Debian Privoxy vulnerabilities

29 known vulnerabilities affecting debian/privoxy.

Total CVEs
29
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH21MEDIUM5LOW3

Vulnerabilities

Page 2 of 2
CVE-2016-1983HIGHCVSS 7.5fixed in privoxy 3.0.24-1 (bookworm)2016
CVE-2016-1983 [HIGH] CVE-2016-1983: privoxy - The client_host function in parsers.c in Privoxy before 3.0.24 allows remote att... The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header. Scope: local bookworm: resolved (fixed in 3.0.24-1) bullseye: resolved (fixed in 3.0.24-1) forky: resolved (fixed in 3.0.24-1) sid: resolved (fixed in 3.0.24-1) trixie: resolved (fixed in 3.0.24-1)
debian
CVE-2015-1031HIGHCVSS 7.5fixed in privoxy 3.0.21-5 (bookworm)2015
CVE-2015-1031 [HIGH] CVE-2015-1031: privoxy - Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow remote at... Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow remote attackers to have unspecified impact via vectors related to (1) the unmap function in list.c or (2) "two additional unconfirmed use-after-free complaints made by Coverity scan." NOTE: some of these details are obtained from third party information. Scope: local bookworm: resolved (fixed in 3
debian
CVE-2015-1381MEDIUMCVSS 5.0fixed in privoxy 3.0.21-7 (bookworm)2015
CVE-2015-1381 [MEDIUM] CVE-2015-1381: privoxy - Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow re... Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors. Scope: local bookworm: resolved (fixed in 3.0.21-7) bullseye: resolved (fixed in 3.0.21-7) forky: resolved (fixed in 3.0.21-7) sid: resolved (fixed in 3.0.21-7) trixie: resolve
debian
CVE-2015-1030MEDIUMCVSS 5.0fixed in privoxy 3.0.21-5 (bookworm)2015
CVE-2015-1030 [MEDIUM] CVE-2015-1030: privoxy - Memory leak in the rfc2553_connect_to function in jbsocket.c in Privoxy before 3... Memory leak in the rfc2553_connect_to function in jbsocket.c in Privoxy before 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests that are rejected because the socket limit is reached. Scope: local bookworm: resolved (fixed in 3.0.21-5) bullseye: resolved (fixed in 3.0.21-5) forky: resolved (fixed in 3.0.2
debian
CVE-2015-1380MEDIUMCVSS 5.0fixed in privoxy 3.0.21-7 (bookworm)2015
CVE-2015-1380 [MEDIUM] CVE-2015-1380: privoxy - jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of serv... jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body. Scope: local bookworm: resolved (fixed in 3.0.21-7) bullseye: resolved (fixed in 3.0.21-7) forky: resolved (fixed in 3.0.21-7) sid: resolved (fixed in 3.0.21-7) trixie: resolved (fixed in 3.0.21-7)
debian
CVE-2015-1382MEDIUMCVSS 5.0fixed in privoxy 3.0.21-7 (bookworm)2015
CVE-2015-1382 [MEDIUM] CVE-2015-1382: privoxy - parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of ... parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header. Scope: local bookworm: resolved (fixed in 3.0.21-7) bullseye: resolved (fixed in 3.0.21-7) forky: resolved (fixed in 3.0.21-7) sid: resolved (fixed in 3.0.21-7) trixie: resolved (fixed in 3.0.21-7)
debian
CVE-2013-2503LOWCVSS 5.8PoCfixed in privoxy 3.0.21-1 (bookworm)2013
CVE-2013-2503 [MEDIUM] CVE-2013-2503: privoxy - Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Auth... Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code. Scope: local bookworm: resolved (fixed in 3.0.21-1) bullseye: resolved (fixed in 3.0.21-1)
debian
CVE-2005-1109LOWCVSS 7.52005
CVE-2005-1109 [HIGH] CVE-2005-1109: privoxy - The filtering of URLs in JunkBuster before 2.0.2-r3 allows remote attackers to c... The filtering of URLs in JunkBuster before 2.0.2-r3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via heap corruption. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved
debian
CVE-2005-1108LOWCVSS 5.02005
CVE-2005-1108 [MEDIUM] CVE-2005-1108: privoxy - The ij_untrusted_url function in JunkBuster 2.0.2-r2, with single-threaded mode ... The ij_untrusted_url function in JunkBuster 2.0.2-r2, with single-threaded mode enabled, allows remote attackers to overwrite the referrer field via a crafted HTTP request. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved
debian
← Previous2 / 2