Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
torproject vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2017-0377
Tor 0.3.x prior to 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote malicious users to defeat intended anonymity properties by leveraging the existence of large families.
Torproject Tor 0.3.0.5
Torproject Tor 0.3.0.4
Torproject Tor 0.3.0.3
Torproject Tor 0.3.0.2
Torproject Tor 0.3.0.8
Torproject Tor 0.3.0.6
Torproject Tor 0.3.0.1
Torproject Tor 0.3.0.7
5
CVSSv2
CVE-2016-8860
Tor prior to 0.2.8.9 and 0.2.9.x prior to 0.2.9.4-alpha had internal functions that were entitled to expect that buf_t data had NUL termination, but the implementation of or/buffers.c did not ensure that NUL termination was present, which allows remote malicious users to cause a ...
Torproject Tor 0.2.9.3
Torproject Tor 0.2.9.0
Torproject Tor
Torproject Tor 0.2.9.2
Torproject Tor 0.2.9.1
5
CVSSv2
CVE-2021-28089
Tor prior to 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001.
Torproject Tor 0.4.4.1
Torproject Tor 0.4.4.0
Torproject Tor
Torproject Tor 0.4.4.2
Torproject Tor 0.4.4.3
Fedoraproject Fedora 33
5
CVSSv2
CVE-2021-28090
Tor prior to 0.4.5.7 allows a remote malicious user to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002.
Torproject Tor 0.4.4.1
Torproject Tor 0.4.4.0
Torproject Tor
Torproject Tor 0.4.4.2
Torproject Tor 0.4.4.3
Fedoraproject Fedora 33
4.3
CVSSv2
CVE-2020-15572
Tor prior to 0.4.3.6 has an out-of-bounds memory access that allows a remote denial-of-service (crash) attack against Tor instances built to use Mozilla Network Security Services (NSS), aka TROVE-2020-001.
Torproject Tor
Torproject Tor 0.4.4.0
Torproject Tor 0.4.4.1
3.6
CVSSv2
CVE-2021-39246
Tor Browser up to and including 10.5.6 and 11.x up to and including 11.0a4 allows a correlation attack that can compromise the privacy of visits to v2 onion addresses. Exact timestamps of these onion-service visits are logged locally, and an attacker might be able to compare them...
Torproject Tor Browser
Torproject Tor Browser 11.0
5
CVSSv2
CVE-2021-34548
An issue exists in Tor prior to 0.4.6.5, aka TROVE-2021-003. An attacker can forge RELAY_END or RELAY_RESOLVED to bypass the intended access control for ending a stream.
Torproject Tor
5
CVSSv2
CVE-2021-34549
An issue exists in Tor prior to 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit data. Consequently. an attacker can trigger the use of an attacker-chosen circuit ID to cause algorithm inefficiency.
Torproject Tor
5
CVSSv2
CVE-2021-34550
An issue exists in Tor prior to 0.4.6.5, aka TROVE-2021-006. The v3 onion service descriptor parsing allows out-of-bounds memory access, and a client crash, via a crafted onion service descriptor
Torproject Tor
5
CVSSv2
CVE-2021-38385
Tor prior to 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-007.
Torproject Tor
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »