Shodan
Vulnerabilities
Vulnerable Software
Privoxy:  >> Privoxy  >> 3.0.13  Security Vulnerabilities
CVE-2016-1983
The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header.
CVSS Score
7.5
EPSS Score
0.018
Published
2016-01-27
CVE-2016-1982
The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content.
CVSS Score
7.5
EPSS Score
0.018
Published
2016-01-27
CVE-2015-1031
Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow remote attackers to have unspecified impact via vectors related to (1) the unmap function in list.c or (2) "two additional unconfirmed use-after-free complaints made by Coverity scan." NOTE: some of these details are obtained from third party information.
CVSS Score
7.5
EPSS Score
0.007
Published
2015-02-10
CVE-2015-1382
parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header.
CVSS Score
5.0
EPSS Score
0.022
Published
2015-02-03
CVE-2015-1381
Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors.
CVSS Score
5.0
EPSS Score
0.022
Published
2015-02-03
CVE-2015-1380
jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body.
CVSS Score
5.0
EPSS Score
0.01
Published
2015-02-03
CVE-2015-1201
Privoxy before 3.0.22 allows remote attackers to cause a denial of service (file descriptor consumption) via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVSS Score
5.0
EPSS Score
0.005
Published
2015-01-20
CVE-2015-1030
Memory leak in the rfc2553_connect_to function in jbsocket.c in Privoxy before 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests that are rejected because the socket limit is reached.
CVSS Score
5.0
EPSS Score
0.005
Published
2015-01-20
CVE-2013-2503
Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code.
CVSS Score
5.8
EPSS Score
0.02
Published
2013-03-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved