CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 0CVE-2016-1982 – Debian Security Advisory 3460-1
https://notcve.org/view.php?id=CVE-2016-1982
27 Jan 2016 — The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content. La función remove_chunked_transfer_coding en filters.c en Privoxy en versiones anteriores a 3.0.24 permite a atacantes remotos causar una denegación de servicio (lectura no válida y caída) a través de contenido fragmentado-codificado manipulado. It was discovered that privoxy, a web proxy with advanced filtering cap... • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176475.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 0CVE-2016-1983 – Debian Security Advisory 3460-1
https://notcve.org/view.php?id=CVE-2016-1983
27 Jan 2016 — The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header. La función client_host en parsers.c en Privoxy en versiones anteriores a 3.0.24 permite a atacantes remotos causar una denegación de servicio (lectura no válida y caída) a través de una cabecera HTTP Host vacía. It was discovered that privoxy, a web proxy with advanced filtering capabilities, contained invalid reads that could enable a re... • http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.302&r2=1.303 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 2%CPEs: 4EXPL: 0CVE-2015-1380
https://notcve.org/view.php?id=CVE-2015-1380
03 Feb 2015 — jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body. jcc.c en Privoxy anterior a 3.0.23 permite a atacantes remotos causar una denegación de servicio (abortar) a través de un cuerpo de fragmentos codificados. • http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197&view=markup • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 5%CPEs: 4EXPL: 0CVE-2015-1381 – Debian Security Advisory 3145-1
https://notcve.org/view.php?id=CVE-2015-1381
30 Jan 2015 — Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors. Múltiples vulnerabilidades no especificadas en pcrs.c en Privoxy anterior a 3.0.23 permiten a atacantes remotos causar una denegación de servicio (fallo de segmentación o consumo de memoria) a través de vectores no especificados. Multiple vulnerabilities were discovered in Privoxy, a privacy enhancing HTTP proxy, which... • http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197&view=markup • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 2%CPEs: 4EXPL: 0CVE-2015-1382 – Debian Security Advisory 3145-1
https://notcve.org/view.php?id=CVE-2015-1382
30 Jan 2015 — parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header. parsers.c en Privoxy anterior a 3.0.23 permite a atacantes remotos causar una denegación de servicio (lectura inválida y caída) a través de vectores relacionados con una cabecera de tiempos de HTTP. Multiple vulnerabilities were discovered in Privoxy, a privacy enhancing HTTP proxy, which might result in denial of service. • http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197&view=markup • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1201
https://notcve.org/view.php?id=CVE-2015-1201
20 Jan 2015 — Privoxy before 3.0.22 allows remote attackers to cause a denial of service (file descriptor consumption) via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Privoxy anterior a 3.0.22 permite a atacantes remotos causar una denegación de servicio (consumo del descriptor de ficheros) a través de vectores no especificados. NOTA: el origen de esta información es desconocido; los detalles se obtienen únicamente de información ... • http://secunia.com/advisories/62123 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1030
https://notcve.org/view.php?id=CVE-2015-1030
20 Jan 2015 — Memory leak in the rfc2553_connect_to function in jbsocket.c in Privoxy before 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests that are rejected because the socket limit is reached. Fuga de memoria en la función rfc2553_connect_to en jbsocket.c en Privoxy anterior a 3.0.22 permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de un número grande de solicitudes que son rechazadas porque se ha alcanzado el lí... • http://secunia.com/advisories/62123 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1031 – Debian Security Advisory 3133-1
https://notcve.org/view.php?id=CVE-2015-1031
20 Jan 2015 — Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow remote attackers to have unspecified impact via vectors related to (1) the unmap function in list.c or (2) "two additional unconfirmed use-after-free complaints made by Coverity scan." NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de uso después de liberación en Privoxy anterior a 3.0.22 permiten a atacantes remotos tener un impacto no especificado a través de vectores relacionados con ... • http://secunia.com/advisories/62123 •
CVSS: 7.5EPSS: 0%CPEs: 31EXPL: 2CVE-2013-2503 – Privoxy Proxy - Authentication Information Disclosure
https://notcve.org/view.php?id=CVE-2013-2503
11 Mar 2013 — Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code. Privoxy anterior a v3.0.21 no maneja adecuadamente las cabeceras Proxy-Authenticate y Proxy-Authorization en el flujo de datos del cliente, lo que facilita a servidores remotoso HTTP suplantar el servicio proxy establecido a través de... • https://www.exploit-db.com/exploits/38377 • CWE-20: Improper Input Validation •