Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
torproject vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2017-0377
Tor 0.3.x prior to 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote malicious users to defeat intended anonymity properties by leveraging the existence of large families.
Torproject Tor 0.3.0.5
Torproject Tor 0.3.0.4
Torproject Tor 0.3.0.3
Torproject Tor 0.3.0.2
Torproject Tor 0.3.0.8
Torproject Tor 0.3.0.6
Torproject Tor 0.3.0.1
Torproject Tor 0.3.0.7
5
CVSSv2
CVE-2016-8860
Tor prior to 0.2.8.9 and 0.2.9.x prior to 0.2.9.4-alpha had internal functions that were entitled to expect that buf_t data had NUL termination, but the implementation of or/buffers.c did not ensure that NUL termination was present, which allows remote malicious users to cause a ...
Torproject Tor 0.2.9.3
Torproject Tor 0.2.9.0
Torproject Tor
Torproject Tor 0.2.9.2
Torproject Tor 0.2.9.1
5
CVSSv2
CVE-2021-28089
Tor prior to 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001.
Torproject Tor 0.4.4.1
Torproject Tor 0.4.4.0
Torproject Tor
Torproject Tor 0.4.4.2
Torproject Tor 0.4.4.3
Fedoraproject Fedora 33
5
CVSSv2
CVE-2021-28090
Tor prior to 0.4.5.7 allows a remote malicious user to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002.
Torproject Tor 0.4.4.1
Torproject Tor 0.4.4.0
Torproject Tor
Torproject Tor 0.4.4.2
Torproject Tor 0.4.4.3
Fedoraproject Fedora 33
4.3
CVSSv2
CVE-2020-15572
Tor prior to 0.4.3.6 has an out-of-bounds memory access that allows a remote denial-of-service (crash) attack against Tor instances built to use Mozilla Network Security Services (NSS), aka TROVE-2020-001.
Torproject Tor
Torproject Tor 0.4.4.0
Torproject Tor 0.4.4.1
3.6
CVSSv2
CVE-2021-39246
Tor Browser up to and including 10.5.6 and 11.x up to and including 11.0a4 allows a correlation attack that can compromise the privacy of visits to v2 onion addresses. Exact timestamps of these onion-service visits are logged locally, and an attacker might be able to compare them...
Torproject Tor Browser
Torproject Tor Browser 11.0
5
CVSSv2
CVE-2017-0375
The hidden-service feature in Tor prior to 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the relay_send_end_cell_from_edge_ function via a malformed BEGIN cell.
Torproject Tor
5
CVSSv2
CVE-2018-0491
A use-after-free issue exists in Tor 0.3.2.x prior to 0.3.2.10. It allows remote malicious users to cause a denial of service (relay crash) because the KIST implementation allows a channel to be added more than once in the pending list.
Torproject Tor
1 EDB exploit
5
CVSSv2
CVE-2021-38385
Tor prior to 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-007.
Torproject Tor
5
CVSSv2
CVE-2021-34548
An issue exists in Tor prior to 0.4.6.5, aka TROVE-2021-003. An attacker can forge RELAY_END or RELAY_RESOLVED to bypass the intended access control for ending a stream.
Torproject Tor
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »