threat
engine
.sh
Back
·
··:··
Home
/
Product
/
privoxy
Product
privoxy
29 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2021-44543
< 3.0.33
An XSS vulnerability was found in Privoxy which was fixed in cgi_error_no_template() by encode the template name when Privoxy is c
6.1
MEDIUM
CVE-2021-44542
< 3.0.33
A memory leak vulnerability was found in Privoxy when handling errors.
7.5
HIGH
CVE-2021-44541
< 3.0.33
A vulnerability was found in Privoxy which was fixed in process_encrypted_request_headers() by freeing header memory when failing
7.5
HIGH
CVE-2021-44540
< 3.0.33
A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by freeing memory of compiled pattern spec before bai
7.5
HIGH
CVE-2021-20209
< 3.0.29
A memory leak vulnerability was found in Privoxy before 3.0.29 in the show-status CGI handler when no action files are configured.
7.5
HIGH
CVE-2021-20217
< 3.0.31
A flaw was found in Privoxy in versions before 3.0.31. An assertion failure triggered by a crafted CGI request may lead to denial
7.5
HIGH
CVE-2021-20216
< 3.0.31
A flaw was found in Privoxy in versions before 3.0.31. A memory leak that occurs when decompression fails unexpectedly may lead to
7.5
HIGH
CVE-2021-20215
< 3.0.29
A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the show-status CGI handler when memory allocations fail ca
7.5
HIGH
CVE-2021-20214
< 3.0.29
A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the client-tags CGI handler when client tags are configured
7.5
HIGH
CVE-2021-20213
< 3.0.29
A flaw was found in Privoxy in versions before 3.0.29. Dereference of a NULL-pointer that could result in a crash if accept-interc
7.5
HIGH
CVE-2021-20212
< 3.0.29
A flaw was found in Privoxy in versions before 3.0.29. Memory leak if multiple filters are executed and the last one is skipped du
7.5
HIGH
CVE-2021-20211
< 3.0.29
A flaw was found in Privoxy in versions before 3.0.29. Memory leak when client tags are active can cause a system crash.
7.5
HIGH
CVE-2021-20210
< 3.0.29
A flaw was found in Privoxy in versions before 3.0.29. Memory leak in the show-status CGI handler when no filter files are configu
7.5
HIGH
CVE-2020-35502
< 3.0.29
A flaw was found in Privoxy in versions before 3.0.29. Memory leaks when a response is buffered and the buffer limit is reached or
7.5
HIGH
CVE-2021-20276
< 3.0.32
A flaw was found in privoxy before 3.0.32. Invalid memory access with an invalid pattern passed to pcre_compile() may lead to deni
7.5
HIGH
CVE-2021-20275
< 3.0.32
A flaw was found in privoxy before 3.0.32. A invalid read of size two may occur in chunked_body_is_complete() leading to denial of
7.5
HIGH
CVE-2021-20274
< 3.0.32
A flaw was found in privoxy before 3.0.32. A crash may occur due a NULL-pointer dereference when the socks server misbehaves.
7.5
HIGH
CVE-2021-20273
< 3.0.32
A flaw was found in privoxy before 3.0.32. A crash can occur via a crafted CGI request if Privoxy is toggled off.
7.5
HIGH
CVE-2021-20272
< 3.0.32
A flaw was found in privoxy before 3.0.32. An assertion failure could be triggered with a crafted CGI request leading to server cr
7.5
HIGH
CVE-2019-3699
< 3.0.28-lp151.1.1
UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of privoxy on openSUSE Leap 15.1, Factory allows local attac
7.7
HIGH
CVE-2016-1983
<= 3.0.23
The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read
7.5
HIGH
CVE-2016-1982
<= 3.0.23
The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of ser
7.5
HIGH
CVE-2015-1031
<= 3.0.21
Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow remote attackers to have unspecified impact via vectors rel
CVE-2015-1382
<= 3.0.22
parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors relat
CVE-2015-1381
<= 3.0.22
Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segme
CVE-2015-1380
<= 3.0.22
jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body.
CVE-2015-1201
<= 3.0.21
Privoxy before 3.0.22 allows remote attackers to cause a denial of service (file descriptor consumption) via unspecified vectors.
CVE-2015-1030
<= 3.0.21
Memory leak in the rfc2553_connect_to function in jbsocket.c in Privoxy before 3.0.22 allows remote attackers to cause a denial of
CVE-2013-2503
<= 3.0.20
Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin