Privoxy 3.0.29

CPE Details

Privoxy 3.0.29
privoxy
privoxy
3.0.29
2021-05-28
15h00 +00:00
2021-06-03
11h44 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:privoxy:privoxy:3.0.29:*:*:*:*:*:*:*

Informations

Vendor

privoxy

Product

privoxy

Version

3.0.29

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-44543 2021-12-23 18h48 +00:00 An XSS vulnerability was found in Privoxy which was fixed in cgi_error_no_template() by encode the template name when Privoxy is configured to servce the user-manual itself.
6.1
Medium
CVE-2021-44542 2021-12-23 18h48 +00:00 A memory leak vulnerability was found in Privoxy when handling errors.
7.5
High
CVE-2021-44540 2021-12-23 18h48 +00:00 A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by freeing memory of compiled pattern spec before bailing.
7.5
High
CVE-2021-44541 2021-12-23 18h48 +00:00 A vulnerability was found in Privoxy which was fixed in process_encrypted_request_headers() by freeing header memory when failing to get the request destination.
7.5
High
CVE-2021-20217 2021-03-25 17h57 +00:00 A flaw was found in Privoxy in versions before 3.0.31. An assertion failure triggered by a crafted CGI request may lead to denial of service. The highest threat from this vulnerability is to system availability.
7.5
High
CVE-2021-20216 2021-03-25 17h57 +00:00 A flaw was found in Privoxy in versions before 3.0.31. A memory leak that occurs when decompression fails unexpectedly may lead to a denial of service. The highest threat from this vulnerability is to system availability.
7.5
High
CVE-2021-20276 2021-03-09 12h12 +00:00 A flaw was found in privoxy before 3.0.32. Invalid memory access with an invalid pattern passed to pcre_compile() may lead to denial of service.
7.5
High
CVE-2021-20275 2021-03-09 12h12 +00:00 A flaw was found in privoxy before 3.0.32. A invalid read of size two may occur in chunked_body_is_complete() leading to denial of service.
7.5
High
CVE-2021-20274 2021-03-09 12h11 +00:00 A flaw was found in privoxy before 3.0.32. A crash may occur due a NULL-pointer dereference when the socks server misbehaves.
7.5
High
CVE-2021-20273 2021-03-09 12h11 +00:00 A flaw was found in privoxy before 3.0.32. A crash can occur via a crafted CGI request if Privoxy is toggled off.
7.5
High
CVE-2021-20272 2021-03-09 12h10 +00:00 A flaw was found in privoxy before 3.0.32. An assertion failure could be triggered with a crafted CGI request leading to server crash.
7.5
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.