Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
torproject tor vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-16983
NoScript Classic prior to 5.1.8.7, as used in Tor Browser 7.x and other products, allows malicious users to bypass script blocking via the text/html;/json Content-Type value.
Noscript Noscript
Torproject Tor Browser
7.5
CVSSv3
CVE-2022-33903
Tor 0.4.7.x prior to 0.4.7.8 allows a denial of service via the wedging of RTT estimation.
Torproject Tor
7.5
CVSSv3
CVE-2021-38385
Tor prior to 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-007.
Torproject Tor
7.5
CVSSv3
CVE-2021-34549
An issue exists in Tor prior to 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit data. Consequently. an attacker can trigger the use of an attacker-chosen circuit ID to cause algorithm inefficiency.
Torproject Tor
7.5
CVSSv3
CVE-2021-34550
An issue exists in Tor prior to 0.4.6.5, aka TROVE-2021-006. The v3 onion service descriptor parsing allows out-of-bounds memory access, and a client crash, via a crafted onion service descriptor
Torproject Tor
7.5
CVSSv3
CVE-2021-34548
An issue exists in Tor prior to 0.4.6.5, aka TROVE-2021-003. An attacker can forge RELAY_END or RELAY_RESOLVED to bypass the intended access control for ending a stream.
Torproject Tor
7.5
CVSSv3
CVE-2021-28089
Tor prior to 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001.
Torproject Tor 0.4.4.1
Torproject Tor 0.4.4.0
Torproject Tor
Torproject Tor 0.4.4.2
Torproject Tor 0.4.4.3
Fedoraproject Fedora 33
7.5
CVSSv3
CVE-2020-15572
Tor prior to 0.4.3.6 has an out-of-bounds memory access that allows a remote denial-of-service (crash) attack against Tor instances built to use Mozilla Network Security Services (NSS), aka TROVE-2020-001.
Torproject Tor
Torproject Tor 0.4.4.0
Torproject Tor 0.4.4.1
7.5
CVSSv3
CVE-2020-10592
Tor prior to 0.3.5.10, 0.4.x prior to 0.4.1.9, and 0.4.2.x prior to 0.4.2.7 allows remote malicious users to cause a Denial of Service (CPU consumption), aka TROVE-2020-002.
Torproject Tor
Opensuse Backports Sle-15
Opensuse Leap 15.1
7.5
CVSSv3
CVE-2020-10593
Tor prior to 0.3.5.10, 0.4.x prior to 0.4.1.9, and 0.4.2.x prior to 0.4.2.7 allows remote malicious users to cause a Denial of Service (memory leak), aka TROVE-2020-004. This occurs in circpad_setup_machine_on_circ because a circuit-padding machine can be negotiated twice on the ...
Torproject Tor
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »