", }, { name: "openSUSE-SU-2013:0564", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2013-03/msg00118.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-2503", datePublished: "2013-03-11T17:00:00", dateReserved: "2013-03-07T00:00:00", dateUpdated: "2024-08-06T15:44:32.095Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20276
Vulnerability from cvelistv5
Published
2021-03-09 13:12
Modified
2024-08-03 17:37
Severity ?
EPSS score ?
Summary
A flaw was found in privoxy before 3.0.32. Invalid memory access with an invalid pattern passed to pcre_compile() may lead to denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.privoxy.org/announce.txt | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1936668 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/202107-16 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:37:23.654Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.privoxy.org/announce.txt", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1936668", }, { name: "[debian-lts-announce] 20210309 [SECURITY] [DLA 2587-1] privoxy security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html", }, { name: "GLSA-202107-16", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202107-16", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "privoxy", vendor: "n/a", versions: [ { status: "affected", version: "privoxy 3.0.32", }, ], }, ], descriptions: [ { lang: "en", value: "A flaw was found in privoxy before 3.0.32. Invalid memory access with an invalid pattern passed to pcre_compile() may lead to denial of service.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-08T06:06:47", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.privoxy.org/announce.txt", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1936668", }, { name: "[debian-lts-announce] 20210309 [SECURITY] [DLA 2587-1] privoxy security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html", }, { name: "GLSA-202107-16", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202107-16", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2021-20276", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "privoxy", version: { version_data: [ { version_value: "privoxy 3.0.32", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A flaw was found in privoxy before 3.0.32. Invalid memory access with an invalid pattern passed to pcre_compile() may lead to denial of service.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-119", }, ], }, ], }, references: { reference_data: [ { name: "https://www.privoxy.org/announce.txt", refsource: "MISC", url: "https://www.privoxy.org/announce.txt", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1936668", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1936668", }, { name: "[debian-lts-announce] 20210309 [SECURITY] [DLA 2587-1] privoxy security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html", }, { name: "GLSA-202107-16", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202107-16", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2021-20276", datePublished: "2021-03-09T13:12:35", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:37:23.654Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-1382
Vulnerability from cvelistv5
Published
2015-02-03 16:00
Modified
2024-08-06 04:40
Severity ?
EPSS score ?
Summary
parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2015/01/26/4 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/62899 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2015/dsa-3145 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/62775 | third-party-advisory, x_refsource_SECUNIA | |
| http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197&view=markup | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2015/01/27/20 | mailing-list, x_refsource_MLIST | |
| http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.297&r2=1.298 | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html | vendor-advisory, x_refsource_SUSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T04:40:18.667Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[oss-security] 20150126 CVE request for Privoxy", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2015/01/26/4", }, { name: "62899", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/62899", }, { name: "DSA-3145", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2015/dsa-3145", }, { name: "62775", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/62775", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197&view=markup", }, { name: "[oss-security] 20150127 Re: CVE request for Privoxy", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2015/01/27/20", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.297&r2=1.298", }, { name: "openSUSE-SU-2015:0230", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-01-24T00:00:00", descriptions: [ { lang: "en", value: "parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2015-02-12T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "[oss-security] 20150126 CVE request for Privoxy", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2015/01/26/4", }, { name: "62899", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/62899", }, { name: "DSA-3145", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2015/dsa-3145", }, { name: "62775", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/62775", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197&view=markup", }, { name: "[oss-security] 20150127 Re: CVE request for Privoxy", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2015/01/27/20", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.297&r2=1.298", }, { name: "openSUSE-SU-2015:0230", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-1382", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "[oss-security] 20150126 CVE request for Privoxy", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2015/01/26/4", }, { name: "62899", refsource: "SECUNIA", url: "http://secunia.com/advisories/62899", }, { name: "DSA-3145", refsource: "DEBIAN", url: "http://www.debian.org/security/2015/dsa-3145", }, { name: "62775", refsource: "SECUNIA", url: "http://secunia.com/advisories/62775", }, { name: "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197&view=markup", refsource: "CONFIRM", url: "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197&view=markup", }, { name: "[oss-security] 20150127 Re: CVE request for Privoxy", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2015/01/27/20", }, { name: "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.297&r2=1.298", refsource: "CONFIRM", url: "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.297&r2=1.298", }, { name: "openSUSE-SU-2015:0230", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-1382", datePublished: "2015-02-03T16:00:00", dateReserved: "2015-01-27T00:00:00", dateUpdated: "2024-08-06T04:40:18.667Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-1381
Vulnerability from cvelistv5
Published
2015-02-03 16:00
Modified
2024-08-06 04:40
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2015/01/26/4 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/62899 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2015/dsa-3145 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/62775 | third-party-advisory, x_refsource_SECUNIA | |
| http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197&view=markup | x_refsource_CONFIRM | |
| http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/pcrs.c?r1=1.46&r2=1.47 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2015/01/27/20 | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html | vendor-advisory, x_refsource_SUSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T04:40:18.584Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[oss-security] 20150126 CVE request for Privoxy", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2015/01/26/4", }, { name: "62899", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/62899", }, { name: "DSA-3145", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2015/dsa-3145", }, { name: "62775", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/62775", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197&view=markup", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/pcrs.c?r1=1.46&r2=1.47", }, { name: "[oss-security] 20150127 Re: CVE request for Privoxy", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2015/01/27/20", }, { name: "openSUSE-SU-2015:0230", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-01-24T00:00:00", descriptions: [ { lang: "en", value: "Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2015-02-12T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "[oss-security] 20150126 CVE request for Privoxy", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2015/01/26/4", }, { name: "62899", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/62899", }, { name: "DSA-3145", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2015/dsa-3145", }, { name: "62775", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/62775", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197&view=markup", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/pcrs.c?r1=1.46&r2=1.47", }, { name: "[oss-security] 20150127 Re: CVE request for Privoxy", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2015/01/27/20", }, { name: "openSUSE-SU-2015:0230", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-1381", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "[oss-security] 20150126 CVE request for Privoxy", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2015/01/26/4", }, { name: "62899", refsource: "SECUNIA", url: "http://secunia.com/advisories/62899", }, { name: "DSA-3145", refsource: "DEBIAN", url: "http://www.debian.org/security/2015/dsa-3145", }, { name: "62775", refsource: "SECUNIA", url: "http://secunia.com/advisories/62775", }, { name: "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197&view=markup", refsource: "CONFIRM", url: "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197&view=markup", }, { name: "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/pcrs.c?r1=1.46&r2=1.47", refsource: "CONFIRM", url: "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/pcrs.c?r1=1.46&r2=1.47", }, { name: "[oss-security] 20150127 Re: CVE request for Privoxy", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2015/01/27/20", }, { name: "openSUSE-SU-2015:0230", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-1381", datePublished: "2015-02-03T16:00:00", dateReserved: "2015-01-27T00:00:00", dateUpdated: "2024-08-06T04:40:18.584Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-44540
Vulnerability from cvelistv5
Published
2021-12-23 19:48
Modified
2024-08-04 04:25
Severity ?
EPSS score ?
Summary
A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by freeing memory of compiled pattern spec before bailing.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2C | x_refsource_MISC | |
| https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=652b4b7cb0 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:25:16.799Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2C", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=652b4b7cb0", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Privoxy", vendor: "n/a", versions: [ { status: "affected", version: "Privoxy 3.0.33", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by freeing memory of compiled pattern spec before bailing.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-401", description: "CWE-401", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-23T19:48:42", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2C", }, { tags: [ "x_refsource_MISC", ], url: "https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=652b4b7cb0", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2021-44540", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Privoxy", version: { version_data: [ { version_value: "Privoxy 3.0.33", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by freeing memory of compiled pattern spec before bailing.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-401", }, ], }, ], }, references: { reference_data: [ { name: "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html,", refsource: "MISC", url: "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html,", }, { name: "https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=652b4b7cb0", refsource: "MISC", url: "https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=652b4b7cb0", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2021-44540", datePublished: "2021-12-23T19:48:42", dateReserved: "2021-12-03T00:00:00", dateUpdated: "2024-08-04T04:25:16.799Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20273
Vulnerability from cvelistv5
Published
2021-03-09 13:11
Modified
2024-08-03 17:37
Severity ?
EPSS score ?
Summary
A flaw was found in privoxy before 3.0.32. A crash can occur via a crafted CGI request if Privoxy is toggled off.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.privoxy.org/announce.txt | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1936658 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/202107-16 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:37:23.083Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.privoxy.org/announce.txt", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1936658", }, { name: "[debian-lts-announce] 20210309 [SECURITY] [DLA 2587-1] privoxy security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html", }, { name: "GLSA-202107-16", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202107-16", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "privoxy", vendor: "n/a", versions: [ { status: "affected", version: "privoxy 3.0.32", }, ], }, ], descriptions: [ { lang: "en", value: "A flaw was found in privoxy before 3.0.32. A crash can occur via a crafted CGI request if Privoxy is toggled off.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-08T06:07:07", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.privoxy.org/announce.txt", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1936658", }, { name: "[debian-lts-announce] 20210309 [SECURITY] [DLA 2587-1] privoxy security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html", }, { name: "GLSA-202107-16", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202107-16", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2021-20273", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "privoxy", version: { version_data: [ { version_value: "privoxy 3.0.32", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A flaw was found in privoxy before 3.0.32. A crash can occur via a crafted CGI request if Privoxy is toggled off.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-20", }, ], }, ], }, references: { reference_data: [ { name: "https://www.privoxy.org/announce.txt", refsource: "MISC", url: "https://www.privoxy.org/announce.txt", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1936658", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1936658", }, { name: "[debian-lts-announce] 20210309 [SECURITY] [DLA 2587-1] privoxy security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html", }, { name: "GLSA-202107-16", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202107-16", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2021-20273", datePublished: "2021-03-09T13:11:17", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:37:23.083Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-35502
Vulnerability from cvelistv5
Published
2021-03-25 18:56
Modified
2024-08-04 17:02
Severity ?
EPSS score ?
Summary
A flaw was found in Privoxy in versions before 3.0.29. Memory leaks when a response is buffered and the buffer limit is reached or Privoxy is running out of memory can lead to a system crash.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1928749 | x_refsource_MISC | |
| https://www.privoxy.org/3.0.29/user-manual/whatsnew.html | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202107-16 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:02:08.124Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1928749", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html", }, { name: "GLSA-202107-16", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202107-16", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "privoxy", vendor: "n/a", versions: [ { status: "affected", version: "Privoxy 3.0.29", }, ], }, ], descriptions: [ { lang: "en", value: "A flaw was found in Privoxy in versions before 3.0.29. Memory leaks when a response is buffered and the buffer limit is reached or Privoxy is running out of memory can lead to a system crash.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-401", description: "CWE-401", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-08T06:06:51", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1928749", }, { tags: [ "x_refsource_MISC", ], url: "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html", }, { name: "GLSA-202107-16", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202107-16", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2020-35502", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "privoxy", version: { version_data: [ { version_value: "Privoxy 3.0.29", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A flaw was found in Privoxy in versions before 3.0.29. Memory leaks when a response is buffered and the buffer limit is reached or Privoxy is running out of memory can lead to a system crash.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-401", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1928749", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1928749", }, { name: "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html", refsource: "MISC", url: "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html", }, { name: "GLSA-202107-16", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202107-16", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2020-35502", datePublished: "2021-03-25T18:56:55", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-04T17:02:08.124Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20272
Vulnerability from cvelistv5
Published
2021-03-09 13:10
Modified
2024-08-03 17:37
Severity ?
EPSS score ?
Summary
A flaw was found in privoxy before 3.0.32. An assertion failure could be triggered with a crafted CGI request leading to server crash.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1936651 | x_refsource_MISC | |
| https://www.privoxy.org/announce.txt | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/202107-16 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:37:23.604Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1936651", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.privoxy.org/announce.txt", }, { name: "[debian-lts-announce] 20210309 [SECURITY] [DLA 2587-1] privoxy security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html", }, { name: "GLSA-202107-16", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202107-16", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "privoxy", vendor: "n/a", versions: [ { status: "affected", version: "privoxy 3.0.32", }, ], }, ], descriptions: [ { lang: "en", value: "A flaw was found in privoxy before 3.0.32. An assertion failure could be triggered with a crafted CGI request leading to server crash.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-617", description: "CWE-617", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-08T06:06:45", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1936651", }, { tags: [ "x_refsource_MISC", ], url: "https://www.privoxy.org/announce.txt", }, { name: "[debian-lts-announce] 20210309 [SECURITY] [DLA 2587-1] privoxy security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html", }, { name: "GLSA-202107-16", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202107-16", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2021-20272", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "privoxy", version: { version_data: [ { version_value: "privoxy 3.0.32", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A flaw was found in privoxy before 3.0.32. An assertion failure could be triggered with a crafted CGI request leading to server crash.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-617", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1936651", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1936651", }, { name: "https://www.privoxy.org/announce.txt", refsource: "MISC", url: "https://www.privoxy.org/announce.txt", }, { name: "[debian-lts-announce] 20210309 [SECURITY] [DLA 2587-1] privoxy security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html", }, { name: "GLSA-202107-16", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202107-16", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2021-20272", datePublished: "2021-03-09T13:10:39", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:37:23.604Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-1380
Vulnerability from cvelistv5
Published
2015-02-03 16:00
Modified
2024-08-06 04:40
Severity ?
EPSS score ?
Summary
jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2015/01/26/4 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/62899 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/72355 | vdb-entry, x_refsource_BID | |
| http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197&view=markup | x_refsource_CONFIRM | |
| http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html | x_refsource_CONFIRM | |
| http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/currentjcc.c/?r1=1.433&r2=1.434 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2015/01/27/20 | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html | vendor-advisory, x_refsource_SUSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T04:40:18.655Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[oss-security] 20150126 CVE request for Privoxy", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2015/01/26/4", }, { name: "62899", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/62899", }, { name: "72355", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/72355", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197&view=markup", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/currentjcc.c/?r1=1.433&r2=1.434", }, { name: "[oss-security] 20150127 Re: CVE request for Privoxy", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2015/01/27/20", }, { name: "openSUSE-SU-2015:0230", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-01-24T00:00:00", descriptions: [ { lang: "en", value: "jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-25T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "[oss-security] 20150126 CVE request for Privoxy", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2015/01/26/4", }, { name: "62899", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/62899", }, { name: "72355", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/72355", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197&view=markup", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/currentjcc.c/?r1=1.433&r2=1.434", }, { name: "[oss-security] 20150127 Re: CVE request for Privoxy", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2015/01/27/20", }, { name: "openSUSE-SU-2015:0230", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-1380", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "[oss-security] 20150126 CVE request for Privoxy", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2015/01/26/4", }, { name: "62899", refsource: "SECUNIA", url: "http://secunia.com/advisories/62899", }, { name: "72355", refsource: "BID", url: "http://www.securityfocus.com/bid/72355", }, { name: "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197&view=markup", refsource: "CONFIRM", url: "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197&view=markup", }, { name: "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", }, { name: "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/currentjcc.c/?r1=1.433&r2=1.434", refsource: "CONFIRM", url: "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/currentjcc.c/?r1=1.433&r2=1.434", }, { name: "[oss-security] 20150127 Re: CVE request for Privoxy", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2015/01/27/20", }, { name: "openSUSE-SU-2015:0230", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-1380", datePublished: "2015-02-03T16:00:00", dateReserved: "2015-01-27T00:00:00", dateUpdated: "2024-08-06T04:40:18.655Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20216
Vulnerability from cvelistv5
Published
2021-03-25 18:57
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
A flaw was found in Privoxy in versions before 3.0.31. A memory leak that occurs when decompression fails unexpectedly may lead to a denial of service. The highest threat from this vulnerability is to system availability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1923256 | x_refsource_MISC | |
| https://www.openwall.com/lists/oss-security/2021/01/31/2 | x_refsource_MISC | |
| https://www.privoxy.org/3.0.31/user-manual/whatsnew.html | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202107-16 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:30:07.787Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1923256", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2021/01/31/2", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.privoxy.org/3.0.31/user-manual/whatsnew.html", }, { name: "GLSA-202107-16", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202107-16", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "privoxy", vendor: "n/a", versions: [ { status: "affected", version: "privoxy 3.0.31", }, ], }, ], descriptions: [ { lang: "en", value: "A flaw was found in Privoxy in versions before 3.0.31. A memory leak that occurs when decompression fails unexpectedly may lead to a denial of service. The highest threat from this vulnerability is to system availability.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-08T06:07:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1923256", }, { tags: [ "x_refsource_MISC", ], url: "https://www.openwall.com/lists/oss-security/2021/01/31/2", }, { tags: [ "x_refsource_MISC", ], url: "https://www.privoxy.org/3.0.31/user-manual/whatsnew.html", }, { name: "GLSA-202107-16", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202107-16", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2021-20216", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "privoxy", version: { version_data: [ { version_value: "privoxy 3.0.31", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A flaw was found in Privoxy in versions before 3.0.31. A memory leak that occurs when decompression fails unexpectedly may lead to a denial of service. The highest threat from this vulnerability is to system availability.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-400", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1923256", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1923256", }, { name: "https://www.openwall.com/lists/oss-security/2021/01/31/2", refsource: "MISC", url: "https://www.openwall.com/lists/oss-security/2021/01/31/2", }, { name: "https://www.privoxy.org/3.0.31/user-manual/whatsnew.html", refsource: "MISC", url: "https://www.privoxy.org/3.0.31/user-manual/whatsnew.html", }, { name: "GLSA-202107-16", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202107-16", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2021-20216", datePublished: "2021-03-25T18:57:49", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:30:07.787Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-3699
Vulnerability from cvelistv5
Published
2020-01-24 12:25
Modified
2024-09-16 21:02
Severity ?
EPSS score ?
Summary
UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of privoxy on openSUSE Leap 15.1, Factory allows local attackers to escalate from user privoxy to root. This issue affects: openSUSE Leap 15.1 privoxy version 3.0.28-lp151.1.1 and prior versions. openSUSE Factory privoxy version 3.0.28-2.1 and prior versions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1157449 | x_refsource_CONFIRM |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:19:17.418Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1157449", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Leap 15.1", vendor: "openSUSE", versions: [ { lessThanOrEqual: "3.0.28-lp151.1.1", status: "affected", version: "privoxy", versionType: "custom", }, ], }, { product: "Factory", vendor: "openSUSE", versions: [ { lessThanOrEqual: "3.0.28-2.1", status: "affected", version: "privoxy", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Johannes Segitz of SUSE", }, ], datePublic: "2020-01-24T00:00:00", descriptions: [ { lang: "en", value: "UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of privoxy on openSUSE Leap 15.1, Factory allows local attackers to escalate from user privoxy to root. This issue affects: openSUSE Leap 15.1 privoxy version 3.0.28-lp151.1.1 and prior versions. openSUSE Factory privoxy version 3.0.28-2.1 and prior versions.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-59", description: "CWE-59: Improper Link Resolution Before File Access ('Link Following')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-11-20T15:45:08", orgId: "404e59f5-483d-4b8a-8e7a-e67604dd8afb", shortName: "suse", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1157449", }, ], source: { advisory: "https://bugzilla.suse.com/show_bug.cgi?id=1157449", defect: [ "1157449", ], discovery: "INTERNAL", }, title: "Local privilege escalation from user privoxy to root", x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@suse.com", DATE_PUBLIC: "2020-01-24T00:00:00.000Z", ID: "CVE-2019-3699", STATE: "PUBLIC", TITLE: "Local privilege escalation from user privoxy to root", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Leap 15.1", version: { version_data: [ { version_affected: "<=", version_name: "privoxy", version_value: "3.0.28-lp151.1.1", }, ], }, }, { product_name: "Factory", version: { version_data: [ { version_affected: "<=", version_name: "privoxy", version_value: "3.0.28-2.1", }, ], }, }, ], }, vendor_name: "openSUSE", }, ], }, }, credit: [ { lang: "eng", value: "Johannes Segitz of SUSE", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of privoxy on openSUSE Leap 15.1, Factory allows local attackers to escalate from user privoxy to root. This issue affects: openSUSE Leap 15.1 privoxy version 3.0.28-lp151.1.1 and prior versions. openSUSE Factory privoxy version 3.0.28-2.1 and prior versions.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: { cvss: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-59: Improper Link Resolution Before File Access ('Link Following')", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.suse.com/show_bug.cgi?id=1157449", refsource: "CONFIRM", url: "https://bugzilla.suse.com/show_bug.cgi?id=1157449", }, ], }, source: { advisory: "https://bugzilla.suse.com/show_bug.cgi?id=1157449", defect: [ "1157449", ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "404e59f5-483d-4b8a-8e7a-e67604dd8afb", assignerShortName: "suse", cveId: "CVE-2019-3699", datePublished: "2020-01-24T12:25:12.967744Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-16T21:02:19.137Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20215
Vulnerability from cvelistv5
Published
2021-03-25 18:57
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the show-status CGI handler when memory allocations fail can lead to a system crash.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.privoxy.org/3.0.29/user-manual/whatsnew.html | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1928746 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202107-16 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:30:07.356Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1928746", }, { name: "GLSA-202107-16", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202107-16", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "privoxy", vendor: "n/a", versions: [ { status: "affected", version: "Privoxy 3.0.29", }, ], }, ], descriptions: [ { lang: "en", value: "A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the show-status CGI handler when memory allocations fail can lead to a system crash.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-401", description: "CWE-401", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-08T06:06:39", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1928746", }, { name: "GLSA-202107-16", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202107-16", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2021-20215", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "privoxy", version: { version_data: [ { version_value: "Privoxy 3.0.29", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the show-status CGI handler when memory allocations fail can lead to a system crash.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-401", }, ], }, ], }, references: { reference_data: [ { name: "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html", refsource: "MISC", url: "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1928746", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1928746", }, { name: "GLSA-202107-16", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202107-16", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2021-20215", datePublished: "2021-03-25T18:57:41", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:30:07.356Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2015-02-03 16:59
Modified
2025-04-12 10:46
Severity ?
Summary
parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*", matchCriteriaId: "4AABC281-0843-461B-92C1-93D93F8B4D94", versionEndIncluding: "3.0.22", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", matchCriteriaId: "A10BC294-9196-425F-9FB0-B1625465B47F", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", matchCriteriaId: "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header.", }, { lang: "es", value: "parsers.c en Privoxy anterior a 3.0.23 permite a atacantes remotos causar una denegación de servicio (lectura inválida y caída) a través de vectores relacionados con una cabecera de tiempos de HTTP.", }, ], id: "CVE-2015-1382", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-02-03T16:59:13.563", references: [ { source: "cve@mitre.org", url: "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197&view=markup", }, { source: "cve@mitre.org", url: "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.297&r2=1.298", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/62775", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/62899", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2015/dsa-3145", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2015/01/26/4", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2015/01/27/20", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197&view=markup", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.297&r2=1.298", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/62775", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/62899", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2015/dsa-3145", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2015/01/26/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2015/01/27/20", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-25 19:15
Modified
2024-11-21 05:46
Severity ?
Summary
A flaw was found in Privoxy in versions before 3.0.31. An assertion failure triggered by a crafted CGI request may lead to denial of service. The highest threat from this vulnerability is to system availability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1923252 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1923252 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*", matchCriteriaId: "0C99A4E0-03CB-4F0A-A073-4D98371A555B", versionEndExcluding: "3.0.31", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in Privoxy in versions before 3.0.31. An assertion failure triggered by a crafted CGI request may lead to denial of service. The highest threat from this vulnerability is to system availability.", }, { lang: "es", value: "Se encontró un fallo en Privoxy en versiones anteriores a 3.0.31. Un fallo de aserción es desencadenado por una petición CGI diseñada puede conllevar a una denegación de servicio. La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema", }, ], id: "CVE-2021-20217", lastModified: "2024-11-21T05:46:09.023", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-25T19:15:13.750", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1923252", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1923252", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-16", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-617", }, ], source: "secalert@redhat.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-01-20 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
Memory leak in the rfc2553_connect_to function in jbsocket.c in Privoxy before 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests that are rejected because the socket limit is reached.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*", matchCriteriaId: "863E74D4-45BB-4FC3-BAD0-CF4EBD5395A7", versionEndIncluding: "3.0.21", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Memory leak in the rfc2553_connect_to function in jbsocket.c in Privoxy before 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests that are rejected because the socket limit is reached.", }, { lang: "es", value: "Fuga de memoria en la función rfc2553_connect_to en jbsocket.c en Privoxy anterior a 3.0.22 permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de un número grande de solicitudes que son rechazadas porque se ha alcanzado el límite del socket.", }, ], id: "CVE-2015-1030", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-01-20T15:59:09.360", references: [ { source: "cve@mitre.org", url: "http://secunia.com/advisories/62123", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2015/01/11/1", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.privoxy.org/announce.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/62123", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2015/01/11/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.privoxy.org/announce.txt", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-09 14:15
Modified
2024-11-21 05:46
Severity ?
Summary
A flaw was found in privoxy before 3.0.32. Invalid memory access with an invalid pattern passed to pcre_compile() may lead to denial of service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1936668 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html | Third Party Advisory | |
| secalert@redhat.com | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| secalert@redhat.com | https://www.privoxy.org/announce.txt | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1936668 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.privoxy.org/announce.txt | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| privoxy | privoxy | * | |
| debian | debian_linux | 9.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*", matchCriteriaId: "10E713A2-B544-465F-BC87-FD2A43B8B5A2", versionEndExcluding: "3.0.32", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in privoxy before 3.0.32. Invalid memory access with an invalid pattern passed to pcre_compile() may lead to denial of service.", }, { lang: "es", value: "Se encontró un fallo en privoxy versiones anteriores a 3.0.32. Un acceso a la memoria no válido con un patrón no válido pasado a la función pcre_compile() puede conllevar a una denegación de servicio", }, ], id: "CVE-2021-20276", lastModified: "2024-11-21T05:46:15.890", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-09T14:15:13.037", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1936668", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-16", }, { source: "secalert@redhat.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.privoxy.org/announce.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1936668", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.privoxy.org/announce.txt", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-25 19:15
Modified
2024-11-21 05:46
Severity ?
Summary
A flaw was found in Privoxy in versions before 3.0.31. A memory leak that occurs when decompression fails unexpectedly may lead to a denial of service. The highest threat from this vulnerability is to system availability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1923256 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| secalert@redhat.com | https://www.openwall.com/lists/oss-security/2021/01/31/2 | Mailing List, Release Notes, Third Party Advisory | |
| secalert@redhat.com | https://www.privoxy.org/3.0.31/user-manual/whatsnew.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1923256 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2021/01/31/2 | Mailing List, Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.privoxy.org/3.0.31/user-manual/whatsnew.html | Release Notes, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*", matchCriteriaId: "0C99A4E0-03CB-4F0A-A073-4D98371A555B", versionEndExcluding: "3.0.31", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in Privoxy in versions before 3.0.31. A memory leak that occurs when decompression fails unexpectedly may lead to a denial of service. The highest threat from this vulnerability is to system availability.", }, { lang: "es", value: "Se encontró un fallo en Privoxy en versiones anteriores a 3.0.31. Una pérdida de memoria ocurre cuando un fallo de descompresión inesperadamente puede conllevar a una denegación de servicio. La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema", }, ], id: "CVE-2021-20216", lastModified: "2024-11-21T05:46:08.900", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-25T19:15:13.283", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1923256", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-16", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Release Notes", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2021/01/31/2", }, { source: "secalert@redhat.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.privoxy.org/3.0.31/user-manual/whatsnew.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1923256", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Release Notes", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2021/01/31/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.privoxy.org/3.0.31/user-manual/whatsnew.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-401", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-09 14:15
Modified
2024-11-21 05:46
Severity ?
Summary
A flaw was found in privoxy before 3.0.32. A crash can occur via a crafted CGI request if Privoxy is toggled off.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1936658 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html | Third Party Advisory | |
| secalert@redhat.com | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| secalert@redhat.com | https://www.privoxy.org/announce.txt | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1936658 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.privoxy.org/announce.txt | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| privoxy | privoxy | * | |
| debian | debian_linux | 9.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*", matchCriteriaId: "10E713A2-B544-465F-BC87-FD2A43B8B5A2", versionEndExcluding: "3.0.32", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in privoxy before 3.0.32. A crash can occur via a crafted CGI request if Privoxy is toggled off.", }, { lang: "es", value: "Se encontró un fallo en privoxy versiones anteriores a 3.0.32. Se puede presentar un bloqueo por medio de una petición CGI diseñada si Privoxy está desactivado", }, ], id: "CVE-2021-20273", lastModified: "2024-11-21T05:46:15.507", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-09T14:15:12.757", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1936658", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-16", }, { source: "secalert@redhat.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.privoxy.org/announce.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1936658", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.privoxy.org/announce.txt", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "secalert@redhat.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-23 20:15
Modified
2024-11-21 06:31
Severity ?
Summary
A memory leak vulnerability was found in Privoxy when handling errors.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*", matchCriteriaId: "068EEA45-2037-4304-9959-A789314617F7", versionEndExcluding: "3.0.33", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A memory leak vulnerability was found in Privoxy when handling errors.", }, { lang: "es", value: "Se encontró una vulnerabilidad de filtrado de memoria en Privoxy cuando se manejan errores", }, ], id: "CVE-2021-44542", lastModified: "2024-11-21T06:31:11.863", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-23T20:15:12.043", references: [ { source: "secalert@redhat.com", url: "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2C", }, { source: "secalert@redhat.com", url: "https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=c48d1d6d08", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2C", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=c48d1d6d08", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-401", }, ], source: "secalert@redhat.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-25 19:15
Modified
2024-11-21 05:27
Severity ?
Summary
A flaw was found in Privoxy in versions before 3.0.29. Memory leaks when a response is buffered and the buffer limit is reached or Privoxy is running out of memory can lead to a system crash.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1928749 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| secalert@redhat.com | https://www.privoxy.org/3.0.29/user-manual/whatsnew.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1928749 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.privoxy.org/3.0.29/user-manual/whatsnew.html | Release Notes, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*", matchCriteriaId: "0C2D9175-6366-48B3-BE07-97C0C153D2EC", versionEndExcluding: "3.0.29", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in Privoxy in versions before 3.0.29. Memory leaks when a response is buffered and the buffer limit is reached or Privoxy is running out of memory can lead to a system crash.", }, { lang: "es", value: "Se encontró un fallo en Privoxy en versiones anteriores a 3.0.29. Unas pérdidas de memoria cuando una respuesta es almacenada en el búfer y es alcanzado el límite del búfer o Privoxy se está quedando sin memoria pueden conllevar a un bloqueo del sistema", }, ], id: "CVE-2020-35502", lastModified: "2024-11-21T05:27:26.427", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-25T19:15:12.610", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1928749", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-16", }, { source: "secalert@redhat.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1928749", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-401", }, ], source: "secalert@redhat.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-01-27 20:59
Modified
2025-04-12 10:46
Severity ?
Summary
The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*", matchCriteriaId: "134496F0-9094-4783-AC1B-237D9C9D79B6", versionEndIncluding: "3.0.23", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content.", }, { lang: "es", value: "La función remove_chunked_transfer_coding en filters.c en Privoxy en versiones anteriores a 3.0.24 permite a atacantes remotos causar una denegación de servicio (lectura no válida y caída) a través de contenido fragmentado-codificado manipulado.", }, ], id: "CVE-2016-1982", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-01-27T20:59:03.407", references: [ { source: "cve@mitre.org", url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176475.html", }, { source: "cve@mitre.org", url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176492.html", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2016/dsa-3460", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2016/01/21/4", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2016/01/22/3", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.privoxy.org/announce.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176475.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176492.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2016/dsa-3460", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2016/01/21/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2016/01/22/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.privoxy.org/announce.txt", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-25 19:15
Modified
2024-11-21 05:46
Severity ?
Summary
A flaw was found in Privoxy in versions before 3.0.29. Dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header and a memory allocation failed.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1928739 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| secalert@redhat.com | https://www.privoxy.org/3.0.29/user-manual/whatsnew.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1928739 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.privoxy.org/3.0.29/user-manual/whatsnew.html | Release Notes, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*", matchCriteriaId: "0C2D9175-6366-48B3-BE07-97C0C153D2EC", versionEndExcluding: "3.0.29", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in Privoxy in versions before 3.0.29. Dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header and a memory allocation failed.", }, { lang: "es", value: "Se encontró un fallo en Privoxy en versiones anteriores a 3.0.29. Una desreferencia de un puntero NULL podría resultar en un bloqueo si se habilitaba accept-intercepted-requests, Privoxy falló en obtener el destino de la petición del encabezado del host y falló en la asignación de memoria", }, ], id: "CVE-2021-20213", lastModified: "2024-11-21T05:46:08.563", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-25T19:15:12.970", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1928739", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-16", }, { source: "secalert@redhat.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1928739", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "secalert@redhat.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-02-10 19:59
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow remote attackers to have unspecified impact via vectors related to (1) the unmap function in list.c or (2) "two additional unconfirmed use-after-free complaints made by Coverity scan." NOTE: some of these details are obtained from third party information.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*", matchCriteriaId: "863E74D4-45BB-4FC3-BAD0-CF4EBD5395A7", versionEndIncluding: "3.0.21", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow remote attackers to have unspecified impact via vectors related to (1) the unmap function in list.c or (2) \"two additional unconfirmed use-after-free complaints made by Coverity scan.\" NOTE: some of these details are obtained from third party information.", }, { lang: "es", value: "Múltiples vulnerabilidades de uso después de liberación en Privoxy anterior a 3.0.22 permiten a atacantes remotos tener un impacto no especificado a través de vectores relacionados con (1) la función unmap en list.c o (2) 'las dos quejas adicionales de uso después de liberación no confirmado realizadas por Coverity scan.' NOTA: algunos de estos detalles se obtienen de información de terceras partes.", }, ], evaluatorComment: "<a href=\"http://cwe.mitre.org/data/definitions/416.html\">CWE-416: Use After Free</a>", id: "CVE-2015-1031", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-02-10T19:59:01.257", references: [ { source: "cve@mitre.org", url: "http://secunia.com/advisories/62123", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.debian.org/security/2015/dsa-3133", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2015/01/11/1", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.privoxy.org/announce.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/62123", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.debian.org/security/2015/dsa-3133", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2015/01/11/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.privoxy.org/announce.txt", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-03-11 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| privoxy | privoxy | * | |
| privoxy | privoxy | 2.9.0 | |
| privoxy | privoxy | 2.9.1 | |
| privoxy | privoxy | 2.9.2 | |
| privoxy | privoxy | 2.9.3 | |
| privoxy | privoxy | 2.9.11 | |
| privoxy | privoxy | 2.9.11 | |
| privoxy | privoxy | 2.9.11 | |
| privoxy | privoxy | 2.9.12 | |
| privoxy | privoxy | 2.9.13 | |
| privoxy | privoxy | 2.9.14 | |
| privoxy | privoxy | 2.9.16 | |
| privoxy | privoxy | 2.9.18 | |
| privoxy | privoxy | 3.0 | |
| privoxy | privoxy | 3.0.2 | |
| privoxy | privoxy | 3.0.3 | |
| privoxy | privoxy | 3.0.5 | |
| privoxy | privoxy | 3.0.6 | |
| privoxy | privoxy | 3.0.7 | |
| privoxy | privoxy | 3.0.8 | |
| privoxy | privoxy | 3.0.9 | |
| privoxy | privoxy | 3.0.10 | |
| privoxy | privoxy | 3.0.11 | |
| privoxy | privoxy | 3.0.12 | |
| privoxy | privoxy | 3.0.13 | |
| privoxy | privoxy | 3.0.14 | |
| privoxy | privoxy | 3.0.15 | |
| privoxy | privoxy | 3.0.16 | |
| privoxy | privoxy | 3.0.17 | |
| privoxy | privoxy | 3.0.18 | |
| privoxy | privoxy | 3.0.19 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:privoxy:privoxy:*:beta:*:*:*:*:*:*", matchCriteriaId: "BD98E972-8A9D-4A66-BA5C-E3C72CA32047", versionEndIncluding: "3.0.20", vulnerable: true, }, { criteria: "cpe:2.3:a:privoxy:privoxy:2.9.0:pre-alpha:*:*:*:*:*:*", matchCriteriaId: "CAEC484E-95D4-4948-AAB8-A69B5EAEA4B9", vulnerable: true, }, { criteria: "cpe:2.3:a:privoxy:privoxy:2.9.1:pre-alpha:*:*:*:*:*:*", matchCriteriaId: "A20A71E4-128E-4ACD-BBB6-43211CE4635D", vulnerable: true, }, { criteria: "cpe:2.3:a:privoxy:privoxy:2.9.2:pre-alpha:*:*:*:*:*:*", matchCriteriaId: "5DCE9358-4BD9-4DDE-BCBF-77EBFFC87C34", vulnerable: true, }, { criteria: "cpe:2.3:a:privoxy:privoxy:2.9.3:pre-alpha:*:*:*:*:*:*", matchCriteriaId: "CBA4016D-0AED-4420-AD8B-90E4C8CA92ED", vulnerable: true, }, { criteria: "cpe:2.3:a:privoxy:privoxy:2.9.11:alpha:*:*:*:*:*:*", matchCriteriaId: "DF369E54-AC85-4B9C-A1D6-6BC02E5D85FB", vulnerable: true, }, { criteria: "cpe:2.3:a:privoxy:privoxy:2.9.11:beta:*:*:*:*:*:*", matchCriteriaId: "5984D5CE-6B00-47BA-928D-05528F3C03F0", vulnerable: true, }, { criteria: "cpe:2.3:a:privoxy:privoxy:2.9.11:pre-alpha:*:*:*:*:*:*", matchCriteriaId: "F2804EA5-A5E4-42CB-A664-87283F93C051", vulnerable: true, }, { criteria: "cpe:2.3:a:privoxy:privoxy:2.9.12:beta:*:*:*:*:*:*", matchCriteriaId: "2C12A900-DB42-4768-B21A-2ECBFC3CE5FD", vulnerable: true, }, { criteria: "cpe:2.3:a:privoxy:privoxy:2.9.13:beta:*:*:*:*:*:*", matchCriteriaId: "94547AE0-1A7B-4333-A183-F3B9AF513DB2", vulnerable: true, }, { criteria: "cpe:2.3:a:privoxy:privoxy:2.9.14:beta:*:*:*:*:*:*", matchCriteriaId: "CD61EC05-42E0-477C-9F2E-57E9B8098AA0", vulnerable: true, }, { criteria: "cpe:2.3:a:privoxy:privoxy:2.9.16:*:*:*:*:*:*:*", matchCriteriaId: "F3CE3E34-2791-467C-A8BC-20B79CD3543B", vulnerable: true, }, { criteria: "cpe:2.3:a:privoxy:privoxy:2.9.18:*:*:*:*:*:*:*", matchCriteriaId: "6EE1B847-C52B-4ECF-8940-4F32F460117C", vulnerable: true, }, { criteria: "cpe:2.3:a:privoxy:privoxy:3.0:*:*:*:*:*:*:*", matchCriteriaId: "4E143B2E-D791-4AE2-822C-906DCA8C82D1", vulnerable: true, }, { criteria: "cpe:2.3:a:privoxy:privoxy:3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "A1702E56-2D3F-4CF2-A1E6-F2986D19063D", vulnerable: true, }, { criteria: "cpe:2.3:a:privoxy:privoxy:3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "A93EAF26-F70F-4414-A742-F1853D7D3902", vulnerable: true, }, { criteria: "cpe:2.3:a:privoxy:privoxy:3.0.5:beta:*:*:*:*:*:*", matchCriteriaId: "DFFBAC97-D7F3-494E-8FC3-4FB9CA6B3694", vulnerable: true, }, { criteria: "cpe:2.3:a:privoxy:privoxy:3.0.6:*:*:*:*:*:*:*", matchCriteriaId: "73FF893F-F6A5-461E-AA91-BA69736FD18C", vulnerable: true, }, { criteria: "cpe:2.3:a:privoxy:privoxy:3.0.7:beta:*:*:*:*:*:*", matchCriteriaId: "3F356C47-8E6E-4180-87B5-201C685F316F", vulnerable: true, }, { criteria: "cpe:2.3:a:privoxy:privoxy:3.0.8:*:*:*:*:*:*:*", matchCriteriaId: "8DC2E166-0116-4A0F-AEF7-9DFFFBC664D4", vulnerable: true, }, { criteria: "cpe:2.3:a:privoxy:privoxy:3.0.9:beta:*:*:*:*:*:*", matchCriteriaId: "5F01BA20-AAF9-43FA-89BC-F5812FDD38BA", vulnerable: true, }, { criteria: "cpe:2.3:a:privoxy:privoxy:3.0.10:*:*:*:*:*:*:*", matchCriteriaId: "0B591EBC-6E9D-45BC-9C23-D9B9C5487162", vulnerable: true, }, { criteria: "cpe:2.3:a:privoxy:privoxy:3.0.11:*:*:*:*:*:*:*", matchCriteriaId: "B13F22D3-0DF2-40E0-BD05-9033BBDF8CE1", vulnerable: true, }, { criteria: "cpe:2.3:a:privoxy:privoxy:3.0.12:*:*:*:*:*:*:*", matchCriteriaId: "40C8E4D4-0F17-49B1-A7B3-DCA711821814", vulnerable: true, }, { criteria: "cpe:2.3:a:privoxy:privoxy:3.0.13:beta:*:*:*:*:*:*", matchCriteriaId: "A87CEFA0-2A71-442C-859C-8EA51D6731B1", vulnerable: true, }, { criteria: "cpe:2.3:a:privoxy:privoxy:3.0.14:beta:*:*:*:*:*:*", matchCriteriaId: "2ABA3C9F-4428-40E4-AF52-2AFD2697BB18", vulnerable: true, }, { criteria: "cpe:2.3:a:privoxy:privoxy:3.0.15:beta:*:*:*:*:*:*", matchCriteriaId: "6DECA040-228B-4482-AA40-68BBD86ED87E", vulnerable: true, }, { criteria: "cpe:2.3:a:privoxy:privoxy:3.0.16:*:*:*:*:*:*:*", matchCriteriaId: "C0B9FAB7-A1E6-4351-8D8C-21E7C376034A", vulnerable: true, }, { criteria: "cpe:2.3:a:privoxy:privoxy:3.0.17:*:*:*:*:*:*:*", matchCriteriaId: "4F8826FB-0302-4E5C-8C00-EBF1E1EBFBBF", vulnerable: true, }, { criteria: "cpe:2.3:a:privoxy:privoxy:3.0.18:*:*:*:*:*:*:*", matchCriteriaId: "9B5846DF-36AA-4A85-82DC-7450C3F8A8E5", vulnerable: true, }, { criteria: "cpe:2.3:a:privoxy:privoxy:3.0.19:*:*:*:*:*:*:*", matchCriteriaId: "6BCD9081-42B8-4E5D-8B03-76B1701C6EC0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code.", }, { lang: "es", value: "Privoxy anterior a v3.0.21 no maneja adecuadamente las cabeceras Proxy-Authenticate y Proxy-Authorization en el flujo de datos del cliente, lo que facilita a servidores remotoso HTTP suplantar el servicio proxy establecido a través de un código de estado 407 (Aka Proxy Authentication Required)", }, ], id: "CVE-2013-2503", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-03-11T17:55:01.830", references: [ { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://blog.c22.cc/2013/03/11/privoxy-proxy-authentication-credential-exposure-cve-2013-2503/", }, { source: "cve@mitre.org", url: "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.188&view=markup", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-updates/2013-03/msg00118.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://blog.c22.cc/2013/03/11/privoxy-proxy-authentication-credential-exposure-cve-2013-2503/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.188&view=markup", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2013-03/msg00118.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-02-03 16:59
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", matchCriteriaId: "A10BC294-9196-425F-9FB0-B1625465B47F", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", matchCriteriaId: "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*", matchCriteriaId: "4AABC281-0843-461B-92C1-93D93F8B4D94", versionEndIncluding: "3.0.22", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors.", }, { lang: "es", value: "Múltiples vulnerabilidades no especificadas en pcrs.c en Privoxy anterior a 3.0.23 permiten a atacantes remotos causar una denegación de servicio (fallo de segmentación o consumo de memoria) a través de vectores no especificados.", }, ], id: "CVE-2015-1381", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-02-03T16:59:12.687", references: [ { source: "cve@mitre.org", url: "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197&view=markup", }, { source: "cve@mitre.org", url: "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/pcrs.c?r1=1.46&r2=1.47", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/62775", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/62899", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2015/dsa-3145", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2015/01/26/4", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2015/01/27/20", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197&view=markup", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/pcrs.c?r1=1.46&r2=1.47", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/62775", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/62899", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2015/dsa-3145", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2015/01/26/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2015/01/27/20", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-01-24 13:15
Modified
2024-11-21 04:42
Severity ?
7.7 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of privoxy on openSUSE Leap 15.1, Factory allows local attackers to escalate from user privoxy to root. This issue affects: openSUSE Leap 15.1 privoxy version 3.0.28-lp151.1.1 and prior versions. openSUSE Factory privoxy version 3.0.28-2.1 and prior versions.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| meissner@suse.de | https://bugzilla.suse.com/show_bug.cgi?id=1157449 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.suse.com/show_bug.cgi?id=1157449 | Issue Tracking, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*", matchCriteriaId: "047348C8-FA0E-4849-B854-B2E5399AC343", versionEndExcluding: "3.0.28-lp151.1.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*", matchCriteriaId: "93A494D0-EDE0-43AC-A2D9-D0944B81D21A", versionEndExcluding: "3.0.28-2.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:opensuse:factory:-:*:*:*:*:*:*:*", matchCriteriaId: "E29492E1-43D8-43BF-94E3-26A762A66FAA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of privoxy on openSUSE Leap 15.1, Factory allows local attackers to escalate from user privoxy to root. This issue affects: openSUSE Leap 15.1 privoxy version 3.0.28-lp151.1.1 and prior versions. openSUSE Factory privoxy version 3.0.28-2.1 and prior versions.", }, { lang: "es", value: "Una vulnerabilidad de tipo UNIX Symbolic Link (Symlink) Following en el empaquetado de privoxy en openSUSE Leap versión 15.1, Factory permite a atacantes locales escalar desde un usuario privoxy a root. Este problema afecta a: privoxy versión 3.0.28-lp151.1.1 y versiones anteriores, de openSUSE Leap versión 15.1 y privoxy versión 3.0.28-2.1 y versiones anteriores, de OpenSUSE Factory.", }, ], id: "CVE-2019-3699", lastModified: "2024-11-21T04:42:21.543", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.5, impactScore: 5.2, source: "meissner@suse.de", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-01-24T13:15:11.107", references: [ { source: "meissner@suse.de", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1157449", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1157449", }, ], sourceIdentifier: "meissner@suse.de", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-59", }, ], source: "meissner@suse.de", type: "Primary", }, { description: [ { lang: "en", value: "CWE-59", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-23 20:15
Modified
2024-11-21 06:31
Severity ?
Summary
An XSS vulnerability was found in Privoxy which was fixed in cgi_error_no_template() by encode the template name when Privoxy is configured to servce the user-manual itself.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*", matchCriteriaId: "068EEA45-2037-4304-9959-A789314617F7", versionEndExcluding: "3.0.33", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An XSS vulnerability was found in Privoxy which was fixed in cgi_error_no_template() by encode the template name when Privoxy is configured to servce the user-manual itself.", }, { lang: "es", value: "Se encontró una vulnerabilidad de tipo XSS en Privoxy que fue corregida en la función cgi_error_no_template(), al codificar el nombre de la plantilla cuando Privoxy está configurado para servir el propio manual de usuario", }, ], id: "CVE-2021-44543", lastModified: "2024-11-21T06:31:11.973", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-23T20:15:12.097", references: [ { source: "secalert@redhat.com", url: "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2C", }, { source: "secalert@redhat.com", url: "https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=0e668e9409c", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2C", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=0e668e9409c", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "secalert@redhat.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-25 19:15
Modified
2024-11-21 05:46
Severity ?
Summary
A flaw was found in Privoxy in versions before 3.0.29. Memory leak in the show-status CGI handler when no filter files are configured can lead to a system crash.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1928729 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| secalert@redhat.com | https://www.privoxy.org/3.0.29/user-manual/whatsnew.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1928729 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.privoxy.org/3.0.29/user-manual/whatsnew.html | Release Notes, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*", matchCriteriaId: "0C2D9175-6366-48B3-BE07-97C0C153D2EC", versionEndExcluding: "3.0.29", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in Privoxy in versions before 3.0.29. Memory leak in the show-status CGI handler when no filter files are configured can lead to a system crash.", }, { lang: "es", value: "Se encontró un fallo en Privoxy en versiones anteriores a 3.0.29. Una pérdida de memoria en el controlador CGI show-status cuando no son configurados archivos de filtro puede conllevar a un bloqueo del sistema", }, ], id: "CVE-2021-20210", lastModified: "2024-11-21T05:46:08.227", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-25T19:15:12.703", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1928729", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-16", }, { source: "secalert@redhat.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1928729", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-401", }, ], source: "secalert@redhat.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-25 19:15
Modified
2024-11-21 05:46
Severity ?
Summary
A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the client-tags CGI handler when client tags are configured and memory allocations fail can lead to a system crash.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1928742 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| secalert@redhat.com | https://www.privoxy.org/3.0.29/user-manual/whatsnew.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1928742 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.privoxy.org/3.0.29/user-manual/whatsnew.html | Release Notes, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*", matchCriteriaId: "0C2D9175-6366-48B3-BE07-97C0C153D2EC", versionEndExcluding: "3.0.29", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the client-tags CGI handler when client tags are configured and memory allocations fail can lead to a system crash.", }, { lang: "es", value: "Se encontró un fallo en Privoxy en versiones anteriores a 3.0.29. Unas pérdidas de memoria en el manejador CGI de etiquetas de cliente cuando las etiquetas de cliente son configuradas y un fallo de las asignaciones de memoria puede conllevar a un bloqueo del sistema", }, ], id: "CVE-2021-20214", lastModified: "2024-11-21T05:46:08.670", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-25T19:15:13.047", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1928742", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-16", }, { source: "secalert@redhat.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1928742", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-401", }, ], source: "secalert@redhat.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-25 19:15
Modified
2024-11-21 05:46
Severity ?
Summary
A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the show-status CGI handler when memory allocations fail can lead to a system crash.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1928746 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| secalert@redhat.com | https://www.privoxy.org/3.0.29/user-manual/whatsnew.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1928746 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.privoxy.org/3.0.29/user-manual/whatsnew.html | Release Notes, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*", matchCriteriaId: "0C2D9175-6366-48B3-BE07-97C0C153D2EC", versionEndExcluding: "3.0.29", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the show-status CGI handler when memory allocations fail can lead to a system crash.", }, { lang: "es", value: "Se encontró un fallo en Privoxy en versiones anteriores a 3.0.29. Unas pérdidas de memoria en el manejador CGI show-status cuando un fallo de las asignaciones de memoria puede conllevar a un bloqueo del sistema", }, ], id: "CVE-2021-20215", lastModified: "2024-11-21T05:46:08.787", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-25T19:15:13.127", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1928746", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-16", }, { source: "secalert@redhat.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1928746", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-401", }, ], source: "secalert@redhat.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-401", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-09 14:15
Modified
2024-11-21 05:46
Severity ?
Summary
A flaw was found in privoxy before 3.0.32. A invalid read of size two may occur in chunked_body_is_complete() leading to denial of service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1936666 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html | Third Party Advisory | |
| secalert@redhat.com | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| secalert@redhat.com | https://www.privoxy.org/announce.txt | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1936666 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.privoxy.org/announce.txt | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| privoxy | privoxy | * | |
| debian | debian_linux | 9.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*", matchCriteriaId: "10E713A2-B544-465F-BC87-FD2A43B8B5A2", versionEndExcluding: "3.0.32", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in privoxy before 3.0.32. A invalid read of size two may occur in chunked_body_is_complete() leading to denial of service.", }, { lang: "es", value: "Se encontró un fallo en privoxy versiones anteriores a 3.0.32. Una lectura no válida de tamaño dos puede ocurrir en la función chunked_body_is_complete() conllevando a una denegación de servicio", }, ], id: "CVE-2021-20275", lastModified: "2024-11-21T05:46:15.757", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-09T14:15:12.943", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1936666", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-16", }, { source: "secalert@redhat.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.privoxy.org/announce.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1936666", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.privoxy.org/announce.txt", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-23 20:15
Modified
2024-11-21 06:31
Severity ?
Summary
A vulnerability was found in Privoxy which was fixed in process_encrypted_request_headers() by freeing header memory when failing to get the request destination.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*", matchCriteriaId: "068EEA45-2037-4304-9959-A789314617F7", versionEndExcluding: "3.0.33", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in Privoxy which was fixed in process_encrypted_request_headers() by freeing header memory when failing to get the request destination.", }, { lang: "es", value: "Se encontró una vulnerabilidad en Privoxy que fue corregida en la función process_encrypted_request_headers(), al liberar la memoria de los encabezados cuando fallaba la obtención del destino de la petición", }, ], id: "CVE-2021-44541", lastModified: "2024-11-21T06:31:11.753", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-23T20:15:11.990", references: [ { source: "secalert@redhat.com", url: "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2C", }, { source: "secalert@redhat.com", url: "https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=652b4b7cb0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2C", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=652b4b7cb0", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-401", }, ], source: "secalert@redhat.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-25 19:15
Modified
2024-11-21 05:46
Severity ?
Summary
A flaw was found in Privoxy in versions before 3.0.29. Memory leak if multiple filters are executed and the last one is skipped due to a pcre error leading to a system crash.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1928736 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| secalert@redhat.com | https://www.privoxy.org/3.0.29/user-manual/whatsnew.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1928736 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.privoxy.org/3.0.29/user-manual/whatsnew.html | Release Notes, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*", matchCriteriaId: "0C2D9175-6366-48B3-BE07-97C0C153D2EC", versionEndExcluding: "3.0.29", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in Privoxy in versions before 3.0.29. Memory leak if multiple filters are executed and the last one is skipped due to a pcre error leading to a system crash.", }, { lang: "es", value: "Se encontró un fallo en Privoxy en versiones anteriores a 3.0.29. Una pérdida de memoria si son ejecutados múltiples filtros y es omitido el último debido a un error pcre conlleva un bloqueo del sistema", }, ], id: "CVE-2021-20212", lastModified: "2024-11-21T05:46:08.457", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-25T19:15:12.877", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1928736", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-16", }, { source: "secalert@redhat.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1928736", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-401", }, ], source: "secalert@redhat.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-05-25 20:15
Modified
2024-11-21 05:46
Severity ?
Summary
A memory leak vulnerability was found in Privoxy before 3.0.29 in the show-status CGI handler when no action files are configured.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1928726 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| secalert@redhat.com | https://www.privoxy.org/3.0.29/user-manual/whatsnew.html | Release Notes, Vendor Advisory | |
| secalert@redhat.com | https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=c62254a686 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1928726 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.privoxy.org/3.0.29/user-manual/whatsnew.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=c62254a686 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*", matchCriteriaId: "0C2D9175-6366-48B3-BE07-97C0C153D2EC", versionEndExcluding: "3.0.29", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A memory leak vulnerability was found in Privoxy before 3.0.29 in the show-status CGI handler when no action files are configured.", }, { lang: "es", value: "Se encontró una vulnerabilidad de fuga de memoria en Privoxy versiones anteriores a 3.0.29 en el manejador CGI del show-status cuando no se configuraron archivos de acción", }, ], id: "CVE-2021-20209", lastModified: "2024-11-21T05:46:08.107", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-05-25T20:15:07.610", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1928726", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-16", }, { source: "secalert@redhat.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html", }, { source: "secalert@redhat.com", url: "https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=c62254a686", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1928726", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=c62254a686", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-401", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-401", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-01-27 20:59
Modified
2025-04-12 10:46
Severity ?
Summary
The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*", matchCriteriaId: "134496F0-9094-4783-AC1B-237D9C9D79B6", versionEndIncluding: "3.0.23", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header.", }, { lang: "es", value: "La función client_host en parsers.c en Privoxy en versiones anteriores a 3.0.24 permite a atacantes remotos causar una denegación de servicio (lectura no válida y caída) a través de una cabecera HTTP Host vacía.", }, ], id: "CVE-2016-1983", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-01-27T20:59:04.297", references: [ { source: "cve@mitre.org", url: "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.302&r2=1.303", }, { source: "cve@mitre.org", url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176475.html", }, { source: "cve@mitre.org", url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176492.html", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2016/dsa-3460", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2016/01/21/4", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2016/01/22/3", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.privoxy.org/announce.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.302&r2=1.303", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176475.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176492.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2016/dsa-3460", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2016/01/21/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2016/01/22/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.privoxy.org/announce.txt", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-09 14:15
Modified
2024-11-21 05:46
Severity ?
Summary
A flaw was found in privoxy before 3.0.32. An assertion failure could be triggered with a crafted CGI request leading to server crash.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1936651 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| secalert@redhat.com | https://www.privoxy.org/announce.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1936651 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.privoxy.org/announce.txt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| privoxy | privoxy | * | |
| debian | debian_linux | 9.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*", matchCriteriaId: "10E713A2-B544-465F-BC87-FD2A43B8B5A2", versionEndExcluding: "3.0.32", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in privoxy before 3.0.32. An assertion failure could be triggered with a crafted CGI request leading to server crash.", }, { lang: "es", value: "Se encontró un fallo en privoxy versiones anteriores a 3.0.32. Se podría desencadenar un fallo de aserción con una petición CGI diseñada conllevando a un bloqueo del servidor", }, ], id: "CVE-2021-20272", lastModified: "2024-11-21T05:46:15.377", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-09T14:15:12.413", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1936651", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-16", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://www.privoxy.org/announce.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1936651", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.privoxy.org/announce.txt", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-617", }, ], source: "secalert@redhat.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-25 19:15
Modified
2024-11-21 05:46
Severity ?
Summary
A flaw was found in Privoxy in versions before 3.0.29. Memory leak when client tags are active can cause a system crash.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1928733 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| secalert@redhat.com | https://www.privoxy.org/3.0.29/user-manual/whatsnew.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1928733 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.privoxy.org/3.0.29/user-manual/whatsnew.html | Release Notes, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*", matchCriteriaId: "0C2D9175-6366-48B3-BE07-97C0C153D2EC", versionEndExcluding: "3.0.29", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in Privoxy in versions before 3.0.29. Memory leak when client tags are active can cause a system crash.", }, { lang: "es", value: "Se encontró un fallo en Privoxy en versiones anteriores a 3.0.29. Una pérdida de memoria cuando las etiquetas de cliente están activas puede causar un bloqueo del sistema", }, ], id: "CVE-2021-20211", lastModified: "2024-11-21T05:46:08.340", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-25T19:15:12.783", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1928733", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-16", }, { source: "secalert@redhat.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1928733", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-401", }, ], source: "secalert@redhat.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-23 20:15
Modified
2024-11-21 06:31
Severity ?
Summary
A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by freeing memory of compiled pattern spec before bailing.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*", matchCriteriaId: "068EEA45-2037-4304-9959-A789314617F7", versionEndExcluding: "3.0.33", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by freeing memory of compiled pattern spec before bailing.", }, { lang: "es", value: "Se ha encontrado una vulnerabilidad en Privoxy que ha sido corregida en la función get_url_spec_param(), al liberar la memoria de la especificación del patrón compilado antes de abandonar", }, ], id: "CVE-2021-44540", lastModified: "2024-11-21T06:31:11.640", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-23T20:15:11.940", references: [ { source: "secalert@redhat.com", url: "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2C", }, { source: "secalert@redhat.com", url: "https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=652b4b7cb0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2C", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=652b4b7cb0", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-401", }, ], source: "secalert@redhat.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-02-03 16:59
Modified
2025-04-12 10:46
Severity ?
Summary
jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*", matchCriteriaId: "4AABC281-0843-461B-92C1-93D93F8B4D94", versionEndIncluding: "3.0.22", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*", matchCriteriaId: "0B1C288F-326B-497B-B26C-D26E01262DDB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", matchCriteriaId: "A10BC294-9196-425F-9FB0-B1625465B47F", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", matchCriteriaId: "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body.", }, { lang: "es", value: "jcc.c en Privoxy anterior a 3.0.23 permite a atacantes remotos causar una denegación de servicio (abortar) a través de un cuerpo de fragmentos codificados.", }, ], id: "CVE-2015-1380", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-02-03T16:59:11.750", references: [ { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197&view=markup", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/currentjcc.c/?r1=1.433&r2=1.434", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html", }, { source: "cve@mitre.org", tags: [ "Permissions Required", "Third Party Advisory", ], url: "http://secunia.com/advisories/62899", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2015/01/26/4", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2015/01/27/20", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/72355", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197&view=markup", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/currentjcc.c/?r1=1.433&r2=1.434", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "Third Party Advisory", ], url: "http://secunia.com/advisories/62899", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2015/01/26/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2015/01/27/20", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/72355", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-09 14:15
Modified
2024-11-21 05:46
Severity ?
Summary
A flaw was found in privoxy before 3.0.32. A crash may occur due a NULL-pointer dereference when the socks server misbehaves.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1936662 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| secalert@redhat.com | https://www.privoxy.org/announce.txt | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1936662 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.privoxy.org/announce.txt | Release Notes, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*", matchCriteriaId: "10E713A2-B544-465F-BC87-FD2A43B8B5A2", versionEndExcluding: "3.0.32", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in privoxy before 3.0.32. A crash may occur due a NULL-pointer dereference when the socks server misbehaves.", }, { lang: "es", value: "Se encontró un fallo en privoxy versiones anteriores a 3.0.32. Puede ocurrir un bloqueo debido a una desreferencia del puntero NULL cuando el servidor socks se comporta inapropiadamente", }, ], id: "CVE-2021-20274", lastModified: "2024-11-21T05:46:15.633", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-09T14:15:12.850", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1936662", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-16", }, { source: "secalert@redhat.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.privoxy.org/announce.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1936662", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.privoxy.org/announce.txt", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "secalert@redhat.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-01-20 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
Privoxy before 3.0.22 allows remote attackers to cause a denial of service (file descriptor consumption) via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*", matchCriteriaId: "863E74D4-45BB-4FC3-BAD0-CF4EBD5395A7", versionEndIncluding: "3.0.21", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Privoxy before 3.0.22 allows remote attackers to cause a denial of service (file descriptor consumption) via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.", }, { lang: "es", value: "Privoxy anterior a 3.0.22 permite a atacantes remotos causar una denegación de servicio (consumo del descriptor de ficheros) a través de vectores no especificados. NOTA: el origen de esta información es desconocido; los detalles se obtienen únicamente de información de terceras partes.", }, ], id: "CVE-2015-1201", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-01-20T15:59:10.390", references: [ { source: "cve@mitre.org", url: "http://secunia.com/advisories/62123", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/62123", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
var-202112-1037
Vulnerability from variot
A memory leak vulnerability was found in Privoxy when handling errors. Privoxy Contains a vulnerability regarding the lack of free memory after expiration.Service operation interruption (DoS) It may be in a state. Privoxy is a proxy server of the Privoxy team in the United States that does not cache web pages and has its own filtering function. It features advanced filtering to enhance privacy, modify web page data and HTTP headers, control access, and remove ads and other annoying Internet junk. Privoxy has flexible configurations and can be customized according to individual needs. It is suitable for stand-alone systems and multi-user networks.
There is an input validation error vulnerability in Privoxy, which is caused by the fact that the send_http_request of the product does not validate the input data effectively. An attacker could use this vulnerability to cause a denial of service
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-1037", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "privoxy", scope: "lt", trust: 1.6, vendor: "privoxy", version: "3.0.33", }, { model: "privoxy", scope: null, trust: 0.8, vendor: "privoxy developers", version: null, }, { model: "privoxy", scope: "eq", trust: 0.8, vendor: "privoxy developers", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2022-08930", }, { db: "JVNDB", id: "JVNDB-2021-016709", }, { db: "NVD", id: "CVE-2021-44542", }, ], }, cve: "CVE-2021-44542", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, id: "CVE-2021-44542", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 1.9, vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, id: "CNVD-2022-08930", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", exploitabilityScore: 3.9, id: "CVE-2021-44542", impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2021-44542", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2021-44542", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2021-44542", trust: 0.8, value: "High", }, { author: "CNVD", id: "CNVD-2022-08930", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202112-828", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2021-44542", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2022-08930", }, { db: "VULMON", id: "CVE-2021-44542", }, { db: "JVNDB", id: "JVNDB-2021-016709", }, { db: "CNNVD", id: "CNNVD-202112-828", }, { db: "NVD", id: "CVE-2021-44542", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A memory leak vulnerability was found in Privoxy when handling errors. Privoxy Contains a vulnerability regarding the lack of free memory after expiration.Service operation interruption (DoS) It may be in a state. Privoxy is a proxy server of the Privoxy team in the United States that does not cache web pages and has its own filtering function. It features advanced filtering to enhance privacy, modify web page data and HTTP headers, control access, and remove ads and other annoying Internet junk. Privoxy has flexible configurations and can be customized according to individual needs. It is suitable for stand-alone systems and multi-user networks. \n\r\n\r\nThere is an input validation error vulnerability in Privoxy, which is caused by the fact that the send_http_request of the product does not validate the input data effectively. An attacker could use this vulnerability to cause a denial of service", sources: [ { db: "NVD", id: "CVE-2021-44542", }, { db: "JVNDB", id: "JVNDB-2021-016709", }, { db: "CNVD", id: "CNVD-2022-08930", }, { db: "VULMON", id: "CVE-2021-44542", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-44542", trust: 3.9, }, { db: "CS-HELP", id: "SB2021121013", trust: 1.2, }, { db: "JVNDB", id: "JVNDB-2021-016709", trust: 0.8, }, { db: "CNVD", id: "CNVD-2022-08930", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202112-828", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-44542", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2022-08930", }, { db: "VULMON", id: "CVE-2021-44542", }, { db: "JVNDB", id: "JVNDB-2021-016709", }, { db: "CNNVD", id: "CNNVD-202112-828", }, { db: "NVD", id: "CVE-2021-44542", }, ], }, id: "VAR-202112-1037", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2022-08930", }, ], trust: 0.06, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2022-08930", }, ], }, last_update_date: "2024-11-23T21:33:27.696000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "send_http_request()", trust: 0.8, url: "https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=c48d1d6d08", }, { title: "Patch for Privoxy Input Validation Error Vulnerability (CNVD-2022-08930)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/318161", }, { title: "Privoxy Enter the fix for the verification error vulnerability", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=176524", }, { title: "Arch Linux Issues: ", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2021-44542 log", }, ], sources: [ { db: "CNVD", id: "CNVD-2022-08930", }, { db: "VULMON", id: "CVE-2021-44542", }, { db: "JVNDB", id: "JVNDB-2021-016709", }, { db: "CNNVD", id: "CNNVD-202112-828", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-401", trust: 1, }, { problemtype: "Lack of memory release after expiration (CWE-401) [ others ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016709", }, { db: "NVD", id: "CVE-2021-44542", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-44542", }, { trust: 1.2, url: "https://www.cybersecurity-help.cz/vdb/sb2021121013", }, { trust: 1, url: "https://www.privoxy.org/gitweb/?p=privoxy.git%3ba=commit%3bh=c48d1d6d08", }, { trust: 1, url: "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2c", }, { trust: 0.7, url: "https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=c48d1d6d08", }, { trust: 0.6, url: "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/privoxy-four-vulnerabilities-37059", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/401.html", }, { trust: 0.1, url: "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html,", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://security.archlinux.org/cve-2021-44542", }, { trust: 0.1, url: "http://seclists.org/oss-sec/2021/q4/148", }, ], sources: [ { db: "CNVD", id: "CNVD-2022-08930", }, { db: "VULMON", id: "CVE-2021-44542", }, { db: "JVNDB", id: "JVNDB-2021-016709", }, { db: "CNNVD", id: "CNNVD-202112-828", }, { db: "NVD", id: "CVE-2021-44542", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2022-08930", }, { db: "VULMON", id: "CVE-2021-44542", }, { db: "JVNDB", id: "JVNDB-2021-016709", }, { db: "CNNVD", id: "CNNVD-202112-828", }, { db: "NVD", id: "CVE-2021-44542", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-02-09T00:00:00", db: "CNVD", id: "CNVD-2022-08930", }, { date: "2021-12-23T00:00:00", db: "VULMON", id: "CVE-2021-44542", }, { date: "2022-12-21T00:00:00", db: "JVNDB", id: "JVNDB-2021-016709", }, { date: "2021-12-10T00:00:00", db: "CNNVD", id: "CNNVD-202112-828", }, { date: "2021-12-23T20:15:12.043000", db: "NVD", id: "CVE-2021-44542", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-02-09T00:00:00", db: "CNVD", id: "CNVD-2022-08930", }, { date: "2021-12-29T00:00:00", db: "VULMON", id: "CVE-2021-44542", }, { date: "2022-12-21T04:53:00", db: "JVNDB", id: "JVNDB-2021-016709", }, { date: "2022-01-05T00:00:00", db: "CNNVD", id: "CNNVD-202112-828", }, { date: "2024-11-21T06:31:11.863000", db: "NVD", id: "CVE-2021-44542", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202112-828", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Privoxy Vulnerability regarding lack of memory release after expiration in", sources: [ { db: "JVNDB", id: "JVNDB-2021-016709", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "input validation error", sources: [ { db: "CNNVD", id: "CNNVD-202112-828", }, ], trust: 0.6, }, }