Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tor tor vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2015-2928
The Hidden Service (HS) server implementation in Tor prior to 0.2.4.27, 0.2.5.x prior to 0.2.5.12, and 0.2.6.x prior to 0.2.6.7 allows remote malicious users to cause a denial of service (assertion failure and daemon exit) via unspecified vectors.
Torproject Tor
7.5
CVSSv3
CVE-2015-2929
The Hidden Service (HS) client implementation in Tor prior to 0.2.4.27, 0.2.5.x prior to 0.2.5.12, and 0.2.6.x prior to 0.2.6.7 allows remote servers to cause a denial of service (assertion failure and application exit) via a malformed HS descriptor.
Torproject Tor
7.5
CVSSv3
CVE-2019-8955
In Tor prior to 0.3.3.12, 0.3.4.x prior to 0.3.4.11, 0.3.5.x prior to 0.3.5.8, and 0.4.x prior to 0.4.0.2-alpha, remote denial of service against Tor clients and relays can occur via memory exhaustion in the KIST cell scheduler.
Torproject Tor
Torproject Tor 0.3.4.0
Torproject Tor 0.3.4.1
Torproject Tor 0.3.4.2
Torproject Tor 0.3.4.3
Torproject Tor 0.3.4.4
Torproject Tor 0.3.4.5
Torproject Tor 0.3.4.6
Torproject Tor 0.3.4.7
Torproject Tor 0.3.5.0
Torproject Tor 0.3.5.1
Torproject Tor 0.3.5.2
Torproject Tor 0.3.5.3
Torproject Tor 0.3.5.4
Torproject Tor 0.3.5.5
Torproject Tor 0.3.5.6
Torproject Tor 0.3.5.7
Torproject Tor 0.4.0.1
7.5
CVSSv3
CVE-2018-0491
A use-after-free issue exists in Tor 0.3.2.x prior to 0.3.2.10. It allows remote malicious users to cause a denial of service (relay crash) because the KIST implementation allows a channel to be added more than once in the pending list.
Torproject Tor
1 EDB exploit
7.5
CVSSv3
CVE-2018-0490
An issue exists in Tor prior to 0.2.9.15, 0.3.1.x prior to 0.3.1.10, and 0.3.2.x prior to 0.3.2.10. The directory-authority protocol-list subprotocol implementation allows remote malicious users to cause a denial of service (NULL pointer dereference and directory-authority crash)...
Torproject Tor 0.3.1.1
Torproject Tor 0.3.1.2
Torproject Tor 0.3.1.3
Torproject Tor 0.3.1.4
Torproject Tor 0.3.1.5
Torproject Tor 0.3.2.7
Torproject Tor 0.3.2.8
Torproject Tor 0.3.2.9
Torproject Tor 0.3.2.6
Torproject Tor 0.3.2.5
Torproject Tor 0.3.2.4
Torproject Tor 0.3.2.3
Torproject Tor 0.3.2.2
Torproject Tor 0.3.2.1
Torproject Tor
Torproject Tor 0.3.1.6
Debian Debian Linux 9.0
7.5
CVSSv3
CVE-2016-1254
Tor prior to 0.2.8.12 might allow remote malicious users to cause a denial of service (client crash) via a crafted hidden service descriptor.
Torproject Tor
Opensuse Project Leap 42.1
Debian Debian Linux 8.0
Fedoraproject Fedora 25
Fedoraproject Fedora 24
Debian Debian Linux 9.0
Opensuse Leap 42.2
Opensuse Opensuse 13.2
7.5
CVSSv3
CVE-2017-8819
In Tor prior to 0.2.5.16, 0.2.6 up to and including 0.2.8 prior to 0.2.8.17, 0.2.9 prior to 0.2.9.14, 0.3.0 prior to 0.3.0.13, and 0.3.1 prior to 0.3.1.9, the replay-cache protection mechanism is ineffective for v2 onion services, aka TROVE-2017-009. An attacker can send many INT...
Tor Project Tor
Debian Debian Linux 8.0
Debian Debian Linux 9.0
7.5
CVSSv3
CVE-2017-8820
In Tor prior to 0.2.5.16, 0.2.6 up to and including 0.2.8 prior to 0.2.8.17, 0.2.9 prior to 0.2.9.14, 0.3.0 prior to 0.3.0.13, and 0.3.1 prior to 0.3.1.9, remote attackers can cause a denial of service (NULL pointer dereference and application crash) against directory authorities...
Tor Project Tor
Debian Debian Linux 8.0
Debian Debian Linux 9.0
7.5
CVSSv3
CVE-2017-8821
In Tor prior to 0.2.5.16, 0.2.6 up to and including 0.2.8 prior to 0.2.8.17, 0.2.9 prior to 0.2.9.14, 0.3.0 prior to 0.3.0.13, and 0.3.1 prior to 0.3.1.9, an attacker can cause a denial of service (application hang) via crafted PEM input that signifies a public key requiring a pa...
Tor Project Tor
Debian Debian Linux 8.0
Debian Debian Linux 9.0
7.5
CVSSv3
CVE-2017-11565
debian/tor.init in the Debian tor_0.2.9.11-1~deb9u1 package for Tor was designed to execute aa-exec from the standard system pathname if the apparmor package is installed, but implements this incorrectly (with a wrong assumption that the specific pathname would remain the same fo...
Debian Tor 0.2.9.11-1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege
CVE-2022-48762
CVE-2022-48751
CVE-2024-37079
CVE-2024-30848
LFI
man-in-the-middle
CVE-2022-48736
CVE-2024-30103
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »