CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20215 – Ubuntu Security Notice USN-4886-1
https://notcve.org/view.php?id=CVE-2021-20215
23 Mar 2021 — A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the show-status CGI handler when memory allocations fail can lead to a system crash. Se encontró un fallo en Privoxy en versiones anteriores a 3.0.29. Unas pérdidas de memoria en el manejador CGI show-status cuando un fallo de las asignaciones de memoria puede conllevar a un bloqueo del sistema It was discovered that Privoxy incorrectly handled CGI requests. An attacker could possibly use this issue to cause a denial of service or o... • https://bugzilla.redhat.com/show_bug.cgi?id=1928746 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20214 – Ubuntu Security Notice USN-4886-1
https://notcve.org/view.php?id=CVE-2021-20214
23 Mar 2021 — A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the client-tags CGI handler when client tags are configured and memory allocations fail can lead to a system crash. Se encontró un fallo en Privoxy en versiones anteriores a 3.0.29. Unas pérdidas de memoria en el manejador CGI de etiquetas de cliente cuando las etiquetas de cliente son configuradas y un fallo de las asignaciones de memoria puede conllevar a un bloqueo del sistema It was discovered that Privoxy incorrectly handled CG... • https://bugzilla.redhat.com/show_bug.cgi?id=1928742 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20216 – Ubuntu Security Notice USN-4886-1
https://notcve.org/view.php?id=CVE-2021-20216
23 Mar 2021 — A flaw was found in Privoxy in versions before 3.0.31. A memory leak that occurs when decompression fails unexpectedly may lead to a denial of service. The highest threat from this vulnerability is to system availability. Se encontró un fallo en Privoxy en versiones anteriores a 3.0.31. Una pérdida de memoria ocurre cuando un fallo de descompresión inesperadamente puede conllevar a una denegación de servicio. • https://bugzilla.redhat.com/show_bug.cgi?id=1923256 • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20213 – Ubuntu Security Notice USN-4886-1
https://notcve.org/view.php?id=CVE-2021-20213
23 Mar 2021 — A flaw was found in Privoxy in versions before 3.0.29. Dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header and a memory allocation failed. Se encontró un fallo en Privoxy en versiones anteriores a 3.0.29. Una desreferencia de un puntero NULL podría resultar en un bloqueo si se habilitaba accept-intercepted-requests, Privoxy falló en obtener el destino de la petición del encabezado del h... • https://bugzilla.redhat.com/show_bug.cgi?id=1928739 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20276 – Gentoo Linux Security Advisory 202107-16
https://notcve.org/view.php?id=CVE-2021-20276
09 Mar 2021 — A flaw was found in privoxy before 3.0.32. Invalid memory access with an invalid pattern passed to pcre_compile() may lead to denial of service. Se encontró un fallo en privoxy versiones anteriores a 3.0.32. Un acceso a la memoria no válido con un patrón no válido pasado a la función pcre_compile() puede conllevar a una denegación de servicio Multiple vulnerabilities have been found in Privoxy, the worst of which could result in Denial of Service. Versions less than 3.0.32 are affected. • https://bugzilla.redhat.com/show_bug.cgi?id=1936668 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20275 – Ubuntu Security Notice USN-4886-1
https://notcve.org/view.php?id=CVE-2021-20275
09 Mar 2021 — A flaw was found in privoxy before 3.0.32. A invalid read of size two may occur in chunked_body_is_complete() leading to denial of service. Se encontró un fallo en privoxy versiones anteriores a 3.0.32. Una lectura no válida de tamaño dos puede ocurrir en la función chunked_body_is_complete() conllevando a una denegación de servicio It was discovered that Privoxy incorrectly handled CGI requests. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. • https://bugzilla.redhat.com/show_bug.cgi?id=1936666 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20274 – Gentoo Linux Security Advisory 202107-16
https://notcve.org/view.php?id=CVE-2021-20274
09 Mar 2021 — A flaw was found in privoxy before 3.0.32. A crash may occur due a NULL-pointer dereference when the socks server misbehaves. Se encontró un fallo en privoxy versiones anteriores a 3.0.32. Puede ocurrir un bloqueo debido a una desreferencia del puntero NULL cuando el servidor socks se comporta inapropiadamente Multiple vulnerabilities have been found in Privoxy, the worst of which could result in Denial of Service. Versions less than 3.0.32 are affected. • https://bugzilla.redhat.com/show_bug.cgi?id=1936662 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20273 – Ubuntu Security Notice USN-4886-1
https://notcve.org/view.php?id=CVE-2021-20273
09 Mar 2021 — A flaw was found in privoxy before 3.0.32. A crash can occur via a crafted CGI request if Privoxy is toggled off. Se encontró un fallo en privoxy versiones anteriores a 3.0.32. Se puede presentar un bloqueo por medio de una petición CGI diseñada si Privoxy está desactivado It was discovered that Privoxy incorrectly handled CGI requests. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. • https://bugzilla.redhat.com/show_bug.cgi?id=1936658 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20272 – Ubuntu Security Notice USN-4886-1
https://notcve.org/view.php?id=CVE-2021-20272
09 Mar 2021 — A flaw was found in privoxy before 3.0.32. An assertion failure could be triggered with a crafted CGI request leading to server crash. Se encontró un fallo en privoxy versiones anteriores a 3.0.32. Se podría desencadenar un fallo de aserción con una petición CGI diseñada conllevando a un bloqueo del servidor It was discovered that Privoxy incorrectly handled CGI requests. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. • https://bugzilla.redhat.com/show_bug.cgi?id=1936651 • CWE-617: Reachable Assertion •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-3699 – Local privilege escalation from user privoxy to root
https://notcve.org/view.php?id=CVE-2019-3699
24 Jan 2020 — UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of privoxy on openSUSE Leap 15.1, Factory allows local attackers to escalate from user privoxy to root. This issue affects: openSUSE Leap 15.1 privoxy version 3.0.28-lp151.1.1 and prior versions. openSUSE Factory privoxy version 3.0.28-2.1 and prior versions. Una vulnerabilidad de tipo UNIX Symbolic Link (Symlink) Following en el empaquetado de privoxy en openSUSE Leap versión 15.1, Factory permite a atacantes locales escalar desde un usu... • https://bugzilla.suse.com/show_bug.cgi?id=1157449 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •