Vulnerabilities > Privoxy > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-23 | CVE-2021-44543 | Cross-site Scripting vulnerability in Privoxy An XSS vulnerability was found in Privoxy which was fixed in cgi_error_no_template() by encode the template name when Privoxy is configured to servce the user-manual itself. | 6.1 |
| 2021-03-25 | CVE-2021-20213 | NULL Pointer Dereference vulnerability in Privoxy A flaw was found in Privoxy in versions before 3.0.29. | 4.3 |
| 2021-03-09 | CVE-2021-20276 | A flaw was found in privoxy before 3.0.32. | 5.0 |
| 2021-03-09 | CVE-2021-20275 | Out-of-bounds Read vulnerability in multiple products A flaw was found in privoxy before 3.0.32. | 5.0 |
| 2021-03-09 | CVE-2021-20274 | NULL Pointer Dereference vulnerability in Privoxy A flaw was found in privoxy before 3.0.32. | 5.0 |
| 2021-03-09 | CVE-2021-20273 | Improper Input Validation vulnerability in multiple products A flaw was found in privoxy before 3.0.32. | 5.0 |
| 2021-03-09 | CVE-2021-20272 | Reachable Assertion vulnerability in multiple products A flaw was found in privoxy before 3.0.32. | 5.0 |
| 2016-01-27 | CVE-2016-1983 | Improper Input Validation vulnerability in Privoxy The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header. | 5.0 |
| 2016-01-27 | CVE-2016-1982 | Improper Input Validation vulnerability in Privoxy The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content. | 5.0 |
| 2015-02-03 | CVE-2015-1382 | Improper Input Validation vulnerability in multiple products parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header. | 5.0 |