All the vulnerabilites related to privoxy - privoxy
Vulnerability from fkie_nvd
Published
2021-03-09 14:15
Modified
2024-11-21 05:46
Severity ?
Summary
A flaw was found in privoxy before 3.0.32. An assertion failure could be triggered with a crafted CGI request leading to server crash.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1936651 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| secalert@redhat.com | https://www.privoxy.org/announce.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1936651 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.privoxy.org/announce.txt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| privoxy | privoxy | * | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10E713A2-B544-465F-BC87-FD2A43B8B5A2",
"versionEndExcluding": "3.0.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in privoxy before 3.0.32. An assertion failure could be triggered with a crafted CGI request leading to server crash."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo en privoxy versiones anteriores a 3.0.32.\u0026#xa0;Se podr\u00eda desencadenar un fallo de aserci\u00f3n con una petici\u00f3n CGI dise\u00f1ada conllevando a un bloqueo del servidor"
}
],
"id": "CVE-2021-20272",
"lastModified": "2024-11-21T05:46:15.377",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-09T14:15:12.413",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936651"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-16"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.privoxy.org/announce.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.privoxy.org/announce.txt"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-617"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-25 19:15
Modified
2024-11-21 05:46
Severity ?
Summary
A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the client-tags CGI handler when client tags are configured and memory allocations fail can lead to a system crash.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1928742 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| secalert@redhat.com | https://www.privoxy.org/3.0.29/user-manual/whatsnew.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1928742 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.privoxy.org/3.0.29/user-manual/whatsnew.html | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C2D9175-6366-48B3-BE07-97C0C153D2EC",
"versionEndExcluding": "3.0.29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the client-tags CGI handler when client tags are configured and memory allocations fail can lead to a system crash."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo en Privoxy en versiones anteriores a 3.0.29.\u0026#xa0;Unas p\u00e9rdidas de memoria en el manejador CGI de etiquetas de cliente cuando las etiquetas de cliente son configuradas y un fallo de las asignaciones de memoria puede conllevar a un bloqueo del sistema"
}
],
"id": "CVE-2021-20214",
"lastModified": "2024-11-21T05:46:08.670",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-25T19:15:13.047",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928742"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-16"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-25 19:15
Modified
2024-11-21 05:46
Severity ?
Summary
A flaw was found in Privoxy in versions before 3.0.31. A memory leak that occurs when decompression fails unexpectedly may lead to a denial of service. The highest threat from this vulnerability is to system availability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1923256 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| secalert@redhat.com | https://www.openwall.com/lists/oss-security/2021/01/31/2 | Mailing List, Release Notes, Third Party Advisory | |
| secalert@redhat.com | https://www.privoxy.org/3.0.31/user-manual/whatsnew.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1923256 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2021/01/31/2 | Mailing List, Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.privoxy.org/3.0.31/user-manual/whatsnew.html | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C99A4E0-03CB-4F0A-A073-4D98371A555B",
"versionEndExcluding": "3.0.31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Privoxy in versions before 3.0.31. A memory leak that occurs when decompression fails unexpectedly may lead to a denial of service. The highest threat from this vulnerability is to system availability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo en Privoxy en versiones anteriores a 3.0.31.\u0026#xa0;Una p\u00e9rdida de memoria ocurre cuando un fallo de descompresi\u00f3n inesperadamente puede conllevar a una denegaci\u00f3n de servicio.\u0026#xa0;La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema"
}
],
"id": "CVE-2021-20216",
"lastModified": "2024-11-21T05:46:08.900",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-25T19:15:13.283",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923256"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-16"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Release Notes",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2021/01/31/2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.privoxy.org/3.0.31/user-manual/whatsnew.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923256"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Release Notes",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2021/01/31/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.privoxy.org/3.0.31/user-manual/whatsnew.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-01-27 20:59
Modified
2024-11-21 02:47
Severity ?
Summary
The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "134496F0-9094-4783-AC1B-237D9C9D79B6",
"versionEndIncluding": "3.0.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content."
},
{
"lang": "es",
"value": "La funci\u00f3n remove_chunked_transfer_coding en filters.c en Privoxy en versiones anteriores a 3.0.24 permite a atacantes remotos causar una denegaci\u00f3n de servicio (lectura no v\u00e1lida y ca\u00edda) a trav\u00e9s de contenido fragmentado-codificado manipulado."
}
],
"id": "CVE-2016-1982",
"lastModified": "2024-11-21T02:47:29.147",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-27T20:59:03.407",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176475.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176492.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3460"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2016/01/21/4"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2016/01/22/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.privoxy.org/announce.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176475.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176492.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2016/01/21/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2016/01/22/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.privoxy.org/announce.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-09 14:15
Modified
2024-11-21 05:46
Severity ?
Summary
A flaw was found in privoxy before 3.0.32. Invalid memory access with an invalid pattern passed to pcre_compile() may lead to denial of service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1936668 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html | Third Party Advisory | |
| secalert@redhat.com | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| secalert@redhat.com | https://www.privoxy.org/announce.txt | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1936668 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.privoxy.org/announce.txt | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| privoxy | privoxy | * | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10E713A2-B544-465F-BC87-FD2A43B8B5A2",
"versionEndExcluding": "3.0.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in privoxy before 3.0.32. Invalid memory access with an invalid pattern passed to pcre_compile() may lead to denial of service."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo en privoxy versiones anteriores a 3.0.32.\u0026#xa0;Un acceso a la memoria no v\u00e1lido con un patr\u00f3n no v\u00e1lido pasado a la funci\u00f3n pcre_compile() puede conllevar a una denegaci\u00f3n de servicio"
}
],
"id": "CVE-2021-20276",
"lastModified": "2024-11-21T05:46:15.890",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-09T14:15:13.037",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936668"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-16"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.privoxy.org/announce.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936668"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.privoxy.org/announce.txt"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-25 19:15
Modified
2024-11-21 05:46
Severity ?
Summary
A flaw was found in Privoxy in versions before 3.0.31. An assertion failure triggered by a crafted CGI request may lead to denial of service. The highest threat from this vulnerability is to system availability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1923252 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1923252 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C99A4E0-03CB-4F0A-A073-4D98371A555B",
"versionEndExcluding": "3.0.31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Privoxy in versions before 3.0.31. An assertion failure triggered by a crafted CGI request may lead to denial of service. The highest threat from this vulnerability is to system availability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo en Privoxy en versiones anteriores a 3.0.31.\u0026#xa0;Un fallo de aserci\u00f3n es desencadenado por una petici\u00f3n CGI dise\u00f1ada puede conllevar a una denegaci\u00f3n de servicio.\u0026#xa0;La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema"
}
],
"id": "CVE-2021-20217",
"lastModified": "2024-11-21T05:46:09.023",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-25T19:15:13.750",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923252"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923252"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-617"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-02-03 16:59
Modified
2024-11-21 02:25
Severity ?
Summary
jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AABC281-0843-461B-92C1-93D93F8B4D94",
"versionEndIncluding": "3.0.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1C288F-326B-497B-B26C-D26E01262DDB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body."
},
{
"lang": "es",
"value": "jcc.c en Privoxy anterior a 3.0.23 permite a atacantes remotos causar una denegaci\u00f3n de servicio (abortar) a trav\u00e9s de un cuerpo de fragmentos codificados."
}
],
"id": "CVE-2015-1380",
"lastModified": "2024-11-21T02:25:18.407",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-02-03T16:59:11.750",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197\u0026view=markup"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/currentjcc.c/?r1=1.433\u0026r2=1.434"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/62899"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/26/4"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/27/20"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/72355"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197\u0026view=markup"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/currentjcc.c/?r1=1.433\u0026r2=1.434"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/62899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/26/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/27/20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/72355"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-09 14:15
Modified
2024-11-21 05:46
Severity ?
Summary
A flaw was found in privoxy before 3.0.32. A crash may occur due a NULL-pointer dereference when the socks server misbehaves.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1936662 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| secalert@redhat.com | https://www.privoxy.org/announce.txt | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1936662 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.privoxy.org/announce.txt | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10E713A2-B544-465F-BC87-FD2A43B8B5A2",
"versionEndExcluding": "3.0.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in privoxy before 3.0.32. A crash may occur due a NULL-pointer dereference when the socks server misbehaves."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo en privoxy versiones anteriores a 3.0.32.\u0026#xa0;Puede ocurrir un bloqueo debido a una desreferencia del puntero NULL cuando el servidor socks se comporta inapropiadamente"
}
],
"id": "CVE-2021-20274",
"lastModified": "2024-11-21T05:46:15.633",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-09T14:15:12.850",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936662"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-16"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.privoxy.org/announce.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936662"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.privoxy.org/announce.txt"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-03-11 17:55
Modified
2024-11-21 01:51
Severity ?
Summary
Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| privoxy | privoxy | * | |
| privoxy | privoxy | 2.9.0 | |
| privoxy | privoxy | 2.9.1 | |
| privoxy | privoxy | 2.9.2 | |
| privoxy | privoxy | 2.9.3 | |
| privoxy | privoxy | 2.9.11 | |
| privoxy | privoxy | 2.9.11 | |
| privoxy | privoxy | 2.9.11 | |
| privoxy | privoxy | 2.9.12 | |
| privoxy | privoxy | 2.9.13 | |
| privoxy | privoxy | 2.9.14 | |
| privoxy | privoxy | 2.9.16 | |
| privoxy | privoxy | 2.9.18 | |
| privoxy | privoxy | 3.0 | |
| privoxy | privoxy | 3.0.2 | |
| privoxy | privoxy | 3.0.3 | |
| privoxy | privoxy | 3.0.5 | |
| privoxy | privoxy | 3.0.6 | |
| privoxy | privoxy | 3.0.7 | |
| privoxy | privoxy | 3.0.8 | |
| privoxy | privoxy | 3.0.9 | |
| privoxy | privoxy | 3.0.10 | |
| privoxy | privoxy | 3.0.11 | |
| privoxy | privoxy | 3.0.12 | |
| privoxy | privoxy | 3.0.13 | |
| privoxy | privoxy | 3.0.14 | |
| privoxy | privoxy | 3.0.15 | |
| privoxy | privoxy | 3.0.16 | |
| privoxy | privoxy | 3.0.17 | |
| privoxy | privoxy | 3.0.18 | |
| privoxy | privoxy | 3.0.19 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:privoxy:privoxy:*:beta:*:*:*:*:*:*",
"matchCriteriaId": "BD98E972-8A9D-4A66-BA5C-E3C72CA32047",
"versionEndIncluding": "3.0.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:privoxy:privoxy:2.9.0:pre-alpha:*:*:*:*:*:*",
"matchCriteriaId": "CAEC484E-95D4-4948-AAB8-A69B5EAEA4B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:privoxy:privoxy:2.9.1:pre-alpha:*:*:*:*:*:*",
"matchCriteriaId": "A20A71E4-128E-4ACD-BBB6-43211CE4635D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:privoxy:privoxy:2.9.2:pre-alpha:*:*:*:*:*:*",
"matchCriteriaId": "5DCE9358-4BD9-4DDE-BCBF-77EBFFC87C34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:privoxy:privoxy:2.9.3:pre-alpha:*:*:*:*:*:*",
"matchCriteriaId": "CBA4016D-0AED-4420-AD8B-90E4C8CA92ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:privoxy:privoxy:2.9.11:alpha:*:*:*:*:*:*",
"matchCriteriaId": "DF369E54-AC85-4B9C-A1D6-6BC02E5D85FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:privoxy:privoxy:2.9.11:beta:*:*:*:*:*:*",
"matchCriteriaId": "5984D5CE-6B00-47BA-928D-05528F3C03F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:privoxy:privoxy:2.9.11:pre-alpha:*:*:*:*:*:*",
"matchCriteriaId": "F2804EA5-A5E4-42CB-A664-87283F93C051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:privoxy:privoxy:2.9.12:beta:*:*:*:*:*:*",
"matchCriteriaId": "2C12A900-DB42-4768-B21A-2ECBFC3CE5FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:privoxy:privoxy:2.9.13:beta:*:*:*:*:*:*",
"matchCriteriaId": "94547AE0-1A7B-4333-A183-F3B9AF513DB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:privoxy:privoxy:2.9.14:beta:*:*:*:*:*:*",
"matchCriteriaId": "CD61EC05-42E0-477C-9F2E-57E9B8098AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:privoxy:privoxy:2.9.16:*:*:*:*:*:*:*",
"matchCriteriaId": "F3CE3E34-2791-467C-A8BC-20B79CD3543B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:privoxy:privoxy:2.9.18:*:*:*:*:*:*:*",
"matchCriteriaId": "6EE1B847-C52B-4ECF-8940-4F32F460117C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:privoxy:privoxy:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E143B2E-D791-4AE2-822C-906DCA8C82D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:privoxy:privoxy:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A1702E56-2D3F-4CF2-A1E6-F2986D19063D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:privoxy:privoxy:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A93EAF26-F70F-4414-A742-F1853D7D3902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:privoxy:privoxy:3.0.5:beta:*:*:*:*:*:*",
"matchCriteriaId": "DFFBAC97-D7F3-494E-8FC3-4FB9CA6B3694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:privoxy:privoxy:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "73FF893F-F6A5-461E-AA91-BA69736FD18C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:privoxy:privoxy:3.0.7:beta:*:*:*:*:*:*",
"matchCriteriaId": "3F356C47-8E6E-4180-87B5-201C685F316F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:privoxy:privoxy:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2E166-0116-4A0F-AEF7-9DFFFBC664D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:privoxy:privoxy:3.0.9:beta:*:*:*:*:*:*",
"matchCriteriaId": "5F01BA20-AAF9-43FA-89BC-F5812FDD38BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:privoxy:privoxy:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0B591EBC-6E9D-45BC-9C23-D9B9C5487162",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:privoxy:privoxy:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B13F22D3-0DF2-40E0-BD05-9033BBDF8CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:privoxy:privoxy:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "40C8E4D4-0F17-49B1-A7B3-DCA711821814",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:privoxy:privoxy:3.0.13:beta:*:*:*:*:*:*",
"matchCriteriaId": "A87CEFA0-2A71-442C-859C-8EA51D6731B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:privoxy:privoxy:3.0.14:beta:*:*:*:*:*:*",
"matchCriteriaId": "2ABA3C9F-4428-40E4-AF52-2AFD2697BB18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:privoxy:privoxy:3.0.15:beta:*:*:*:*:*:*",
"matchCriteriaId": "6DECA040-228B-4482-AA40-68BBD86ED87E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:privoxy:privoxy:3.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C0B9FAB7-A1E6-4351-8D8C-21E7C376034A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:privoxy:privoxy:3.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "4F8826FB-0302-4E5C-8C00-EBF1E1EBFBBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:privoxy:privoxy:3.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "9B5846DF-36AA-4A85-82DC-7450C3F8A8E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:privoxy:privoxy:3.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "6BCD9081-42B8-4E5D-8B03-76B1701C6EC0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code."
},
{
"lang": "es",
"value": "Privoxy anterior a v3.0.21 no maneja adecuadamente las cabeceras Proxy-Authenticate y Proxy-Authorization en el flujo de datos del cliente, lo que facilita a servidores remotoso HTTP suplantar el servicio proxy establecido a trav\u00e9s de un c\u00f3digo de estado 407 (Aka Proxy Authentication Required)"
}
],
"id": "CVE-2013-2503",
"lastModified": "2024-11-21T01:51:53.393",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-11T17:55:01.830",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://blog.c22.cc/2013/03/11/privoxy-proxy-authentication-credential-exposure-cve-2013-2503/"
},
{
"source": "cve@mitre.org",
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.188\u0026view=markup"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00118.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://blog.c22.cc/2013/03/11/privoxy-proxy-authentication-credential-exposure-cve-2013-2503/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.188\u0026view=markup"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00118.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-24 13:15
Modified
2024-11-21 04:42
Severity ?
7.7 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of privoxy on openSUSE Leap 15.1, Factory allows local attackers to escalate from user privoxy to root. This issue affects: openSUSE Leap 15.1 privoxy version 3.0.28-lp151.1.1 and prior versions. openSUSE Factory privoxy version 3.0.28-2.1 and prior versions.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| meissner@suse.de | https://bugzilla.suse.com/show_bug.cgi?id=1157449 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.suse.com/show_bug.cgi?id=1157449 | Issue Tracking, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "047348C8-FA0E-4849-B854-B2E5399AC343",
"versionEndExcluding": "3.0.28-lp151.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93A494D0-EDE0-43AC-A2D9-D0944B81D21A",
"versionEndExcluding": "3.0.28-2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensuse:factory:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E29492E1-43D8-43BF-94E3-26A762A66FAA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of privoxy on openSUSE Leap 15.1, Factory allows local attackers to escalate from user privoxy to root. This issue affects: openSUSE Leap 15.1 privoxy version 3.0.28-lp151.1.1 and prior versions. openSUSE Factory privoxy version 3.0.28-2.1 and prior versions."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo UNIX Symbolic Link (Symlink) Following en el empaquetado de privoxy en openSUSE Leap versi\u00f3n 15.1, Factory permite a atacantes locales escalar desde un usuario privoxy a root. Este problema afecta a: privoxy versi\u00f3n 3.0.28-lp151.1.1 y versiones anteriores, de openSUSE Leap versi\u00f3n 15.1 y privoxy versi\u00f3n 3.0.28-2.1 y versiones anteriores, de OpenSUSE Factory."
}
],
"id": "CVE-2019-3699",
"lastModified": "2024-11-21T04:42:21.543",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 5.2,
"source": "meissner@suse.de",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-24T13:15:11.107",
"references": [
{
"source": "meissner@suse.de",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1157449"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1157449"
}
],
"sourceIdentifier": "meissner@suse.de",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "meissner@suse.de",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-25 19:15
Modified
2024-11-21 05:46
Severity ?
Summary
A flaw was found in Privoxy in versions before 3.0.29. Memory leak when client tags are active can cause a system crash.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1928733 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| secalert@redhat.com | https://www.privoxy.org/3.0.29/user-manual/whatsnew.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1928733 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.privoxy.org/3.0.29/user-manual/whatsnew.html | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C2D9175-6366-48B3-BE07-97C0C153D2EC",
"versionEndExcluding": "3.0.29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Privoxy in versions before 3.0.29. Memory leak when client tags are active can cause a system crash."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo en Privoxy en versiones anteriores a 3.0.29.\u0026#xa0;Una p\u00e9rdida de memoria cuando las etiquetas de cliente est\u00e1n activas puede causar un bloqueo del sistema"
}
],
"id": "CVE-2021-20211",
"lastModified": "2024-11-21T05:46:08.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-25T19:15:12.783",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928733"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-16"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928733"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-09 14:15
Modified
2024-11-21 05:46
Severity ?
Summary
A flaw was found in privoxy before 3.0.32. A invalid read of size two may occur in chunked_body_is_complete() leading to denial of service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1936666 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html | Third Party Advisory | |
| secalert@redhat.com | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| secalert@redhat.com | https://www.privoxy.org/announce.txt | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1936666 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.privoxy.org/announce.txt | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| privoxy | privoxy | * | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10E713A2-B544-465F-BC87-FD2A43B8B5A2",
"versionEndExcluding": "3.0.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in privoxy before 3.0.32. A invalid read of size two may occur in chunked_body_is_complete() leading to denial of service."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo en privoxy versiones anteriores a 3.0.32.\u0026#xa0;Una lectura no v\u00e1lida de tama\u00f1o dos puede ocurrir en la funci\u00f3n chunked_body_is_complete() conllevando a una denegaci\u00f3n de servicio"
}
],
"id": "CVE-2021-20275",
"lastModified": "2024-11-21T05:46:15.757",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-09T14:15:12.943",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936666"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-16"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.privoxy.org/announce.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936666"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.privoxy.org/announce.txt"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-25 19:15
Modified
2024-11-21 05:27
Severity ?
Summary
A flaw was found in Privoxy in versions before 3.0.29. Memory leaks when a response is buffered and the buffer limit is reached or Privoxy is running out of memory can lead to a system crash.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1928749 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| secalert@redhat.com | https://www.privoxy.org/3.0.29/user-manual/whatsnew.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1928749 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.privoxy.org/3.0.29/user-manual/whatsnew.html | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C2D9175-6366-48B3-BE07-97C0C153D2EC",
"versionEndExcluding": "3.0.29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Privoxy in versions before 3.0.29. Memory leaks when a response is buffered and the buffer limit is reached or Privoxy is running out of memory can lead to a system crash."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo en Privoxy en versiones anteriores a 3.0.29.\u0026#xa0;Unas p\u00e9rdidas de memoria cuando una respuesta es almacenada en el b\u00fafer y es alcanzado el l\u00edmite del b\u00fafer o Privoxy se est\u00e1 quedando sin memoria pueden conllevar a un bloqueo del sistema"
}
],
"id": "CVE-2020-35502",
"lastModified": "2024-11-21T05:27:26.427",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-25T19:15:12.610",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928749"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-16"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928749"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-23 20:15
Modified
2024-11-21 06:31
Severity ?
Summary
A memory leak vulnerability was found in Privoxy when handling errors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "068EEA45-2037-4304-9959-A789314617F7",
"versionEndExcluding": "3.0.33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A memory leak vulnerability was found in Privoxy when handling errors."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad de filtrado de memoria en Privoxy cuando se manejan errores"
}
],
"id": "CVE-2021-44542",
"lastModified": "2024-11-21T06:31:11.863",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-23T20:15:12.043",
"references": [
{
"source": "secalert@redhat.com",
"url": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2C"
},
{
"source": "secalert@redhat.com",
"url": "https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=c48d1d6d08"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2C"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=c48d1d6d08"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-23 20:15
Modified
2024-11-21 06:31
Severity ?
Summary
A vulnerability was found in Privoxy which was fixed in process_encrypted_request_headers() by freeing header memory when failing to get the request destination.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "068EEA45-2037-4304-9959-A789314617F7",
"versionEndExcluding": "3.0.33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Privoxy which was fixed in process_encrypted_request_headers() by freeing header memory when failing to get the request destination."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Privoxy que fue corregida en la funci\u00f3n process_encrypted_request_headers(), al liberar la memoria de los encabezados cuando fallaba la obtenci\u00f3n del destino de la petici\u00f3n"
}
],
"id": "CVE-2021-44541",
"lastModified": "2024-11-21T06:31:11.753",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-23T20:15:11.990",
"references": [
{
"source": "secalert@redhat.com",
"url": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2C"
},
{
"source": "secalert@redhat.com",
"url": "https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=652b4b7cb0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2C"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=652b4b7cb0"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-25 19:15
Modified
2024-11-21 05:46
Severity ?
Summary
A flaw was found in Privoxy in versions before 3.0.29. Memory leak in the show-status CGI handler when no filter files are configured can lead to a system crash.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1928729 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| secalert@redhat.com | https://www.privoxy.org/3.0.29/user-manual/whatsnew.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1928729 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.privoxy.org/3.0.29/user-manual/whatsnew.html | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C2D9175-6366-48B3-BE07-97C0C153D2EC",
"versionEndExcluding": "3.0.29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Privoxy in versions before 3.0.29. Memory leak in the show-status CGI handler when no filter files are configured can lead to a system crash."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo en Privoxy en versiones anteriores a 3.0.29.\u0026#xa0;Una p\u00e9rdida de memoria en el controlador CGI show-status cuando no son configurados archivos de filtro puede conllevar a un bloqueo del sistema"
}
],
"id": "CVE-2021-20210",
"lastModified": "2024-11-21T05:46:08.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-25T19:15:12.703",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928729"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-16"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928729"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-02-10 19:59
Modified
2024-11-21 02:24
Severity ?
Summary
Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow remote attackers to have unspecified impact via vectors related to (1) the unmap function in list.c or (2) "two additional unconfirmed use-after-free complaints made by Coverity scan." NOTE: some of these details are obtained from third party information.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "863E74D4-45BB-4FC3-BAD0-CF4EBD5395A7",
"versionEndIncluding": "3.0.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow remote attackers to have unspecified impact via vectors related to (1) the unmap function in list.c or (2) \"two additional unconfirmed use-after-free complaints made by Coverity scan.\" NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de uso despu\u00e9s de liberaci\u00f3n en Privoxy anterior a 3.0.22 permiten a atacantes remotos tener un impacto no especificado a trav\u00e9s de vectores relacionados con (1) la funci\u00f3n unmap en list.c o (2) \u0027las dos quejas adicionales de uso despu\u00e9s de liberaci\u00f3n no confirmado realizadas por Coverity scan.\u0027 NOTA: algunos de estos detalles se obtienen de informaci\u00f3n de terceras partes."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/416.html\"\u003eCWE-416: Use After Free\u003c/a\u003e",
"id": "CVE-2015-1031",
"lastModified": "2024-11-21T02:24:30.753",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-02-10T19:59:01.257",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/62123"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3133"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/01/11/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.privoxy.org/announce.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/01/11/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.privoxy.org/announce.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-02-03 16:59
Modified
2024-11-21 02:25
Severity ?
Summary
parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AABC281-0843-461B-92C1-93D93F8B4D94",
"versionEndIncluding": "3.0.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header."
},
{
"lang": "es",
"value": "parsers.c en Privoxy anterior a 3.0.23 permite a atacantes remotos causar una denegaci\u00f3n de servicio (lectura inv\u00e1lida y ca\u00edda) a trav\u00e9s de vectores relacionados con una cabecera de tiempos de HTTP."
}
],
"id": "CVE-2015-1382",
"lastModified": "2024-11-21T02:25:18.720",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-02-03T16:59:13.563",
"references": [
{
"source": "cve@mitre.org",
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197\u0026view=markup"
},
{
"source": "cve@mitre.org",
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.297\u0026r2=1.298"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/62775"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/62899"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2015/dsa-3145"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/01/26/4"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/01/27/20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197\u0026view=markup"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.297\u0026r2=1.298"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62775"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/01/26/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/01/27/20"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-25 19:15
Modified
2024-11-21 05:46
Severity ?
Summary
A flaw was found in Privoxy in versions before 3.0.29. Memory leak if multiple filters are executed and the last one is skipped due to a pcre error leading to a system crash.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1928736 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| secalert@redhat.com | https://www.privoxy.org/3.0.29/user-manual/whatsnew.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1928736 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.privoxy.org/3.0.29/user-manual/whatsnew.html | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C2D9175-6366-48B3-BE07-97C0C153D2EC",
"versionEndExcluding": "3.0.29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Privoxy in versions before 3.0.29. Memory leak if multiple filters are executed and the last one is skipped due to a pcre error leading to a system crash."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo en Privoxy en versiones anteriores a 3.0.29.\u0026#xa0;Una p\u00e9rdida de memoria si son ejecutados m\u00faltiples filtros y es omitido el \u00faltimo debido a un error pcre conlleva un bloqueo del sistema"
}
],
"id": "CVE-2021-20212",
"lastModified": "2024-11-21T05:46:08.457",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-25T19:15:12.877",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928736"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-16"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928736"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-25 19:15
Modified
2024-11-21 05:46
Severity ?
Summary
A flaw was found in Privoxy in versions before 3.0.29. Dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header and a memory allocation failed.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1928739 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| secalert@redhat.com | https://www.privoxy.org/3.0.29/user-manual/whatsnew.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1928739 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.privoxy.org/3.0.29/user-manual/whatsnew.html | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C2D9175-6366-48B3-BE07-97C0C153D2EC",
"versionEndExcluding": "3.0.29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Privoxy in versions before 3.0.29. Dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header and a memory allocation failed."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo en Privoxy en versiones anteriores a 3.0.29.\u0026#xa0;Una desreferencia de un puntero NULL podr\u00eda resultar en un bloqueo si se habilitaba accept-intercepted-requests, Privoxy fall\u00f3 en obtener el destino de la petici\u00f3n del encabezado del host y fall\u00f3 en la asignaci\u00f3n de memoria"
}
],
"id": "CVE-2021-20213",
"lastModified": "2024-11-21T05:46:08.563",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-25T19:15:12.970",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928739"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-16"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928739"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-01-27 20:59
Modified
2024-11-21 02:47
Severity ?
Summary
The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "134496F0-9094-4783-AC1B-237D9C9D79B6",
"versionEndIncluding": "3.0.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header."
},
{
"lang": "es",
"value": "La funci\u00f3n client_host en parsers.c en Privoxy en versiones anteriores a 3.0.24 permite a atacantes remotos causar una denegaci\u00f3n de servicio (lectura no v\u00e1lida y ca\u00edda) a trav\u00e9s de una cabecera HTTP Host vac\u00eda."
}
],
"id": "CVE-2016-1983",
"lastModified": "2024-11-21T02:47:29.290",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-27T20:59:04.297",
"references": [
{
"source": "cve@mitre.org",
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.302\u0026r2=1.303"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176475.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176492.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3460"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2016/01/21/4"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2016/01/22/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.privoxy.org/announce.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.302\u0026r2=1.303"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176475.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176492.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2016/01/21/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2016/01/22/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.privoxy.org/announce.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-09 14:15
Modified
2024-11-21 05:46
Severity ?
Summary
A flaw was found in privoxy before 3.0.32. A crash can occur via a crafted CGI request if Privoxy is toggled off.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1936658 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html | Third Party Advisory | |
| secalert@redhat.com | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| secalert@redhat.com | https://www.privoxy.org/announce.txt | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1936658 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.privoxy.org/announce.txt | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| privoxy | privoxy | * | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10E713A2-B544-465F-BC87-FD2A43B8B5A2",
"versionEndExcluding": "3.0.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in privoxy before 3.0.32. A crash can occur via a crafted CGI request if Privoxy is toggled off."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo en privoxy versiones anteriores a 3.0.32.\u0026#xa0;Se puede presentar un bloqueo por medio de una petici\u00f3n CGI dise\u00f1ada si Privoxy est\u00e1 desactivado"
}
],
"id": "CVE-2021-20273",
"lastModified": "2024-11-21T05:46:15.507",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-09T14:15:12.757",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936658"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-16"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.privoxy.org/announce.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.privoxy.org/announce.txt"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-01-20 15:59
Modified
2024-11-21 02:24
Severity ?
Summary
Memory leak in the rfc2553_connect_to function in jbsocket.c in Privoxy before 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests that are rejected because the socket limit is reached.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "863E74D4-45BB-4FC3-BAD0-CF4EBD5395A7",
"versionEndIncluding": "3.0.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Memory leak in the rfc2553_connect_to function in jbsocket.c in Privoxy before 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests that are rejected because the socket limit is reached."
},
{
"lang": "es",
"value": "Fuga de memoria en la funci\u00f3n rfc2553_connect_to en jbsocket.c en Privoxy anterior a 3.0.22 permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de memoria) a trav\u00e9s de un n\u00famero grande de solicitudes que son rechazadas porque se ha alcanzado el l\u00edmite del socket."
}
],
"id": "CVE-2015-1030",
"lastModified": "2024-11-21T02:24:30.613",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-01-20T15:59:09.360",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/62123"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/01/11/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.privoxy.org/announce.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/01/11/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.privoxy.org/announce.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-01-20 15:59
Modified
2024-11-21 02:24
Severity ?
Summary
Privoxy before 3.0.22 allows remote attackers to cause a denial of service (file descriptor consumption) via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "863E74D4-45BB-4FC3-BAD0-CF4EBD5395A7",
"versionEndIncluding": "3.0.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Privoxy before 3.0.22 allows remote attackers to cause a denial of service (file descriptor consumption) via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
},
{
"lang": "es",
"value": "Privoxy anterior a 3.0.22 permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo del descriptor de ficheros) a trav\u00e9s de vectores no especificados. NOTA: el origen de esta informaci\u00f3n es desconocido; los detalles se obtienen \u00fanicamente de informaci\u00f3n de terceras partes."
}
],
"id": "CVE-2015-1201",
"lastModified": "2024-11-21T02:24:52.280",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-01-20T15:59:10.390",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/62123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62123"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-25 19:15
Modified
2024-11-21 05:46
Severity ?
Summary
A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the show-status CGI handler when memory allocations fail can lead to a system crash.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1928746 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| secalert@redhat.com | https://www.privoxy.org/3.0.29/user-manual/whatsnew.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1928746 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.privoxy.org/3.0.29/user-manual/whatsnew.html | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C2D9175-6366-48B3-BE07-97C0C153D2EC",
"versionEndExcluding": "3.0.29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the show-status CGI handler when memory allocations fail can lead to a system crash."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo en Privoxy en versiones anteriores a 3.0.29.\u0026#xa0;Unas p\u00e9rdidas de memoria en el manejador CGI show-status cuando un fallo de las asignaciones de memoria puede conllevar a un bloqueo del sistema"
}
],
"id": "CVE-2021-20215",
"lastModified": "2024-11-21T05:46:08.787",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-25T19:15:13.127",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928746"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-16"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-23 20:15
Modified
2024-11-21 06:31
Severity ?
Summary
A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by freeing memory of compiled pattern spec before bailing.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "068EEA45-2037-4304-9959-A789314617F7",
"versionEndExcluding": "3.0.33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by freeing memory of compiled pattern spec before bailing."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en Privoxy que ha sido corregida en la funci\u00f3n get_url_spec_param(), al liberar la memoria de la especificaci\u00f3n del patr\u00f3n compilado antes de abandonar"
}
],
"id": "CVE-2021-44540",
"lastModified": "2024-11-21T06:31:11.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-23T20:15:11.940",
"references": [
{
"source": "secalert@redhat.com",
"url": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2C"
},
{
"source": "secalert@redhat.com",
"url": "https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=652b4b7cb0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2C"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=652b4b7cb0"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-23 20:15
Modified
2024-11-21 06:31
Severity ?
Summary
An XSS vulnerability was found in Privoxy which was fixed in cgi_error_no_template() by encode the template name when Privoxy is configured to servce the user-manual itself.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "068EEA45-2037-4304-9959-A789314617F7",
"versionEndExcluding": "3.0.33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An XSS vulnerability was found in Privoxy which was fixed in cgi_error_no_template() by encode the template name when Privoxy is configured to servce the user-manual itself."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad de tipo XSS en Privoxy que fue corregida en la funci\u00f3n cgi_error_no_template(), al codificar el nombre de la plantilla cuando Privoxy est\u00e1 configurado para servir el propio manual de usuario"
}
],
"id": "CVE-2021-44543",
"lastModified": "2024-11-21T06:31:11.973",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-23T20:15:12.097",
"references": [
{
"source": "secalert@redhat.com",
"url": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2C"
},
{
"source": "secalert@redhat.com",
"url": "https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=0e668e9409c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2C"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=0e668e9409c"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-02-03 16:59
Modified
2024-11-21 02:25
Severity ?
Summary
Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AABC281-0843-461B-92C1-93D93F8B4D94",
"versionEndIncluding": "3.0.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades no especificadas en pcrs.c en Privoxy anterior a 3.0.23 permiten a atacantes remotos causar una denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n o consumo de memoria) a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-1381",
"lastModified": "2024-11-21T02:25:18.563",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-02-03T16:59:12.687",
"references": [
{
"source": "cve@mitre.org",
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197\u0026view=markup"
},
{
"source": "cve@mitre.org",
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/pcrs.c?r1=1.46\u0026r2=1.47"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/62775"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/62899"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2015/dsa-3145"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/01/26/4"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/01/27/20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197\u0026view=markup"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/pcrs.c?r1=1.46\u0026r2=1.47"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62775"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/01/26/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/01/27/20"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-25 20:15
Modified
2024-11-21 05:46
Severity ?
Summary
A memory leak vulnerability was found in Privoxy before 3.0.29 in the show-status CGI handler when no action files are configured.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1928726 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| secalert@redhat.com | https://www.privoxy.org/3.0.29/user-manual/whatsnew.html | Release Notes, Vendor Advisory | |
| secalert@redhat.com | https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=c62254a686 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1928726 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202107-16 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.privoxy.org/3.0.29/user-manual/whatsnew.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=c62254a686 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C2D9175-6366-48B3-BE07-97C0C153D2EC",
"versionEndExcluding": "3.0.29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A memory leak vulnerability was found in Privoxy before 3.0.29 in the show-status CGI handler when no action files are configured."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad de fuga de memoria en Privoxy versiones anteriores a 3.0.29 en el manejador CGI del show-status cuando no se configuraron archivos de acci\u00f3n"
}
],
"id": "CVE-2021-20209",
"lastModified": "2024-11-21T05:46:08.107",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-25T20:15:07.610",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928726"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-16"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=c62254a686"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928726"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=c62254a686"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2015-1031
Vulnerability from cvelistv5
Published
2015-02-10 19:00
Modified
2024-08-06 04:33
Severity ?
EPSS score ?
Summary
Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow remote attackers to have unspecified impact via vectors related to (1) the unmap function in list.c or (2) "two additional unconfirmed use-after-free complaints made by Coverity scan." NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2015/dsa-3133 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/62123 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2015/01/11/1 | mailing-list, x_refsource_MLIST | |
| http://www.privoxy.org/announce.txt | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:33:19.316Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3133"
},
{
"name": "62123",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62123"
},
{
"name": "[oss-security] 20150110 Re: CVE Request for Privoxy Version: 3.0.22",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/11/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.privoxy.org/announce.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow remote attackers to have unspecified impact via vectors related to (1) the unmap function in list.c or (2) \"two additional unconfirmed use-after-free complaints made by Coverity scan.\" NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-02-19T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3133"
},
{
"name": "62123",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62123"
},
{
"name": "[oss-security] 20150110 Re: CVE Request for Privoxy Version: 3.0.22",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/11/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.privoxy.org/announce.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1031",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow remote attackers to have unspecified impact via vectors related to (1) the unmap function in list.c or (2) \"two additional unconfirmed use-after-free complaints made by Coverity scan.\" NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3133",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3133"
},
{
"name": "62123",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62123"
},
{
"name": "[oss-security] 20150110 Re: CVE Request for Privoxy Version: 3.0.22",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/11/1"
},
{
"name": "http://www.privoxy.org/announce.txt",
"refsource": "CONFIRM",
"url": "http://www.privoxy.org/announce.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1031",
"datePublished": "2015-02-10T19:00:00",
"dateReserved": "2015-01-10T00:00:00",
"dateUpdated": "2024-08-06T04:33:19.316Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1381
Vulnerability from cvelistv5
Published
2015-02-03 16:00
Modified
2024-08-06 04:40
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2015/01/26/4 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/62899 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2015/dsa-3145 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/62775 | third-party-advisory, x_refsource_SECUNIA | |
| http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197&view=markup | x_refsource_CONFIRM | |
| http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/pcrs.c?r1=1.46&r2=1.47 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2015/01/27/20 | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:40:18.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20150126 CVE request for Privoxy",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/26/4"
},
{
"name": "62899",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62899"
},
{
"name": "DSA-3145",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3145"
},
{
"name": "62775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62775"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197\u0026view=markup"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/pcrs.c?r1=1.46\u0026r2=1.47"
},
{
"name": "[oss-security] 20150127 Re: CVE request for Privoxy",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/27/20"
},
{
"name": "openSUSE-SU-2015:0230",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-02-12T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20150126 CVE request for Privoxy",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/26/4"
},
{
"name": "62899",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62899"
},
{
"name": "DSA-3145",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3145"
},
{
"name": "62775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62775"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197\u0026view=markup"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/pcrs.c?r1=1.46\u0026r2=1.47"
},
{
"name": "[oss-security] 20150127 Re: CVE request for Privoxy",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/27/20"
},
{
"name": "openSUSE-SU-2015:0230",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150126 CVE request for Privoxy",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/26/4"
},
{
"name": "62899",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62899"
},
{
"name": "DSA-3145",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3145"
},
{
"name": "62775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62775"
},
{
"name": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197\u0026view=markup",
"refsource": "CONFIRM",
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197\u0026view=markup"
},
{
"name": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/pcrs.c?r1=1.46\u0026r2=1.47",
"refsource": "CONFIRM",
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/pcrs.c?r1=1.46\u0026r2=1.47"
},
{
"name": "[oss-security] 20150127 Re: CVE request for Privoxy",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/27/20"
},
{
"name": "openSUSE-SU-2015:0230",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1381",
"datePublished": "2015-02-03T16:00:00",
"dateReserved": "2015-01-27T00:00:00",
"dateUpdated": "2024-08-06T04:40:18.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20276
Vulnerability from cvelistv5
Published
2021-03-09 13:12
Modified
2024-08-03 17:37
Severity ?
EPSS score ?
Summary
A flaw was found in privoxy before 3.0.32. Invalid memory access with an invalid pattern passed to pcre_compile() may lead to denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.privoxy.org/announce.txt | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1936668 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/202107-16 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:37:23.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.privoxy.org/announce.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936668"
},
{
"name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2587-1] privoxy security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "privoxy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "privoxy 3.0.32"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in privoxy before 3.0.32. Invalid memory access with an invalid pattern passed to pcre_compile() may lead to denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-08T06:06:47",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.privoxy.org/announce.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936668"
},
{
"name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2587-1] privoxy security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "privoxy",
"version": {
"version_data": [
{
"version_value": "privoxy 3.0.32"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in privoxy before 3.0.32. Invalid memory access with an invalid pattern passed to pcre_compile() may lead to denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.privoxy.org/announce.txt",
"refsource": "MISC",
"url": "https://www.privoxy.org/announce.txt"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1936668",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936668"
},
{
"name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2587-1] privoxy security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html"
},
{
"name": "GLSA-202107-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20276",
"datePublished": "2021-03-09T13:12:35",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:37:23.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-44540
Vulnerability from cvelistv5
Published
2021-12-23 19:48
Modified
2024-08-04 04:25
Severity ?
EPSS score ?
Summary
A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by freeing memory of compiled pattern spec before bailing.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2C | x_refsource_MISC | |
| https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=652b4b7cb0 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:25:16.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2C"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=652b4b7cb0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Privoxy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Privoxy 3.0.33"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by freeing memory of compiled pattern spec before bailing."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-23T19:48:42",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2C"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=652b4b7cb0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-44540",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Privoxy",
"version": {
"version_data": [
{
"version_value": "Privoxy 3.0.33"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by freeing memory of compiled pattern spec before bailing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html,",
"refsource": "MISC",
"url": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html,"
},
{
"name": "https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=652b4b7cb0",
"refsource": "MISC",
"url": "https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=652b4b7cb0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-44540",
"datePublished": "2021-12-23T19:48:42",
"dateReserved": "2021-12-03T00:00:00",
"dateUpdated": "2024-08-04T04:25:16.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20275
Vulnerability from cvelistv5
Published
2021-03-09 13:12
Modified
2024-08-03 17:37
Severity ?
EPSS score ?
Summary
A flaw was found in privoxy before 3.0.32. A invalid read of size two may occur in chunked_body_is_complete() leading to denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.privoxy.org/announce.txt | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1936666 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/202107-16 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:37:23.667Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.privoxy.org/announce.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936666"
},
{
"name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2587-1] privoxy security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "privoxy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "privoxy 3.0.32"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in privoxy before 3.0.32. A invalid read of size two may occur in chunked_body_is_complete() leading to denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-08T06:07:03",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.privoxy.org/announce.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936666"
},
{
"name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2587-1] privoxy security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20275",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "privoxy",
"version": {
"version_data": [
{
"version_value": "privoxy 3.0.32"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in privoxy before 3.0.32. A invalid read of size two may occur in chunked_body_is_complete() leading to denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.privoxy.org/announce.txt",
"refsource": "MISC",
"url": "https://www.privoxy.org/announce.txt"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1936666",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936666"
},
{
"name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2587-1] privoxy security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html"
},
{
"name": "GLSA-202107-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20275",
"datePublished": "2021-03-09T13:12:05",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:37:23.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20215
Vulnerability from cvelistv5
Published
2021-03-25 18:57
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the show-status CGI handler when memory allocations fail can lead to a system crash.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.privoxy.org/3.0.29/user-manual/whatsnew.html | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1928746 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202107-16 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.356Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928746"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "privoxy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Privoxy 3.0.29"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the show-status CGI handler when memory allocations fail can lead to a system crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-08T06:06:39",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928746"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20215",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "privoxy",
"version": {
"version_data": [
{
"version_value": "Privoxy 3.0.29"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the show-status CGI handler when memory allocations fail can lead to a system crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html",
"refsource": "MISC",
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1928746",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928746"
},
{
"name": "GLSA-202107-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20215",
"datePublished": "2021-03-25T18:57:41",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20274
Vulnerability from cvelistv5
Published
2021-03-09 13:11
Modified
2024-08-03 17:37
Severity ?
EPSS score ?
Summary
A flaw was found in privoxy before 3.0.32. A crash may occur due a NULL-pointer dereference when the socks server misbehaves.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.privoxy.org/announce.txt | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1936662 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202107-16 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:37:23.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.privoxy.org/announce.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936662"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "privoxy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "privoxy 3.0.32"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in privoxy before 3.0.32. A crash may occur due a NULL-pointer dereference when the socks server misbehaves."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-08T06:06:58",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.privoxy.org/announce.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936662"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "privoxy",
"version": {
"version_data": [
{
"version_value": "privoxy 3.0.32"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in privoxy before 3.0.32. A crash may occur due a NULL-pointer dereference when the socks server misbehaves."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.privoxy.org/announce.txt",
"refsource": "MISC",
"url": "https://www.privoxy.org/announce.txt"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1936662",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936662"
},
{
"name": "GLSA-202107-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20274",
"datePublished": "2021-03-09T13:11:46",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:37:23.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20212
Vulnerability from cvelistv5
Published
2021-03-25 18:57
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
A flaw was found in Privoxy in versions before 3.0.29. Memory leak if multiple filters are executed and the last one is skipped due to a pcre error leading to a system crash.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.privoxy.org/3.0.29/user-manual/whatsnew.html | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1928736 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202107-16 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928736"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "privoxy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Privoxy 3.0.29"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Privoxy in versions before 3.0.29. Memory leak if multiple filters are executed and the last one is skipped due to a pcre error leading to a system crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-08T06:06:41",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928736"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20212",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "privoxy",
"version": {
"version_data": [
{
"version_value": "Privoxy 3.0.29"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Privoxy in versions before 3.0.29. Memory leak if multiple filters are executed and the last one is skipped due to a pcre error leading to a system crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html",
"refsource": "MISC",
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1928736",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928736"
},
{
"name": "GLSA-202107-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20212",
"datePublished": "2021-03-25T18:57:16",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-1982
Vulnerability from cvelistv5
Published
2016-01-27 20:00
Modified
2024-08-05 23:17
Severity ?
EPSS score ?
Summary
The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2016/dsa-3460 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.openwall.com/lists/oss-security/2016/01/22/3 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/01/21/4 | mailing-list, x_refsource_MLIST | |
| http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176492.html | vendor-advisory, x_refsource_FEDORA | |
| http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176475.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.privoxy.org/announce.txt | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.331Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3460",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3460"
},
{
"name": "[oss-security] 20160121 Re: CVE request for Privoxy 3.0.24",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/22/3"
},
{
"name": "[oss-security] 20160121 CVE request for Privoxy 3.0.24",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/21/4"
},
{
"name": "FEDORA-2016-bc7acd24c6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176492.html"
},
{
"name": "FEDORA-2016-29995fbd42",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176475.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.privoxy.org/announce.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-02T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3460",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3460"
},
{
"name": "[oss-security] 20160121 Re: CVE request for Privoxy 3.0.24",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/22/3"
},
{
"name": "[oss-security] 20160121 CVE request for Privoxy 3.0.24",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/21/4"
},
{
"name": "FEDORA-2016-bc7acd24c6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176492.html"
},
{
"name": "FEDORA-2016-29995fbd42",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176475.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.privoxy.org/announce.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1982",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3460",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3460"
},
{
"name": "[oss-security] 20160121 Re: CVE request for Privoxy 3.0.24",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/22/3"
},
{
"name": "[oss-security] 20160121 CVE request for Privoxy 3.0.24",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/21/4"
},
{
"name": "FEDORA-2016-bc7acd24c6",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176492.html"
},
{
"name": "FEDORA-2016-29995fbd42",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176475.html"
},
{
"name": "http://www.privoxy.org/announce.txt",
"refsource": "CONFIRM",
"url": "http://www.privoxy.org/announce.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-1982",
"datePublished": "2016-01-27T20:00:00",
"dateReserved": "2016-01-21T00:00:00",
"dateUpdated": "2024-08-05T23:17:50.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-3699
Vulnerability from cvelistv5
Published
2020-01-24 12:25
Modified
2024-09-16 21:02
Severity ?
EPSS score ?
Summary
UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of privoxy on openSUSE Leap 15.1, Factory allows local attackers to escalate from user privoxy to root. This issue affects: openSUSE Leap 15.1 privoxy version 3.0.28-lp151.1.1 and prior versions. openSUSE Factory privoxy version 3.0.28-2.1 and prior versions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1157449 | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:17.418Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1157449"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Leap 15.1",
"vendor": "openSUSE",
"versions": [
{
"lessThanOrEqual": "3.0.28-lp151.1.1",
"status": "affected",
"version": "privoxy",
"versionType": "custom"
}
]
},
{
"product": "Factory",
"vendor": "openSUSE",
"versions": [
{
"lessThanOrEqual": "3.0.28-2.1",
"status": "affected",
"version": "privoxy",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Johannes Segitz of SUSE"
}
],
"datePublic": "2020-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of privoxy on openSUSE Leap 15.1, Factory allows local attackers to escalate from user privoxy to root. This issue affects: openSUSE Leap 15.1 privoxy version 3.0.28-lp151.1.1 and prior versions. openSUSE Factory privoxy version 3.0.28-2.1 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-20T15:45:08",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1157449"
}
],
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1157449",
"defect": [
"1157449"
],
"discovery": "INTERNAL"
},
"title": "Local privilege escalation from user privoxy to root",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2020-01-24T00:00:00.000Z",
"ID": "CVE-2019-3699",
"STATE": "PUBLIC",
"TITLE": "Local privilege escalation from user privoxy to root"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Leap 15.1",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "privoxy",
"version_value": "3.0.28-lp151.1.1"
}
]
}
},
{
"product_name": "Factory",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "privoxy",
"version_value": "3.0.28-2.1"
}
]
}
}
]
},
"vendor_name": "openSUSE"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Johannes Segitz of SUSE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of privoxy on openSUSE Leap 15.1, Factory allows local attackers to escalate from user privoxy to root. This issue affects: openSUSE Leap 15.1 privoxy version 3.0.28-lp151.1.1 and prior versions. openSUSE Factory privoxy version 3.0.28-2.1 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1157449",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1157449"
}
]
},
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1157449",
"defect": [
"1157449"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2019-3699",
"datePublished": "2020-01-24T12:25:12.967744Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T21:02:19.137Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20273
Vulnerability from cvelistv5
Published
2021-03-09 13:11
Modified
2024-08-03 17:37
Severity ?
EPSS score ?
Summary
A flaw was found in privoxy before 3.0.32. A crash can occur via a crafted CGI request if Privoxy is toggled off.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.privoxy.org/announce.txt | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1936658 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/202107-16 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:37:23.083Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.privoxy.org/announce.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936658"
},
{
"name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2587-1] privoxy security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "privoxy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "privoxy 3.0.32"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in privoxy before 3.0.32. A crash can occur via a crafted CGI request if Privoxy is toggled off."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-08T06:07:07",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.privoxy.org/announce.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936658"
},
{
"name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2587-1] privoxy security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "privoxy",
"version": {
"version_data": [
{
"version_value": "privoxy 3.0.32"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in privoxy before 3.0.32. A crash can occur via a crafted CGI request if Privoxy is toggled off."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.privoxy.org/announce.txt",
"refsource": "MISC",
"url": "https://www.privoxy.org/announce.txt"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1936658",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936658"
},
{
"name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2587-1] privoxy security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html"
},
{
"name": "GLSA-202107-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20273",
"datePublished": "2021-03-09T13:11:17",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:37:23.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-44541
Vulnerability from cvelistv5
Published
2021-12-23 19:48
Modified
2024-08-04 04:25
Severity ?
EPSS score ?
Summary
A vulnerability was found in Privoxy which was fixed in process_encrypted_request_headers() by freeing header memory when failing to get the request destination.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2C | x_refsource_MISC | |
| https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=652b4b7cb0 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:25:16.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2C"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=652b4b7cb0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Privoxy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Privoxy 3.0.33"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Privoxy which was fixed in process_encrypted_request_headers() by freeing header memory when failing to get the request destination."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-23T19:48:42",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2C"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=652b4b7cb0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-44541",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Privoxy",
"version": {
"version_data": [
{
"version_value": "Privoxy 3.0.33"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Privoxy which was fixed in process_encrypted_request_headers() by freeing header memory when failing to get the request destination."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html,",
"refsource": "MISC",
"url": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html,"
},
{
"name": "https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=652b4b7cb0",
"refsource": "MISC",
"url": "https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=652b4b7cb0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-44541",
"datePublished": "2021-12-23T19:48:42",
"dateReserved": "2021-12-03T00:00:00",
"dateUpdated": "2024-08-04T04:25:16.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2503
Vulnerability from cvelistv5
Published
2013-03-11 17:00
Modified
2024-08-06 15:44
Severity ?
EPSS score ?
Summary
Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code.
References
| ▼ | URL | Tags |
|---|---|---|
| http://blog.c22.cc/2013/03/11/privoxy-proxy-authentication-credential-exposure-cve-2013-2503/ | x_refsource_MISC | |
| http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.188&view=markup | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-updates/2013-03/msg00118.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.c22.cc/2013/03/11/privoxy-proxy-authentication-credential-exposure-cve-2013-2503/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.188\u0026view=markup"
},
{
"name": "openSUSE-SU-2013:0564",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00118.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-03-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-04-11T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.c22.cc/2013/03/11/privoxy-proxy-authentication-credential-exposure-cve-2013-2503/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.188\u0026view=markup"
},
{
"name": "openSUSE-SU-2013:0564",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00118.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2503",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.c22.cc/2013/03/11/privoxy-proxy-authentication-credential-exposure-cve-2013-2503/",
"refsource": "MISC",
"url": "http://blog.c22.cc/2013/03/11/privoxy-proxy-authentication-credential-exposure-cve-2013-2503/"
},
{
"name": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.188\u0026view=markup",
"refsource": "CONFIRM",
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.188\u0026view=markup"
},
{
"name": "openSUSE-SU-2013:0564",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00118.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2503",
"datePublished": "2013-03-11T17:00:00",
"dateReserved": "2013-03-07T00:00:00",
"dateUpdated": "2024-08-06T15:44:32.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20216
Vulnerability from cvelistv5
Published
2021-03-25 18:57
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
A flaw was found in Privoxy in versions before 3.0.31. A memory leak that occurs when decompression fails unexpectedly may lead to a denial of service. The highest threat from this vulnerability is to system availability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1923256 | x_refsource_MISC | |
| https://www.openwall.com/lists/oss-security/2021/01/31/2 | x_refsource_MISC | |
| https://www.privoxy.org/3.0.31/user-manual/whatsnew.html | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202107-16 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.787Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923256"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2021/01/31/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.privoxy.org/3.0.31/user-manual/whatsnew.html"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "privoxy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "privoxy 3.0.31"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Privoxy in versions before 3.0.31. A memory leak that occurs when decompression fails unexpectedly may lead to a denial of service. The highest threat from this vulnerability is to system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-08T06:07:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923256"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2021/01/31/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.privoxy.org/3.0.31/user-manual/whatsnew.html"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20216",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "privoxy",
"version": {
"version_data": [
{
"version_value": "privoxy 3.0.31"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Privoxy in versions before 3.0.31. A memory leak that occurs when decompression fails unexpectedly may lead to a denial of service. The highest threat from this vulnerability is to system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1923256",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923256"
},
{
"name": "https://www.openwall.com/lists/oss-security/2021/01/31/2",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2021/01/31/2"
},
{
"name": "https://www.privoxy.org/3.0.31/user-manual/whatsnew.html",
"refsource": "MISC",
"url": "https://www.privoxy.org/3.0.31/user-manual/whatsnew.html"
},
{
"name": "GLSA-202107-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20216",
"datePublished": "2021-03-25T18:57:49",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.787Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-35502
Vulnerability from cvelistv5
Published
2021-03-25 18:56
Modified
2024-08-04 17:02
Severity ?
EPSS score ?
Summary
A flaw was found in Privoxy in versions before 3.0.29. Memory leaks when a response is buffered and the buffer limit is reached or Privoxy is running out of memory can lead to a system crash.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1928749 | x_refsource_MISC | |
| https://www.privoxy.org/3.0.29/user-manual/whatsnew.html | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202107-16 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:02:08.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928749"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "privoxy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Privoxy 3.0.29"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Privoxy in versions before 3.0.29. Memory leaks when a response is buffered and the buffer limit is reached or Privoxy is running out of memory can lead to a system crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-08T06:06:51",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928749"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-35502",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "privoxy",
"version": {
"version_data": [
{
"version_value": "Privoxy 3.0.29"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Privoxy in versions before 3.0.29. Memory leaks when a response is buffered and the buffer limit is reached or Privoxy is running out of memory can lead to a system crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1928749",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928749"
},
{
"name": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html",
"refsource": "MISC",
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"name": "GLSA-202107-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-35502",
"datePublished": "2021-03-25T18:56:55",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-04T17:02:08.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1201
Vulnerability from cvelistv5
Published
2015-01-20 15:00
Modified
2024-09-16 19:40
Severity ?
EPSS score ?
Summary
Privoxy before 3.0.22 allows remote attackers to cause a denial of service (file descriptor consumption) via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/62123 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:33:20.822Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "62123",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62123"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Privoxy before 3.0.22 allows remote attackers to cause a denial of service (file descriptor consumption) via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-01-20T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "62123",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62123"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1201",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Privoxy before 3.0.22 allows remote attackers to cause a denial of service (file descriptor consumption) via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62123",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62123"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1201",
"datePublished": "2015-01-20T15:00:00Z",
"dateReserved": "2015-01-20T00:00:00Z",
"dateUpdated": "2024-09-16T19:40:41.345Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20211
Vulnerability from cvelistv5
Published
2021-03-25 18:57
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
A flaw was found in Privoxy in versions before 3.0.29. Memory leak when client tags are active can cause a system crash.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.privoxy.org/3.0.29/user-manual/whatsnew.html | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1928733 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202107-16 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928733"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "privoxy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Privoxy 3.0.29"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Privoxy in versions before 3.0.29. Memory leak when client tags are active can cause a system crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-08T06:06:56",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928733"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "privoxy",
"version": {
"version_data": [
{
"version_value": "Privoxy 3.0.29"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Privoxy in versions before 3.0.29. Memory leak when client tags are active can cause a system crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html",
"refsource": "MISC",
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1928733",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928733"
},
{
"name": "GLSA-202107-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20211",
"datePublished": "2021-03-25T18:57:08",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-44542
Vulnerability from cvelistv5
Published
2021-12-23 19:48
Modified
2024-08-04 04:25
Severity ?
EPSS score ?
Summary
A memory leak vulnerability was found in Privoxy when handling errors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2C | x_refsource_MISC | |
| https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=c48d1d6d08 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:25:16.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2C"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=c48d1d6d08"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Privoxy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Privoxy 3.0.33"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory leak vulnerability was found in Privoxy when handling errors."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-23T19:48:43",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2C"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=c48d1d6d08"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-44542",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Privoxy",
"version": {
"version_data": [
{
"version_value": "Privoxy 3.0.33"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory leak vulnerability was found in Privoxy when handling errors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html,",
"refsource": "MISC",
"url": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html,"
},
{
"name": "https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=c48d1d6d08",
"refsource": "MISC",
"url": "https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=c48d1d6d08"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-44542",
"datePublished": "2021-12-23T19:48:43",
"dateReserved": "2021-12-03T00:00:00",
"dateUpdated": "2024-08-04T04:25:16.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20210
Vulnerability from cvelistv5
Published
2021-03-25 18:57
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
A flaw was found in Privoxy in versions before 3.0.29. Memory leak in the show-status CGI handler when no filter files are configured can lead to a system crash.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.privoxy.org/3.0.29/user-manual/whatsnew.html | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1928729 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202107-16 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.406Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928729"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "privoxy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Privoxy 3.0.29"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Privoxy in versions before 3.0.29. Memory leak in the show-status CGI handler when no filter files are configured can lead to a system crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-08T06:06:54",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928729"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20210",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "privoxy",
"version": {
"version_data": [
{
"version_value": "Privoxy 3.0.29"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Privoxy in versions before 3.0.29. Memory leak in the show-status CGI handler when no filter files are configured can lead to a system crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html",
"refsource": "MISC",
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1928729",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928729"
},
{
"name": "GLSA-202107-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20210",
"datePublished": "2021-03-25T18:57:02",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-1983
Vulnerability from cvelistv5
Published
2016-01-27 20:00
Modified
2024-08-05 23:17
Severity ?
EPSS score ?
Summary
The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2016/dsa-3460 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.openwall.com/lists/oss-security/2016/01/22/3 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/01/21/4 | mailing-list, x_refsource_MLIST | |
| http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.302&r2=1.303 | x_refsource_CONFIRM | |
| http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176492.html | vendor-advisory, x_refsource_FEDORA | |
| http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176475.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.privoxy.org/announce.txt | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:49.920Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3460",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3460"
},
{
"name": "[oss-security] 20160121 Re: CVE request for Privoxy 3.0.24",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/22/3"
},
{
"name": "[oss-security] 20160121 CVE request for Privoxy 3.0.24",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/21/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.302\u0026r2=1.303"
},
{
"name": "FEDORA-2016-bc7acd24c6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176492.html"
},
{
"name": "FEDORA-2016-29995fbd42",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176475.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.privoxy.org/announce.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-02T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3460",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3460"
},
{
"name": "[oss-security] 20160121 Re: CVE request for Privoxy 3.0.24",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/22/3"
},
{
"name": "[oss-security] 20160121 CVE request for Privoxy 3.0.24",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/21/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.302\u0026r2=1.303"
},
{
"name": "FEDORA-2016-bc7acd24c6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176492.html"
},
{
"name": "FEDORA-2016-29995fbd42",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176475.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.privoxy.org/announce.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1983",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3460",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3460"
},
{
"name": "[oss-security] 20160121 Re: CVE request for Privoxy 3.0.24",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/22/3"
},
{
"name": "[oss-security] 20160121 CVE request for Privoxy 3.0.24",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/21/4"
},
{
"name": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.302\u0026r2=1.303",
"refsource": "CONFIRM",
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.302\u0026r2=1.303"
},
{
"name": "FEDORA-2016-bc7acd24c6",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176492.html"
},
{
"name": "FEDORA-2016-29995fbd42",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176475.html"
},
{
"name": "http://www.privoxy.org/announce.txt",
"refsource": "CONFIRM",
"url": "http://www.privoxy.org/announce.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-1983",
"datePublished": "2016-01-27T20:00:00",
"dateReserved": "2016-01-21T00:00:00",
"dateUpdated": "2024-08-05T23:17:49.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20214
Vulnerability from cvelistv5
Published
2021-03-25 18:57
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the client-tags CGI handler when client tags are configured and memory allocations fail can lead to a system crash.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.privoxy.org/3.0.29/user-manual/whatsnew.html | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1928742 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202107-16 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.500Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928742"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "privoxy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Privoxy 3.0.29"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the client-tags CGI handler when client tags are configured and memory allocations fail can lead to a system crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-08T06:06:36",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928742"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20214",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "privoxy",
"version": {
"version_data": [
{
"version_value": "Privoxy 3.0.29"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the client-tags CGI handler when client tags are configured and memory allocations fail can lead to a system crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html",
"refsource": "MISC",
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1928742",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928742"
},
{
"name": "GLSA-202107-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20214",
"datePublished": "2021-03-25T18:57:34",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.500Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1382
Vulnerability from cvelistv5
Published
2015-02-03 16:00
Modified
2024-08-06 04:40
Severity ?
EPSS score ?
Summary
parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2015/01/26/4 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/62899 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2015/dsa-3145 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/62775 | third-party-advisory, x_refsource_SECUNIA | |
| http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197&view=markup | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2015/01/27/20 | mailing-list, x_refsource_MLIST | |
| http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.297&r2=1.298 | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:40:18.667Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20150126 CVE request for Privoxy",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/26/4"
},
{
"name": "62899",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62899"
},
{
"name": "DSA-3145",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3145"
},
{
"name": "62775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62775"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197\u0026view=markup"
},
{
"name": "[oss-security] 20150127 Re: CVE request for Privoxy",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/27/20"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.297\u0026r2=1.298"
},
{
"name": "openSUSE-SU-2015:0230",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-02-12T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20150126 CVE request for Privoxy",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/26/4"
},
{
"name": "62899",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62899"
},
{
"name": "DSA-3145",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3145"
},
{
"name": "62775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62775"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197\u0026view=markup"
},
{
"name": "[oss-security] 20150127 Re: CVE request for Privoxy",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/27/20"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.297\u0026r2=1.298"
},
{
"name": "openSUSE-SU-2015:0230",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1382",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150126 CVE request for Privoxy",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/26/4"
},
{
"name": "62899",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62899"
},
{
"name": "DSA-3145",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3145"
},
{
"name": "62775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62775"
},
{
"name": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197\u0026view=markup",
"refsource": "CONFIRM",
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197\u0026view=markup"
},
{
"name": "[oss-security] 20150127 Re: CVE request for Privoxy",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/27/20"
},
{
"name": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.297\u0026r2=1.298",
"refsource": "CONFIRM",
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.297\u0026r2=1.298"
},
{
"name": "openSUSE-SU-2015:0230",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1382",
"datePublished": "2015-02-03T16:00:00",
"dateReserved": "2015-01-27T00:00:00",
"dateUpdated": "2024-08-06T04:40:18.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1380
Vulnerability from cvelistv5
Published
2015-02-03 16:00
Modified
2024-08-06 04:40
Severity ?
EPSS score ?
Summary
jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2015/01/26/4 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/62899 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/72355 | vdb-entry, x_refsource_BID | |
| http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197&view=markup | x_refsource_CONFIRM | |
| http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html | x_refsource_CONFIRM | |
| http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/currentjcc.c/?r1=1.433&r2=1.434 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2015/01/27/20 | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:40:18.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20150126 CVE request for Privoxy",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/26/4"
},
{
"name": "62899",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62899"
},
{
"name": "72355",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72355"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197\u0026view=markup"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/currentjcc.c/?r1=1.433\u0026r2=1.434"
},
{
"name": "[oss-security] 20150127 Re: CVE request for Privoxy",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/27/20"
},
{
"name": "openSUSE-SU-2015:0230",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20150126 CVE request for Privoxy",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/26/4"
},
{
"name": "62899",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62899"
},
{
"name": "72355",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72355"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197\u0026view=markup"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/currentjcc.c/?r1=1.433\u0026r2=1.434"
},
{
"name": "[oss-security] 20150127 Re: CVE request for Privoxy",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/27/20"
},
{
"name": "openSUSE-SU-2015:0230",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1380",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150126 CVE request for Privoxy",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/26/4"
},
{
"name": "62899",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62899"
},
{
"name": "72355",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72355"
},
{
"name": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197\u0026view=markup",
"refsource": "CONFIRM",
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197\u0026view=markup"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/currentjcc.c/?r1=1.433\u0026r2=1.434",
"refsource": "CONFIRM",
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/currentjcc.c/?r1=1.433\u0026r2=1.434"
},
{
"name": "[oss-security] 20150127 Re: CVE request for Privoxy",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/27/20"
},
{
"name": "openSUSE-SU-2015:0230",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1380",
"datePublished": "2015-02-03T16:00:00",
"dateReserved": "2015-01-27T00:00:00",
"dateUpdated": "2024-08-06T04:40:18.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20272
Vulnerability from cvelistv5
Published
2021-03-09 13:10
Modified
2024-08-03 17:37
Severity ?
EPSS score ?
Summary
A flaw was found in privoxy before 3.0.32. An assertion failure could be triggered with a crafted CGI request leading to server crash.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1936651 | x_refsource_MISC | |
| https://www.privoxy.org/announce.txt | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/202107-16 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:37:23.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936651"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.privoxy.org/announce.txt"
},
{
"name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2587-1] privoxy security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "privoxy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "privoxy 3.0.32"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in privoxy before 3.0.32. An assertion failure could be triggered with a crafted CGI request leading to server crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "CWE-617",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-08T06:06:45",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936651"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.privoxy.org/announce.txt"
},
{
"name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2587-1] privoxy security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "privoxy",
"version": {
"version_data": [
{
"version_value": "privoxy 3.0.32"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in privoxy before 3.0.32. An assertion failure could be triggered with a crafted CGI request leading to server crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-617"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1936651",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936651"
},
{
"name": "https://www.privoxy.org/announce.txt",
"refsource": "MISC",
"url": "https://www.privoxy.org/announce.txt"
},
{
"name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2587-1] privoxy security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html"
},
{
"name": "GLSA-202107-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20272",
"datePublished": "2021-03-09T13:10:39",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:37:23.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-44543
Vulnerability from cvelistv5
Published
2021-12-23 19:48
Modified
2024-08-04 04:25
Severity ?
EPSS score ?
Summary
An XSS vulnerability was found in Privoxy which was fixed in cgi_error_no_template() by encode the template name when Privoxy is configured to servce the user-manual itself.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2C | x_refsource_MISC | |
| https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=0e668e9409c | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:25:16.806Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2C"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=0e668e9409c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "privoxy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Privoxy 3.0.33"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An XSS vulnerability was found in Privoxy which was fixed in cgi_error_no_template() by encode the template name when Privoxy is configured to servce the user-manual itself."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-23T19:48:44",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2C"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=0e668e9409c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-44543",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "privoxy",
"version": {
"version_data": [
{
"version_value": "Privoxy 3.0.33"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An XSS vulnerability was found in Privoxy which was fixed in cgi_error_no_template() by encode the template name when Privoxy is configured to servce the user-manual itself."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html,",
"refsource": "MISC",
"url": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html,"
},
{
"name": "https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=0e668e9409c",
"refsource": "MISC",
"url": "https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=0e668e9409c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-44543",
"datePublished": "2021-12-23T19:48:44",
"dateReserved": "2021-12-03T00:00:00",
"dateUpdated": "2024-08-04T04:25:16.806Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20209
Vulnerability from cvelistv5
Published
2021-05-25 19:34
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
A memory leak vulnerability was found in Privoxy before 3.0.29 in the show-status CGI handler when no action files are configured.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.privoxy.org/3.0.29/user-manual/whatsnew.html | x_refsource_MISC | |
| https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=c62254a686 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1928726 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202107-16 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.426Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=c62254a686"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928726"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "privoxy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before 3.0.29"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory leak vulnerability was found in Privoxy before 3.0.29 in the show-status CGI handler when no action files are configured."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-08T06:06:43",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=c62254a686"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928726"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "privoxy",
"version": {
"version_data": [
{
"version_value": "before 3.0.29"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory leak vulnerability was found in Privoxy before 3.0.29 in the show-status CGI handler when no action files are configured."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html",
"refsource": "MISC",
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"name": "https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=c62254a686",
"refsource": "MISC",
"url": "https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=c62254a686"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1928726",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928726"
},
{
"name": "GLSA-202107-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20209",
"datePublished": "2021-05-25T19:34:09",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20217
Vulnerability from cvelistv5
Published
2021-03-25 18:57
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
A flaw was found in Privoxy in versions before 3.0.31. An assertion failure triggered by a crafted CGI request may lead to denial of service. The highest threat from this vulnerability is to system availability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1923252 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202107-16 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923252"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "privoxy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "privoxy 3.0.31"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Privoxy in versions before 3.0.31. An assertion failure triggered by a crafted CGI request may lead to denial of service. The highest threat from this vulnerability is to system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "CWE-617",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-08T06:07:05",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923252"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20217",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "privoxy",
"version": {
"version_data": [
{
"version_value": "privoxy 3.0.31"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Privoxy in versions before 3.0.31. An assertion failure triggered by a crafted CGI request may lead to denial of service. The highest threat from this vulnerability is to system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-617"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1923252",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923252"
},
{
"name": "GLSA-202107-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20217",
"datePublished": "2021-03-25T18:57:55",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1030
Vulnerability from cvelistv5
Published
2015-01-20 15:00
Modified
2024-08-06 04:33
Severity ?
EPSS score ?
Summary
Memory leak in the rfc2553_connect_to function in jbsocket.c in Privoxy before 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests that are rejected because the socket limit is reached.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/62123 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2015/01/11/1 | mailing-list, x_refsource_MLIST | |
| http://www.privoxy.org/announce.txt | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:33:19.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "62123",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62123"
},
{
"name": "[oss-security] 20150110 Re: CVE Request for Privoxy Version: 3.0.22",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/11/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.privoxy.org/announce.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in the rfc2553_connect_to function in jbsocket.c in Privoxy before 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests that are rejected because the socket limit is reached."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-01-20T14:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "62123",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62123"
},
{
"name": "[oss-security] 20150110 Re: CVE Request for Privoxy Version: 3.0.22",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/11/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.privoxy.org/announce.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in the rfc2553_connect_to function in jbsocket.c in Privoxy before 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests that are rejected because the socket limit is reached."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62123",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62123"
},
{
"name": "[oss-security] 20150110 Re: CVE Request for Privoxy Version: 3.0.22",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/11/1"
},
{
"name": "http://www.privoxy.org/announce.txt",
"refsource": "CONFIRM",
"url": "http://www.privoxy.org/announce.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1030",
"datePublished": "2015-01-20T15:00:00",
"dateReserved": "2015-01-10T00:00:00",
"dateUpdated": "2024-08-06T04:33:19.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20213
Vulnerability from cvelistv5
Published
2021-03-25 18:57
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
A flaw was found in Privoxy in versions before 3.0.29. Dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header and a memory allocation failed.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.privoxy.org/3.0.29/user-manual/whatsnew.html | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1928739 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202107-16 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928739"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "privoxy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Privoxy 3.0.29"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Privoxy in versions before 3.0.29. Dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header and a memory allocation failed."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-08T06:06:49",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928739"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "privoxy",
"version": {
"version_data": [
{
"version_value": "Privoxy 3.0.29"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Privoxy in versions before 3.0.29. Dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header and a memory allocation failed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html",
"refsource": "MISC",
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1928739",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928739"
},
{
"name": "GLSA-202107-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20213",
"datePublished": "2021-03-25T18:57:26",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-202112-1037
Vulnerability from variot
A memory leak vulnerability was found in Privoxy when handling errors. Privoxy Contains a vulnerability regarding the lack of free memory after expiration.Service operation interruption (DoS) It may be in a state. Privoxy is a proxy server of the Privoxy team in the United States that does not cache web pages and has its own filtering function. It features advanced filtering to enhance privacy, modify web page data and HTTP headers, control access, and remove ads and other annoying Internet junk. Privoxy has flexible configurations and can be customized according to individual needs. It is suitable for stand-alone systems and multi-user networks.
There is an input validation error vulnerability in Privoxy, which is caused by the fact that the send_http_request of the product does not validate the input data effectively. An attacker could use this vulnerability to cause a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-1037",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "privoxy",
"scope": "lt",
"trust": 1.6,
"vendor": "privoxy",
"version": "3.0.33"
},
{
"model": "privoxy",
"scope": null,
"trust": 0.8,
"vendor": "privoxy developers",
"version": null
},
{
"model": "privoxy",
"scope": "eq",
"trust": 0.8,
"vendor": "privoxy developers",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08930"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016709"
},
{
"db": "NVD",
"id": "CVE-2021-44542"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0.33",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-44542"
}
]
},
"cve": "CVE-2021-44542",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-44542",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-08930",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-44542",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-44542",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2022-08930",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-828",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-44542",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08930"
},
{
"db": "VULMON",
"id": "CVE-2021-44542"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016709"
},
{
"db": "NVD",
"id": "CVE-2021-44542"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-828"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A memory leak vulnerability was found in Privoxy when handling errors. Privoxy Contains a vulnerability regarding the lack of free memory after expiration.Service operation interruption (DoS) It may be in a state. Privoxy is a proxy server of the Privoxy team in the United States that does not cache web pages and has its own filtering function. It features advanced filtering to enhance privacy, modify web page data and HTTP headers, control access, and remove ads and other annoying Internet junk. Privoxy has flexible configurations and can be customized according to individual needs. It is suitable for stand-alone systems and multi-user networks. \n\r\n\r\nThere is an input validation error vulnerability in Privoxy, which is caused by the fact that the send_http_request of the product does not validate the input data effectively. An attacker could use this vulnerability to cause a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-44542"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016709"
},
{
"db": "CNVD",
"id": "CNVD-2022-08930"
},
{
"db": "VULMON",
"id": "CVE-2021-44542"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-44542",
"trust": 3.9
},
{
"db": "CS-HELP",
"id": "SB2021121013",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016709",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-08930",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-828",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-44542",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08930"
},
{
"db": "VULMON",
"id": "CVE-2021-44542"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016709"
},
{
"db": "NVD",
"id": "CVE-2021-44542"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-828"
}
]
},
"id": "VAR-202112-1037",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08930"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08930"
}
]
},
"last_update_date": "2023-12-18T12:55:18.772000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "send_http_request()",
"trust": 0.8,
"url": "https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=c48d1d6d08"
},
{
"title": "Patch for Privoxy Input Validation Error Vulnerability (CNVD-2022-08930)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/318161"
},
{
"title": "Privoxy Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=176524"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2021-44542 log"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08930"
},
{
"db": "VULMON",
"id": "CVE-2021-44542"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016709"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-828"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-401",
"trust": 1.0
},
{
"problemtype": "Lack of memory release after expiration (CWE-401) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016709"
},
{
"db": "NVD",
"id": "CVE-2021-44542"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44542"
},
{
"trust": 1.2,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021121013"
},
{
"trust": 1.0,
"url": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2c"
},
{
"trust": 1.0,
"url": "https://www.privoxy.org/gitweb/?p=privoxy.git%3ba=commit%3bh=c48d1d6d08"
},
{
"trust": 0.7,
"url": "https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=c48d1d6d08"
},
{
"trust": 0.6,
"url": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/privoxy-four-vulnerabilities-37059"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/401.html"
},
{
"trust": 0.1,
"url": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html,"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://security.archlinux.org/cve-2021-44542"
},
{
"trust": 0.1,
"url": "http://seclists.org/oss-sec/2021/q4/148"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08930"
},
{
"db": "VULMON",
"id": "CVE-2021-44542"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016709"
},
{
"db": "NVD",
"id": "CVE-2021-44542"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-828"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-08930"
},
{
"db": "VULMON",
"id": "CVE-2021-44542"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016709"
},
{
"db": "NVD",
"id": "CVE-2021-44542"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-828"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-08930"
},
{
"date": "2021-12-23T00:00:00",
"db": "VULMON",
"id": "CVE-2021-44542"
},
{
"date": "2022-12-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-016709"
},
{
"date": "2021-12-23T20:15:12.043000",
"db": "NVD",
"id": "CVE-2021-44542"
},
{
"date": "2021-12-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-828"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-08930"
},
{
"date": "2021-12-29T00:00:00",
"db": "VULMON",
"id": "CVE-2021-44542"
},
{
"date": "2022-12-21T04:53:00",
"db": "JVNDB",
"id": "JVNDB-2021-016709"
},
{
"date": "2023-11-07T03:39:39.760000",
"db": "NVD",
"id": "CVE-2021-44542"
},
{
"date": "2022-01-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-828"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-828"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Privoxy\u00a0 Vulnerability regarding lack of memory release after expiration in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016709"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-828"
}
],
"trust": 0.6
}
}