彙總 privoxy 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
常見弱點模式包括 輸入驗證問題、緩衝區溢位、記憶體損壞與跨站腳本,在 軟體部署與生產負載 使用場景中可能帶來 記憶體損壞、檔案覆寫與工作階段劫持 等風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2021-44543 | An XSS vulnerability was found in Privoxy which was fixed in cgi_error_no_template() by encode the template name when Privoxy is configured to servce the user-manual itself. | [email protected] | 6.1 | 0.79% | 2021-12-23 | 2026-06-17 |
| CVE-2021-44542 | A memory leak vulnerability was found in Privoxy when handling errors. | [email protected] | 7.5 | 1.21% | 2021-12-23 | 2026-06-17 |
| CVE-2021-44541 | A vulnerability was found in Privoxy which was fixed in process_encrypted_request_headers() by freeing header memory when failing to get the request destination. | [email protected] | 7.5 | 1.39% | 2021-12-23 | 2026-06-17 |
| CVE-2021-44540 | A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by freeing memory of compiled pattern spec before bailing. | [email protected] | 7.5 | 1.30% | 2021-12-23 | 2026-06-17 |
| CVE-2021-20209 | A memory leak vulnerability was found in Privoxy before 3.0.29 in the show-status CGI handler when no action files are configured. | [email protected] | 7.5 | 1.90% | 2021-05-25 | 2026-06-16 |
| CVE-2021-20217 | A flaw was found in Privoxy in versions before 3.0.31. An assertion failure triggered by a crafted CGI request may lead to denial of service. The highest threat from this vulnerability is to system availability. | [email protected] | 7.5 | 1.37% | 2021-03-25 | 2026-06-16 |
| CVE-2021-20216 | A flaw was found in Privoxy in versions before 3.0.31. A memory leak that occurs when decompression fails unexpectedly may lead to a denial of service. The highest threat from this vulnerability is to system availability. | [email protected] | 7.5 | 2.28% | 2021-03-25 | 2026-06-16 |
| CVE-2021-20215 | A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the show-status CGI handler when memory allocations fail can lead to a system crash. | [email protected] | 7.5 | 2.25% | 2021-03-25 | 2026-06-16 |
| CVE-2021-20214 | A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the client-tags CGI handler when client tags are configured and memory allocations fail can lead to a system crash. | [email protected] | 7.5 | 2.02% | 2021-03-25 | 2026-06-16 |
| CVE-2021-20213 | A flaw was found in Privoxy in versions before 3.0.29. Dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header and a memory allocation failed. | [email protected] | 7.5 | 1.57% | 2021-03-25 | 2026-06-16 |
| CVE-2021-20212 | A flaw was found in Privoxy in versions before 3.0.29. Memory leak if multiple filters are executed and the last one is skipped due to a pcre error leading to a system crash. | [email protected] | 7.5 | 2.02% | 2021-03-25 | 2026-06-16 |
| CVE-2021-20211 | A flaw was found in Privoxy in versions before 3.0.29. Memory leak when client tags are active can cause a system crash. | [email protected] | 7.5 | 2.15% | 2021-03-25 | 2026-06-16 |
| CVE-2021-20210 | A flaw was found in Privoxy in versions before 3.0.29. Memory leak in the show-status CGI handler when no filter files are configured can lead to a system crash. | [email protected] | 7.5 | 2.35% | 2021-03-25 | 2026-06-16 |
| CVE-2020-35502 | A flaw was found in Privoxy in versions before 3.0.29. Memory leaks when a response is buffered and the buffer limit is reached or Privoxy is running out of memory can lead to a system crash. | [email protected] | 7.5 | 2.35% | 2021-03-25 | 2026-06-16 |
| CVE-2021-20276 | A flaw was found in privoxy before 3.0.32. Invalid memory access with an invalid pattern passed to pcre_compile() may lead to denial of service. | [email protected] | 7.5 | 1.95% | 2021-03-09 | 2026-06-16 |
| CVE-2021-20275 | A flaw was found in privoxy before 3.0.32. A invalid read of size two may occur in chunked_body_is_complete() leading to denial of service. | [email protected] | 7.5 | 1.95% | 2021-03-09 | 2026-06-16 |
| CVE-2021-20274 | A flaw was found in privoxy before 3.0.32. A crash may occur due a NULL-pointer dereference when the socks server misbehaves. | [email protected] | 7.5 | 1.92% | 2021-03-09 | 2026-06-16 |
| CVE-2021-20273 | A flaw was found in privoxy before 3.0.32. A crash can occur via a crafted CGI request if Privoxy is toggled off. | [email protected] | 7.5 | 1.95% | 2021-03-09 | 2026-06-16 |
| CVE-2021-20272 | A flaw was found in privoxy before 3.0.32. An assertion failure could be triggered with a crafted CGI request leading to server crash. | [email protected] | 7.5 | 2.11% | 2021-03-09 | 2026-06-16 |
| CVE-2019-3699 | UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of privoxy on openSUSE Leap 15.1, Factory allows local attackers to escalate from user privoxy to root. This issue affects: openSUSE Leap 15.1 privoxy version 3.0.28-lp151.1.1 and prior versions. openSUSE Factory privoxy version 3.0.28-2.1 and prior versions. | [email protected] | 7.7 | 0.41% | 2020-01-24 | 2026-06-16 |