Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
torproject tor vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2021-28089
Tor prior to 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001.
Torproject Tor 0.4.4.1
Torproject Tor 0.4.4.0
Torproject Tor
Torproject Tor 0.4.4.2
Torproject Tor 0.4.4.3
Fedoraproject Fedora 33
445
VMScore
CVE-2020-10593
Tor prior to 0.3.5.10, 0.4.x prior to 0.4.1.9, and 0.4.2.x prior to 0.4.2.7 allows remote malicious users to cause a Denial of Service (memory leak), aka TROVE-2020-004. This occurs in circpad_setup_machine_on_circ because a circuit-padding machine can be negotiated twice on the ...
Torproject Tor
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
445
VMScore
CVE-2020-8516
The daemon in Tor up to and including 0.4.1.8 and 0.4.2.x up to and including 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote malicious users to discover circuit information. NOTE: The network team ...
Torproject Tor
445
VMScore
CVE-2015-2928
The Hidden Service (HS) server implementation in Tor prior to 0.2.4.27, 0.2.5.x prior to 0.2.5.12, and 0.2.6.x prior to 0.2.6.7 allows remote malicious users to cause a denial of service (assertion failure and daemon exit) via unspecified vectors.
Torproject Tor
445
VMScore
CVE-2015-2688
buf_pullup in Tor prior to 0.2.4.26 and 0.2.5.x prior to 0.2.5.11 does not properly handle unexpected arrival times of buffers with invalid layouts, which allows remote malicious users to cause a denial of service (assertion failure and daemon exit) via crafted packets.
Torproject Tor
445
VMScore
CVE-2015-2689
Tor prior to 0.2.4.26 and 0.2.5.x prior to 0.2.5.11 does not properly handle pending-connection resolve states during periods of high DNS load, which allows remote malicious users to cause a denial of service (assertion failure and daemon exit) via crafted packets.
Torproject Tor
445
VMScore
CVE-2015-2929
The Hidden Service (HS) client implementation in Tor prior to 0.2.4.27, 0.2.5.x prior to 0.2.5.12, and 0.2.6.x prior to 0.2.6.7 allows remote servers to cause a denial of service (assertion failure and application exit) via a malformed HS descriptor.
Torproject Tor
445
VMScore
CVE-2019-13075
Tor Browser up to and including 8.5.3 has an information exposure vulnerability. It allows remote malicious users to detect the browser's language via vectors involving an IFRAME element, because text in that language is included in the title attribute of a LINK element for ...
Torproject Tor Browser
445
VMScore
CVE-2019-8955
In Tor prior to 0.3.3.12, 0.3.4.x prior to 0.3.4.11, 0.3.5.x prior to 0.3.5.8, and 0.4.x prior to 0.4.0.2-alpha, remote denial of service against Tor clients and relays can occur via memory exhaustion in the KIST cell scheduler.
Torproject Tor 0.3.4.5
Torproject Tor 0.3.4.6
Torproject Tor 0.3.5.4
Torproject Tor 0.3.5.5
Torproject Tor 0.3.4.1
Torproject Tor 0.3.4.2
Torproject Tor 0.3.5.0
Torproject Tor 0.3.5.1
Torproject Tor
Torproject Tor 0.3.4.0
Torproject Tor 0.3.4.7
Torproject Tor 0.3.5.6
Torproject Tor 0.3.5.7
Torproject Tor 0.4.0.1
Torproject Tor 0.3.4.3
Torproject Tor 0.3.4.4
Torproject Tor 0.3.5.2
Torproject Tor 0.3.5.3
445
VMScore
CVE-2018-0490
An issue exists in Tor prior to 0.2.9.15, 0.3.1.x prior to 0.3.1.10, and 0.3.2.x prior to 0.3.2.10. The directory-authority protocol-list subprotocol implementation allows remote malicious users to cause a denial of service (NULL pointer dereference and directory-authority crash)...
Torproject Tor 0.3.1.4
Torproject Tor 0.3.1.3
Torproject Tor 0.3.1.2
Torproject Tor 0.3.1.1
Torproject Tor 0.3.2.6
Torproject Tor 0.3.2.5
Torproject Tor 0.3.2.4
Torproject Tor 0.3.2.3
Torproject Tor 0.3.2.8
Torproject Tor 0.3.2.1
Torproject Tor 0.3.1.6
Torproject Tor 0.3.1.5
Torproject Tor 0.3.2.7
Torproject Tor 0.3.2.9
Torproject Tor 0.3.2.2
Torproject Tor
Debian Debian Linux 9.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »