Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tor vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2020-8516
The daemon in Tor up to and including 0.4.1.8 and 0.4.2.x up to and including 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote malicious users to discover circuit information. NOTE: The network team ...
Torproject Tor
NA
CVE-2022-33903
Tor 0.4.7.x prior to 0.4.7.8 allows a denial of service via the wedging of RTT estimation.
Torproject Tor
445
VMScore
CVE-2021-38385
Tor prior to 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-007.
Torproject Tor
445
VMScore
CVE-2017-0375
The hidden-service feature in Tor prior to 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the relay_send_end_cell_from_edge_ function via a malformed BEGIN cell.
Torproject Tor
383
VMScore
CVE-2019-12383
Tor Browser prior to 8.0.1 has an information exposure vulnerability. It allows remote malicious users to detect the browser's UI locale by measuring a button width, even if the user has a "Don't send my language" setting.
Torproject Tor Browser
445
VMScore
CVE-2019-13075
Tor Browser up to and including 8.5.3 has an information exposure vulnerability. It allows remote malicious users to detect the browser's language via vectors involving an IFRAME element, because text in that language is included in the title attribute of a LINK element for ...
Torproject Tor Browser
187
VMScore
CVE-2021-46702
Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to information disclosure. This could allow local malicious users to bypass the intended anonymity feature and obtain information regarding the onion services visited by a local user. This can be accomplished by analyzing ...
Torproject Tor 9.0.7
1 Github repository
445
VMScore
CVE-2017-11565
debian/tor.init in the Debian tor_0.2.9.11-1~deb9u1 package for Tor was designed to execute aa-exec from the standard system pathname if the apparmor package is installed, but implements this incorrectly (with a wrong assumption that the specific pathname would remain the same fo...
Debian Tor 0.2.9.11-1
668
VMScore
CVE-2018-16983
NoScript Classic prior to 5.1.8.7, as used in Tor Browser 7.x and other products, allows malicious users to bypass script blocking via the text/html;/json Content-Type value.
Noscript Noscript
Torproject Tor Browser
481
VMScore
CVE-2014-5572
The Jazzpodium De Tor (aka com.appmakr.app273713) application 206160 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Jazzpodiumdetor Jazzpodium De Tor 206160
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »