CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1031
https://notcve.org/view.php?id=CVE-2015-1031
Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow remote attackers to have unspecified impact via vectors related to (1) the unmap function in list.c or (2) "two additional unconfirmed use-after-free complaints made by Coverity scan." NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de uso después de liberación en Privoxy anterior a 3.0.22 permiten a atacantes remotos tener un impacto no especificado a través de vectores relacionados con (1) la función unmap en list.c o (2) 'las dos quejas adicionales de uso después de liberación no confirmado realizadas por Coverity scan.' NOTA: algunos de estos detalles se obtienen de información de terceras partes. • http://secunia.com/advisories/62123 http://www.debian.org/security/2015/dsa-3133 http://www.openwall.com/lists/oss-security/2015/01/11/1 http://www.privoxy.org/announce.txt •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1030
https://notcve.org/view.php?id=CVE-2015-1030
Memory leak in the rfc2553_connect_to function in jbsocket.c in Privoxy before 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests that are rejected because the socket limit is reached. Fuga de memoria en la función rfc2553_connect_to en jbsocket.c en Privoxy anterior a 3.0.22 permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de un número grande de solicitudes que son rechazadas porque se ha alcanzado el límite del socket. • http://secunia.com/advisories/62123 http://www.openwall.com/lists/oss-security/2015/01/11/1 http://www.privoxy.org/announce.txt • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1201
https://notcve.org/view.php?id=CVE-2015-1201
Privoxy before 3.0.22 allows remote attackers to cause a denial of service (file descriptor consumption) via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Privoxy anterior a 3.0.22 permite a atacantes remotos causar una denegación de servicio (consumo del descriptor de ficheros) a través de vectores no especificados. NOTA: el origen de esta información es desconocido; los detalles se obtienen únicamente de información de terceras partes. • http://secunia.com/advisories/62123 •
CVSS: 5.8EPSS: 1%CPEs: 31EXPL: 2CVE-2013-2503 – Privoxy Proxy - Authentication Information Disclosure
https://notcve.org/view.php?id=CVE-2013-2503
Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code. Privoxy anterior a v3.0.21 no maneja adecuadamente las cabeceras Proxy-Authenticate y Proxy-Authorization en el flujo de datos del cliente, lo que facilita a servidores remotoso HTTP suplantar el servicio proxy establecido a través de un código de estado 407 (Aka Proxy Authentication Required) Privoxy version 3.0.20-1 suffers from an authentication credential exposure vulnerability. • https://www.exploit-db.com/exploits/38377 http://blog.c22.cc/2013/03/11/privoxy-proxy-authentication-credential-exposure-cve-2013-2503 http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.188&view=markup http://lists.opensuse.org/opensuse-updates/2013-03/msg00118.html • CWE-20: Improper Input Validation •