Search criteria
29 vulnerabilities by privoxy
CVE-2021-44543 (GCVE-0-2021-44543)
Vulnerability from cvelistv5 – Published: 2021-12-23 19:48 – Updated: 2024-08-04 04:25
VLAI?
Summary
An XSS vulnerability was found in Privoxy which was fixed in cgi_error_no_template() by encode the template name when Privoxy is configured to servce the user-manual itself.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:25:16.806Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2C"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=0e668e9409c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "privoxy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Privoxy 3.0.33"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An XSS vulnerability was found in Privoxy which was fixed in cgi_error_no_template() by encode the template name when Privoxy is configured to servce the user-manual itself."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-23T19:48:44",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2C"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=0e668e9409c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-44543",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "privoxy",
"version": {
"version_data": [
{
"version_value": "Privoxy 3.0.33"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An XSS vulnerability was found in Privoxy which was fixed in cgi_error_no_template() by encode the template name when Privoxy is configured to servce the user-manual itself."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html,",
"refsource": "MISC",
"url": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html,"
},
{
"name": "https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=0e668e9409c",
"refsource": "MISC",
"url": "https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=0e668e9409c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-44543",
"datePublished": "2021-12-23T19:48:44",
"dateReserved": "2021-12-03T00:00:00",
"dateUpdated": "2024-08-04T04:25:16.806Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-44542 (GCVE-0-2021-44542)
Vulnerability from cvelistv5 – Published: 2021-12-23 19:48 – Updated: 2024-08-04 04:25
VLAI?
Summary
A memory leak vulnerability was found in Privoxy when handling errors.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:25:16.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2C"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=c48d1d6d08"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Privoxy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Privoxy 3.0.33"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory leak vulnerability was found in Privoxy when handling errors."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-23T19:48:43",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2C"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=c48d1d6d08"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-44542",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Privoxy",
"version": {
"version_data": [
{
"version_value": "Privoxy 3.0.33"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory leak vulnerability was found in Privoxy when handling errors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html,",
"refsource": "MISC",
"url": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html,"
},
{
"name": "https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=c48d1d6d08",
"refsource": "MISC",
"url": "https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=c48d1d6d08"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-44542",
"datePublished": "2021-12-23T19:48:43",
"dateReserved": "2021-12-03T00:00:00",
"dateUpdated": "2024-08-04T04:25:16.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-44540 (GCVE-0-2021-44540)
Vulnerability from cvelistv5 – Published: 2021-12-23 19:48 – Updated: 2024-08-04 04:25
VLAI?
Summary
A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by freeing memory of compiled pattern spec before bailing.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:25:16.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2C"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=652b4b7cb0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Privoxy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Privoxy 3.0.33"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by freeing memory of compiled pattern spec before bailing."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-23T19:48:42",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2C"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=652b4b7cb0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-44540",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Privoxy",
"version": {
"version_data": [
{
"version_value": "Privoxy 3.0.33"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by freeing memory of compiled pattern spec before bailing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html,",
"refsource": "MISC",
"url": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html,"
},
{
"name": "https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=652b4b7cb0",
"refsource": "MISC",
"url": "https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=652b4b7cb0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-44540",
"datePublished": "2021-12-23T19:48:42",
"dateReserved": "2021-12-03T00:00:00",
"dateUpdated": "2024-08-04T04:25:16.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-44541 (GCVE-0-2021-44541)
Vulnerability from cvelistv5 – Published: 2021-12-23 19:48 – Updated: 2024-08-04 04:25
VLAI?
Summary
A vulnerability was found in Privoxy which was fixed in process_encrypted_request_headers() by freeing header memory when failing to get the request destination.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:25:16.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2C"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=652b4b7cb0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Privoxy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Privoxy 3.0.33"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Privoxy which was fixed in process_encrypted_request_headers() by freeing header memory when failing to get the request destination."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-23T19:48:42",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2C"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=652b4b7cb0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-44541",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Privoxy",
"version": {
"version_data": [
{
"version_value": "Privoxy 3.0.33"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Privoxy which was fixed in process_encrypted_request_headers() by freeing header memory when failing to get the request destination."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html,",
"refsource": "MISC",
"url": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html,"
},
{
"name": "https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=652b4b7cb0",
"refsource": "MISC",
"url": "https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=652b4b7cb0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-44541",
"datePublished": "2021-12-23T19:48:42",
"dateReserved": "2021-12-03T00:00:00",
"dateUpdated": "2024-08-04T04:25:16.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20209 (GCVE-0-2021-20209)
Vulnerability from cvelistv5 – Published: 2021-05-25 19:34 – Updated: 2024-08-03 17:30
VLAI?
Summary
A memory leak vulnerability was found in Privoxy before 3.0.29 in the show-status CGI handler when no action files are configured.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.426Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=c62254a686"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928726"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "privoxy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before 3.0.29"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory leak vulnerability was found in Privoxy before 3.0.29 in the show-status CGI handler when no action files are configured."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-08T06:06:43",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.privoxy.org/gitweb/?p=privoxy.git%3Ba=commit%3Bh=c62254a686"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928726"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "privoxy",
"version": {
"version_data": [
{
"version_value": "before 3.0.29"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory leak vulnerability was found in Privoxy before 3.0.29 in the show-status CGI handler when no action files are configured."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html",
"refsource": "MISC",
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"name": "https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=c62254a686",
"refsource": "MISC",
"url": "https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=c62254a686"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1928726",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928726"
},
{
"name": "GLSA-202107-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20209",
"datePublished": "2021-05-25T19:34:09",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20217 (GCVE-0-2021-20217)
Vulnerability from cvelistv5 – Published: 2021-03-25 18:57 – Updated: 2024-08-03 17:30
VLAI?
Summary
A flaw was found in Privoxy in versions before 3.0.31. An assertion failure triggered by a crafted CGI request may lead to denial of service. The highest threat from this vulnerability is to system availability.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923252"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "privoxy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "privoxy 3.0.31"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Privoxy in versions before 3.0.31. An assertion failure triggered by a crafted CGI request may lead to denial of service. The highest threat from this vulnerability is to system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "CWE-617",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-08T06:07:05",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923252"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20217",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "privoxy",
"version": {
"version_data": [
{
"version_value": "privoxy 3.0.31"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Privoxy in versions before 3.0.31. An assertion failure triggered by a crafted CGI request may lead to denial of service. The highest threat from this vulnerability is to system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-617"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1923252",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923252"
},
{
"name": "GLSA-202107-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20217",
"datePublished": "2021-03-25T18:57:55",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20216 (GCVE-0-2021-20216)
Vulnerability from cvelistv5 – Published: 2021-03-25 18:57 – Updated: 2024-08-03 17:30
VLAI?
Summary
A flaw was found in Privoxy in versions before 3.0.31. A memory leak that occurs when decompression fails unexpectedly may lead to a denial of service. The highest threat from this vulnerability is to system availability.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.787Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923256"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2021/01/31/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.privoxy.org/3.0.31/user-manual/whatsnew.html"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "privoxy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "privoxy 3.0.31"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Privoxy in versions before 3.0.31. A memory leak that occurs when decompression fails unexpectedly may lead to a denial of service. The highest threat from this vulnerability is to system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-08T06:07:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923256"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2021/01/31/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.privoxy.org/3.0.31/user-manual/whatsnew.html"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20216",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "privoxy",
"version": {
"version_data": [
{
"version_value": "privoxy 3.0.31"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Privoxy in versions before 3.0.31. A memory leak that occurs when decompression fails unexpectedly may lead to a denial of service. The highest threat from this vulnerability is to system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1923256",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923256"
},
{
"name": "https://www.openwall.com/lists/oss-security/2021/01/31/2",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2021/01/31/2"
},
{
"name": "https://www.privoxy.org/3.0.31/user-manual/whatsnew.html",
"refsource": "MISC",
"url": "https://www.privoxy.org/3.0.31/user-manual/whatsnew.html"
},
{
"name": "GLSA-202107-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20216",
"datePublished": "2021-03-25T18:57:49",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.787Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20215 (GCVE-0-2021-20215)
Vulnerability from cvelistv5 – Published: 2021-03-25 18:57 – Updated: 2024-08-03 17:30
VLAI?
Summary
A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the show-status CGI handler when memory allocations fail can lead to a system crash.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.356Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928746"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "privoxy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Privoxy 3.0.29"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the show-status CGI handler when memory allocations fail can lead to a system crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-08T06:06:39",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928746"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20215",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "privoxy",
"version": {
"version_data": [
{
"version_value": "Privoxy 3.0.29"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the show-status CGI handler when memory allocations fail can lead to a system crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html",
"refsource": "MISC",
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1928746",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928746"
},
{
"name": "GLSA-202107-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20215",
"datePublished": "2021-03-25T18:57:41",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20214 (GCVE-0-2021-20214)
Vulnerability from cvelistv5 – Published: 2021-03-25 18:57 – Updated: 2024-08-03 17:30
VLAI?
Summary
A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the client-tags CGI handler when client tags are configured and memory allocations fail can lead to a system crash.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.500Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928742"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "privoxy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Privoxy 3.0.29"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the client-tags CGI handler when client tags are configured and memory allocations fail can lead to a system crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-08T06:06:36",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928742"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20214",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "privoxy",
"version": {
"version_data": [
{
"version_value": "Privoxy 3.0.29"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the client-tags CGI handler when client tags are configured and memory allocations fail can lead to a system crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html",
"refsource": "MISC",
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1928742",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928742"
},
{
"name": "GLSA-202107-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20214",
"datePublished": "2021-03-25T18:57:34",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.500Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20213 (GCVE-0-2021-20213)
Vulnerability from cvelistv5 – Published: 2021-03-25 18:57 – Updated: 2024-08-03 17:30
VLAI?
Summary
A flaw was found in Privoxy in versions before 3.0.29. Dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header and a memory allocation failed.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928739"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "privoxy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Privoxy 3.0.29"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Privoxy in versions before 3.0.29. Dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header and a memory allocation failed."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-08T06:06:49",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928739"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "privoxy",
"version": {
"version_data": [
{
"version_value": "Privoxy 3.0.29"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Privoxy in versions before 3.0.29. Dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header and a memory allocation failed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html",
"refsource": "MISC",
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1928739",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928739"
},
{
"name": "GLSA-202107-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20213",
"datePublished": "2021-03-25T18:57:26",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20212 (GCVE-0-2021-20212)
Vulnerability from cvelistv5 – Published: 2021-03-25 18:57 – Updated: 2024-08-03 17:30
VLAI?
Summary
A flaw was found in Privoxy in versions before 3.0.29. Memory leak if multiple filters are executed and the last one is skipped due to a pcre error leading to a system crash.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928736"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "privoxy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Privoxy 3.0.29"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Privoxy in versions before 3.0.29. Memory leak if multiple filters are executed and the last one is skipped due to a pcre error leading to a system crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-08T06:06:41",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928736"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20212",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "privoxy",
"version": {
"version_data": [
{
"version_value": "Privoxy 3.0.29"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Privoxy in versions before 3.0.29. Memory leak if multiple filters are executed and the last one is skipped due to a pcre error leading to a system crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html",
"refsource": "MISC",
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1928736",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928736"
},
{
"name": "GLSA-202107-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20212",
"datePublished": "2021-03-25T18:57:16",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20211 (GCVE-0-2021-20211)
Vulnerability from cvelistv5 – Published: 2021-03-25 18:57 – Updated: 2024-08-03 17:30
VLAI?
Summary
A flaw was found in Privoxy in versions before 3.0.29. Memory leak when client tags are active can cause a system crash.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928733"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "privoxy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Privoxy 3.0.29"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Privoxy in versions before 3.0.29. Memory leak when client tags are active can cause a system crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-08T06:06:56",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928733"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "privoxy",
"version": {
"version_data": [
{
"version_value": "Privoxy 3.0.29"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Privoxy in versions before 3.0.29. Memory leak when client tags are active can cause a system crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html",
"refsource": "MISC",
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1928733",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928733"
},
{
"name": "GLSA-202107-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20211",
"datePublished": "2021-03-25T18:57:08",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20210 (GCVE-0-2021-20210)
Vulnerability from cvelistv5 – Published: 2021-03-25 18:57 – Updated: 2024-08-03 17:30
VLAI?
Summary
A flaw was found in Privoxy in versions before 3.0.29. Memory leak in the show-status CGI handler when no filter files are configured can lead to a system crash.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.406Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928729"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "privoxy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Privoxy 3.0.29"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Privoxy in versions before 3.0.29. Memory leak in the show-status CGI handler when no filter files are configured can lead to a system crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-08T06:06:54",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928729"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20210",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "privoxy",
"version": {
"version_data": [
{
"version_value": "Privoxy 3.0.29"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Privoxy in versions before 3.0.29. Memory leak in the show-status CGI handler when no filter files are configured can lead to a system crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html",
"refsource": "MISC",
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1928729",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928729"
},
{
"name": "GLSA-202107-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20210",
"datePublished": "2021-03-25T18:57:02",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35502 (GCVE-0-2020-35502)
Vulnerability from cvelistv5 – Published: 2021-03-25 18:56 – Updated: 2024-08-04 17:02
VLAI?
Summary
A flaw was found in Privoxy in versions before 3.0.29. Memory leaks when a response is buffered and the buffer limit is reached or Privoxy is running out of memory can lead to a system crash.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:02:08.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928749"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "privoxy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Privoxy 3.0.29"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Privoxy in versions before 3.0.29. Memory leaks when a response is buffered and the buffer limit is reached or Privoxy is running out of memory can lead to a system crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-08T06:06:51",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928749"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-35502",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "privoxy",
"version": {
"version_data": [
{
"version_value": "Privoxy 3.0.29"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Privoxy in versions before 3.0.29. Memory leaks when a response is buffered and the buffer limit is reached or Privoxy is running out of memory can lead to a system crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1928749",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928749"
},
{
"name": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html",
"refsource": "MISC",
"url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html"
},
{
"name": "GLSA-202107-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-35502",
"datePublished": "2021-03-25T18:56:55",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-04T17:02:08.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20276 (GCVE-0-2021-20276)
Vulnerability from cvelistv5 – Published: 2021-03-09 13:12 – Updated: 2024-08-03 17:37
VLAI?
Summary
A flaw was found in privoxy before 3.0.32. Invalid memory access with an invalid pattern passed to pcre_compile() may lead to denial of service.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:37:23.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.privoxy.org/announce.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936668"
},
{
"name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2587-1] privoxy security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "privoxy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "privoxy 3.0.32"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in privoxy before 3.0.32. Invalid memory access with an invalid pattern passed to pcre_compile() may lead to denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-08T06:06:47",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.privoxy.org/announce.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936668"
},
{
"name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2587-1] privoxy security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "privoxy",
"version": {
"version_data": [
{
"version_value": "privoxy 3.0.32"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in privoxy before 3.0.32. Invalid memory access with an invalid pattern passed to pcre_compile() may lead to denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.privoxy.org/announce.txt",
"refsource": "MISC",
"url": "https://www.privoxy.org/announce.txt"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1936668",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936668"
},
{
"name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2587-1] privoxy security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html"
},
{
"name": "GLSA-202107-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20276",
"datePublished": "2021-03-09T13:12:35",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:37:23.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20275 (GCVE-0-2021-20275)
Vulnerability from cvelistv5 – Published: 2021-03-09 13:12 – Updated: 2024-08-03 17:37
VLAI?
Summary
A flaw was found in privoxy before 3.0.32. A invalid read of size two may occur in chunked_body_is_complete() leading to denial of service.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:37:23.667Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.privoxy.org/announce.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936666"
},
{
"name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2587-1] privoxy security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "privoxy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "privoxy 3.0.32"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in privoxy before 3.0.32. A invalid read of size two may occur in chunked_body_is_complete() leading to denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-08T06:07:03",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.privoxy.org/announce.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936666"
},
{
"name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2587-1] privoxy security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20275",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "privoxy",
"version": {
"version_data": [
{
"version_value": "privoxy 3.0.32"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in privoxy before 3.0.32. A invalid read of size two may occur in chunked_body_is_complete() leading to denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.privoxy.org/announce.txt",
"refsource": "MISC",
"url": "https://www.privoxy.org/announce.txt"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1936666",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936666"
},
{
"name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2587-1] privoxy security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html"
},
{
"name": "GLSA-202107-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20275",
"datePublished": "2021-03-09T13:12:05",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:37:23.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20274 (GCVE-0-2021-20274)
Vulnerability from cvelistv5 – Published: 2021-03-09 13:11 – Updated: 2024-08-03 17:37
VLAI?
Summary
A flaw was found in privoxy before 3.0.32. A crash may occur due a NULL-pointer dereference when the socks server misbehaves.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:37:23.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.privoxy.org/announce.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936662"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "privoxy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "privoxy 3.0.32"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in privoxy before 3.0.32. A crash may occur due a NULL-pointer dereference when the socks server misbehaves."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-08T06:06:58",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.privoxy.org/announce.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936662"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "privoxy",
"version": {
"version_data": [
{
"version_value": "privoxy 3.0.32"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in privoxy before 3.0.32. A crash may occur due a NULL-pointer dereference when the socks server misbehaves."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.privoxy.org/announce.txt",
"refsource": "MISC",
"url": "https://www.privoxy.org/announce.txt"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1936662",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936662"
},
{
"name": "GLSA-202107-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20274",
"datePublished": "2021-03-09T13:11:46",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:37:23.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20273 (GCVE-0-2021-20273)
Vulnerability from cvelistv5 – Published: 2021-03-09 13:11 – Updated: 2024-08-03 17:37
VLAI?
Summary
A flaw was found in privoxy before 3.0.32. A crash can occur via a crafted CGI request if Privoxy is toggled off.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:37:23.083Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.privoxy.org/announce.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936658"
},
{
"name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2587-1] privoxy security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "privoxy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "privoxy 3.0.32"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in privoxy before 3.0.32. A crash can occur via a crafted CGI request if Privoxy is toggled off."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-08T06:07:07",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.privoxy.org/announce.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936658"
},
{
"name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2587-1] privoxy security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "privoxy",
"version": {
"version_data": [
{
"version_value": "privoxy 3.0.32"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in privoxy before 3.0.32. A crash can occur via a crafted CGI request if Privoxy is toggled off."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.privoxy.org/announce.txt",
"refsource": "MISC",
"url": "https://www.privoxy.org/announce.txt"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1936658",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936658"
},
{
"name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2587-1] privoxy security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html"
},
{
"name": "GLSA-202107-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20273",
"datePublished": "2021-03-09T13:11:17",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:37:23.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20272 (GCVE-0-2021-20272)
Vulnerability from cvelistv5 – Published: 2021-03-09 13:10 – Updated: 2024-08-03 17:37
VLAI?
Summary
A flaw was found in privoxy before 3.0.32. An assertion failure could be triggered with a crafted CGI request leading to server crash.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:37:23.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936651"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.privoxy.org/announce.txt"
},
{
"name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2587-1] privoxy security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "privoxy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "privoxy 3.0.32"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in privoxy before 3.0.32. An assertion failure could be triggered with a crafted CGI request leading to server crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "CWE-617",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-08T06:06:45",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936651"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.privoxy.org/announce.txt"
},
{
"name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2587-1] privoxy security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html"
},
{
"name": "GLSA-202107-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "privoxy",
"version": {
"version_data": [
{
"version_value": "privoxy 3.0.32"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in privoxy before 3.0.32. An assertion failure could be triggered with a crafted CGI request leading to server crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-617"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1936651",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936651"
},
{
"name": "https://www.privoxy.org/announce.txt",
"refsource": "MISC",
"url": "https://www.privoxy.org/announce.txt"
},
{
"name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2587-1] privoxy security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html"
},
{
"name": "GLSA-202107-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20272",
"datePublished": "2021-03-09T13:10:39",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:37:23.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3699 (GCVE-0-2019-3699)
Vulnerability from cvelistv5 – Published: 2020-01-24 12:25 – Updated: 2024-09-16 21:02
VLAI?
Title
Local privilege escalation from user privoxy to root
Summary
UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of privoxy on openSUSE Leap 15.1, Factory allows local attackers to escalate from user privoxy to root. This issue affects: openSUSE Leap 15.1 privoxy version 3.0.28-lp151.1.1 and prior versions. openSUSE Factory privoxy version 3.0.28-2.1 and prior versions.
Severity ?
7.7 (High)
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
Johannes Segitz of SUSE
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:17.418Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1157449"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Leap 15.1",
"vendor": "openSUSE",
"versions": [
{
"lessThanOrEqual": "3.0.28-lp151.1.1",
"status": "affected",
"version": "privoxy",
"versionType": "custom"
}
]
},
{
"product": "Factory",
"vendor": "openSUSE",
"versions": [
{
"lessThanOrEqual": "3.0.28-2.1",
"status": "affected",
"version": "privoxy",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Johannes Segitz of SUSE"
}
],
"datePublic": "2020-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of privoxy on openSUSE Leap 15.1, Factory allows local attackers to escalate from user privoxy to root. This issue affects: openSUSE Leap 15.1 privoxy version 3.0.28-lp151.1.1 and prior versions. openSUSE Factory privoxy version 3.0.28-2.1 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-20T15:45:08",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1157449"
}
],
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1157449",
"defect": [
"1157449"
],
"discovery": "INTERNAL"
},
"title": "Local privilege escalation from user privoxy to root",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2020-01-24T00:00:00.000Z",
"ID": "CVE-2019-3699",
"STATE": "PUBLIC",
"TITLE": "Local privilege escalation from user privoxy to root"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Leap 15.1",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "privoxy",
"version_value": "3.0.28-lp151.1.1"
}
]
}
},
{
"product_name": "Factory",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "privoxy",
"version_value": "3.0.28-2.1"
}
]
}
}
]
},
"vendor_name": "openSUSE"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Johannes Segitz of SUSE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of privoxy on openSUSE Leap 15.1, Factory allows local attackers to escalate from user privoxy to root. This issue affects: openSUSE Leap 15.1 privoxy version 3.0.28-lp151.1.1 and prior versions. openSUSE Factory privoxy version 3.0.28-2.1 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1157449",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1157449"
}
]
},
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1157449",
"defect": [
"1157449"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2019-3699",
"datePublished": "2020-01-24T12:25:12.967744Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T21:02:19.137Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1983 (GCVE-0-2016-1983)
Vulnerability from cvelistv5 – Published: 2016-01-27 20:00 – Updated: 2024-08-05 23:17
VLAI?
Summary
The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:49.920Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3460",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3460"
},
{
"name": "[oss-security] 20160121 Re: CVE request for Privoxy 3.0.24",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/22/3"
},
{
"name": "[oss-security] 20160121 CVE request for Privoxy 3.0.24",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/21/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.302\u0026r2=1.303"
},
{
"name": "FEDORA-2016-bc7acd24c6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176492.html"
},
{
"name": "FEDORA-2016-29995fbd42",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176475.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.privoxy.org/announce.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-02T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3460",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3460"
},
{
"name": "[oss-security] 20160121 Re: CVE request for Privoxy 3.0.24",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/22/3"
},
{
"name": "[oss-security] 20160121 CVE request for Privoxy 3.0.24",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/21/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.302\u0026r2=1.303"
},
{
"name": "FEDORA-2016-bc7acd24c6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176492.html"
},
{
"name": "FEDORA-2016-29995fbd42",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176475.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.privoxy.org/announce.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1983",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3460",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3460"
},
{
"name": "[oss-security] 20160121 Re: CVE request for Privoxy 3.0.24",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/22/3"
},
{
"name": "[oss-security] 20160121 CVE request for Privoxy 3.0.24",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/21/4"
},
{
"name": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.302\u0026r2=1.303",
"refsource": "CONFIRM",
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.302\u0026r2=1.303"
},
{
"name": "FEDORA-2016-bc7acd24c6",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176492.html"
},
{
"name": "FEDORA-2016-29995fbd42",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176475.html"
},
{
"name": "http://www.privoxy.org/announce.txt",
"refsource": "CONFIRM",
"url": "http://www.privoxy.org/announce.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-1983",
"datePublished": "2016-01-27T20:00:00",
"dateReserved": "2016-01-21T00:00:00",
"dateUpdated": "2024-08-05T23:17:49.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1982 (GCVE-0-2016-1982)
Vulnerability from cvelistv5 – Published: 2016-01-27 20:00 – Updated: 2024-08-05 23:17
VLAI?
Summary
The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.331Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3460",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3460"
},
{
"name": "[oss-security] 20160121 Re: CVE request for Privoxy 3.0.24",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/22/3"
},
{
"name": "[oss-security] 20160121 CVE request for Privoxy 3.0.24",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/21/4"
},
{
"name": "FEDORA-2016-bc7acd24c6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176492.html"
},
{
"name": "FEDORA-2016-29995fbd42",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176475.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.privoxy.org/announce.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-02T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3460",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3460"
},
{
"name": "[oss-security] 20160121 Re: CVE request for Privoxy 3.0.24",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/22/3"
},
{
"name": "[oss-security] 20160121 CVE request for Privoxy 3.0.24",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/21/4"
},
{
"name": "FEDORA-2016-bc7acd24c6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176492.html"
},
{
"name": "FEDORA-2016-29995fbd42",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176475.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.privoxy.org/announce.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1982",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3460",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3460"
},
{
"name": "[oss-security] 20160121 Re: CVE request for Privoxy 3.0.24",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/22/3"
},
{
"name": "[oss-security] 20160121 CVE request for Privoxy 3.0.24",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/21/4"
},
{
"name": "FEDORA-2016-bc7acd24c6",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176492.html"
},
{
"name": "FEDORA-2016-29995fbd42",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176475.html"
},
{
"name": "http://www.privoxy.org/announce.txt",
"refsource": "CONFIRM",
"url": "http://www.privoxy.org/announce.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-1982",
"datePublished": "2016-01-27T20:00:00",
"dateReserved": "2016-01-21T00:00:00",
"dateUpdated": "2024-08-05T23:17:50.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1031 (GCVE-0-2015-1031)
Vulnerability from cvelistv5 – Published: 2015-02-10 19:00 – Updated: 2024-08-06 04:33
VLAI?
Summary
Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow remote attackers to have unspecified impact via vectors related to (1) the unmap function in list.c or (2) "two additional unconfirmed use-after-free complaints made by Coverity scan." NOTE: some of these details are obtained from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:33:19.316Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3133"
},
{
"name": "62123",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62123"
},
{
"name": "[oss-security] 20150110 Re: CVE Request for Privoxy Version: 3.0.22",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/11/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.privoxy.org/announce.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow remote attackers to have unspecified impact via vectors related to (1) the unmap function in list.c or (2) \"two additional unconfirmed use-after-free complaints made by Coverity scan.\" NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-02-19T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3133"
},
{
"name": "62123",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62123"
},
{
"name": "[oss-security] 20150110 Re: CVE Request for Privoxy Version: 3.0.22",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/11/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.privoxy.org/announce.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1031",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow remote attackers to have unspecified impact via vectors related to (1) the unmap function in list.c or (2) \"two additional unconfirmed use-after-free complaints made by Coverity scan.\" NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3133",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3133"
},
{
"name": "62123",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62123"
},
{
"name": "[oss-security] 20150110 Re: CVE Request for Privoxy Version: 3.0.22",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/11/1"
},
{
"name": "http://www.privoxy.org/announce.txt",
"refsource": "CONFIRM",
"url": "http://www.privoxy.org/announce.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1031",
"datePublished": "2015-02-10T19:00:00",
"dateReserved": "2015-01-10T00:00:00",
"dateUpdated": "2024-08-06T04:33:19.316Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1382 (GCVE-0-2015-1382)
Vulnerability from cvelistv5 – Published: 2015-02-03 16:00 – Updated: 2024-08-06 04:40
VLAI?
Summary
parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:40:18.667Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20150126 CVE request for Privoxy",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/26/4"
},
{
"name": "62899",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62899"
},
{
"name": "DSA-3145",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3145"
},
{
"name": "62775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62775"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197\u0026view=markup"
},
{
"name": "[oss-security] 20150127 Re: CVE request for Privoxy",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/27/20"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.297\u0026r2=1.298"
},
{
"name": "openSUSE-SU-2015:0230",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-02-12T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20150126 CVE request for Privoxy",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/26/4"
},
{
"name": "62899",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62899"
},
{
"name": "DSA-3145",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3145"
},
{
"name": "62775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62775"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197\u0026view=markup"
},
{
"name": "[oss-security] 20150127 Re: CVE request for Privoxy",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/27/20"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.297\u0026r2=1.298"
},
{
"name": "openSUSE-SU-2015:0230",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1382",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150126 CVE request for Privoxy",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/26/4"
},
{
"name": "62899",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62899"
},
{
"name": "DSA-3145",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3145"
},
{
"name": "62775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62775"
},
{
"name": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197\u0026view=markup",
"refsource": "CONFIRM",
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197\u0026view=markup"
},
{
"name": "[oss-security] 20150127 Re: CVE request for Privoxy",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/27/20"
},
{
"name": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.297\u0026r2=1.298",
"refsource": "CONFIRM",
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.297\u0026r2=1.298"
},
{
"name": "openSUSE-SU-2015:0230",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1382",
"datePublished": "2015-02-03T16:00:00",
"dateReserved": "2015-01-27T00:00:00",
"dateUpdated": "2024-08-06T04:40:18.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1381 (GCVE-0-2015-1381)
Vulnerability from cvelistv5 – Published: 2015-02-03 16:00 – Updated: 2024-08-06 04:40
VLAI?
Summary
Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:40:18.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20150126 CVE request for Privoxy",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/26/4"
},
{
"name": "62899",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62899"
},
{
"name": "DSA-3145",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3145"
},
{
"name": "62775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62775"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197\u0026view=markup"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/pcrs.c?r1=1.46\u0026r2=1.47"
},
{
"name": "[oss-security] 20150127 Re: CVE request for Privoxy",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/27/20"
},
{
"name": "openSUSE-SU-2015:0230",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-02-12T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20150126 CVE request for Privoxy",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/26/4"
},
{
"name": "62899",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62899"
},
{
"name": "DSA-3145",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3145"
},
{
"name": "62775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62775"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197\u0026view=markup"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/pcrs.c?r1=1.46\u0026r2=1.47"
},
{
"name": "[oss-security] 20150127 Re: CVE request for Privoxy",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/27/20"
},
{
"name": "openSUSE-SU-2015:0230",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150126 CVE request for Privoxy",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/26/4"
},
{
"name": "62899",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62899"
},
{
"name": "DSA-3145",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3145"
},
{
"name": "62775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62775"
},
{
"name": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197\u0026view=markup",
"refsource": "CONFIRM",
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197\u0026view=markup"
},
{
"name": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/pcrs.c?r1=1.46\u0026r2=1.47",
"refsource": "CONFIRM",
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/pcrs.c?r1=1.46\u0026r2=1.47"
},
{
"name": "[oss-security] 20150127 Re: CVE request for Privoxy",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/27/20"
},
{
"name": "openSUSE-SU-2015:0230",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1381",
"datePublished": "2015-02-03T16:00:00",
"dateReserved": "2015-01-27T00:00:00",
"dateUpdated": "2024-08-06T04:40:18.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1380 (GCVE-0-2015-1380)
Vulnerability from cvelistv5 – Published: 2015-02-03 16:00 – Updated: 2024-08-06 04:40
VLAI?
Summary
jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:40:18.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20150126 CVE request for Privoxy",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/26/4"
},
{
"name": "62899",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62899"
},
{
"name": "72355",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72355"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197\u0026view=markup"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/currentjcc.c/?r1=1.433\u0026r2=1.434"
},
{
"name": "[oss-security] 20150127 Re: CVE request for Privoxy",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/27/20"
},
{
"name": "openSUSE-SU-2015:0230",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20150126 CVE request for Privoxy",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/26/4"
},
{
"name": "62899",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62899"
},
{
"name": "72355",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72355"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197\u0026view=markup"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/currentjcc.c/?r1=1.433\u0026r2=1.434"
},
{
"name": "[oss-security] 20150127 Re: CVE request for Privoxy",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/27/20"
},
{
"name": "openSUSE-SU-2015:0230",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1380",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150126 CVE request for Privoxy",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/26/4"
},
{
"name": "62899",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62899"
},
{
"name": "72355",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72355"
},
{
"name": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197\u0026view=markup",
"refsource": "CONFIRM",
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197\u0026view=markup"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/currentjcc.c/?r1=1.433\u0026r2=1.434",
"refsource": "CONFIRM",
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/currentjcc.c/?r1=1.433\u0026r2=1.434"
},
{
"name": "[oss-security] 20150127 Re: CVE request for Privoxy",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/27/20"
},
{
"name": "openSUSE-SU-2015:0230",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1380",
"datePublished": "2015-02-03T16:00:00",
"dateReserved": "2015-01-27T00:00:00",
"dateUpdated": "2024-08-06T04:40:18.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1201 (GCVE-0-2015-1201)
Vulnerability from cvelistv5 – Published: 2015-01-20 15:00 – Updated: 2024-09-16 19:40
VLAI?
Summary
Privoxy before 3.0.22 allows remote attackers to cause a denial of service (file descriptor consumption) via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:33:20.822Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "62123",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62123"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Privoxy before 3.0.22 allows remote attackers to cause a denial of service (file descriptor consumption) via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-01-20T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "62123",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62123"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1201",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Privoxy before 3.0.22 allows remote attackers to cause a denial of service (file descriptor consumption) via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62123",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62123"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1201",
"datePublished": "2015-01-20T15:00:00Z",
"dateReserved": "2015-01-20T00:00:00Z",
"dateUpdated": "2024-09-16T19:40:41.345Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1030 (GCVE-0-2015-1030)
Vulnerability from cvelistv5 – Published: 2015-01-20 15:00 – Updated: 2024-08-06 04:33
VLAI?
Summary
Memory leak in the rfc2553_connect_to function in jbsocket.c in Privoxy before 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests that are rejected because the socket limit is reached.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:33:19.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "62123",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62123"
},
{
"name": "[oss-security] 20150110 Re: CVE Request for Privoxy Version: 3.0.22",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/11/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.privoxy.org/announce.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in the rfc2553_connect_to function in jbsocket.c in Privoxy before 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests that are rejected because the socket limit is reached."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-01-20T14:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "62123",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62123"
},
{
"name": "[oss-security] 20150110 Re: CVE Request for Privoxy Version: 3.0.22",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/11/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.privoxy.org/announce.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in the rfc2553_connect_to function in jbsocket.c in Privoxy before 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests that are rejected because the socket limit is reached."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62123",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62123"
},
{
"name": "[oss-security] 20150110 Re: CVE Request for Privoxy Version: 3.0.22",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/11/1"
},
{
"name": "http://www.privoxy.org/announce.txt",
"refsource": "CONFIRM",
"url": "http://www.privoxy.org/announce.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1030",
"datePublished": "2015-01-20T15:00:00",
"dateReserved": "2015-01-10T00:00:00",
"dateUpdated": "2024-08-06T04:33:19.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2503 (GCVE-0-2013-2503)
Vulnerability from cvelistv5 – Published: 2013-03-11 17:00 – Updated: 2024-08-06 15:44
VLAI?
Summary
Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.c22.cc/2013/03/11/privoxy-proxy-authentication-credential-exposure-cve-2013-2503/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.188\u0026view=markup"
},
{
"name": "openSUSE-SU-2013:0564",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00118.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-03-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-04-11T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.c22.cc/2013/03/11/privoxy-proxy-authentication-credential-exposure-cve-2013-2503/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.188\u0026view=markup"
},
{
"name": "openSUSE-SU-2013:0564",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00118.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2503",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.c22.cc/2013/03/11/privoxy-proxy-authentication-credential-exposure-cve-2013-2503/",
"refsource": "MISC",
"url": "http://blog.c22.cc/2013/03/11/privoxy-proxy-authentication-credential-exposure-cve-2013-2503/"
},
{
"name": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.188\u0026view=markup",
"refsource": "CONFIRM",
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.188\u0026view=markup"
},
{
"name": "openSUSE-SU-2013:0564",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00118.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2503",
"datePublished": "2013-03-11T17:00:00",
"dateReserved": "2013-03-07T00:00:00",
"dateUpdated": "2024-08-06T15:44:32.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}