Vulnerabilities > Privoxy

DATE CVE VULNERABILITY TITLE RISK
2016-01-27 CVE-2016-1983 Improper Input Validation vulnerability in Privoxy
The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header.
network
low complexity
privoxy CWE-20
5.0
2016-01-27 CVE-2016-1982 Improper Input Validation vulnerability in Privoxy
The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content.
network
low complexity
privoxy CWE-20
5.0
2015-02-10 CVE-2015-1031 Use After Free Remote Code Execution vulnerability in Privoxy
Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow remote attackers to have unspecified impact via vectors related to (1) the unmap function in list.c or (2) "two additional unconfirmed use-after-free complaints made by Coverity scan." NOTE: some of these details are obtained from third party information.
network
low complexity
privoxy
7.5
2015-02-03 CVE-2015-1382 Improper Input Validation vulnerability in multiple products
parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header.
network
low complexity
debian privoxy opensuse CWE-20
5.0
2015-02-03 CVE-2015-1381 Resource Management Errors vulnerability in multiple products
Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors.
network
low complexity
opensuse debian privoxy CWE-399
5.0
2015-02-03 CVE-2015-1380 Improper Input Validation vulnerability in multiple products
jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body.
network
low complexity
privoxy oracle opensuse CWE-20
5.0
2015-01-20 CVE-2015-1201 Remote Denial of Service vulnerability in Privoxy
Privoxy before 3.0.22 allows remote attackers to cause a denial of service (file descriptor consumption) via unspecified vectors.
network
low complexity
privoxy
5.0
2015-01-20 CVE-2015-1030 Resource Management Errors vulnerability in Privoxy
Memory leak in the rfc2553_connect_to function in jbsocket.c in Privoxy before 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests that are rejected because the socket limit is reached.
network
low complexity
privoxy CWE-399
5.0
2013-03-11 CVE-2013-2503 Improper Input Validation vulnerability in Privoxy
Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code.
network
privoxy CWE-20
5.8