Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
torproject vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2017-16639
Tor Browser on Windows prior to 8.0 allows remote malicious users to bypass the intended anonymity feature and discover a client IP address, a different vulnerability than CVE-2017-16541. User interaction is required to trigger this vulnerability.
Torproject Tor Browser
5
CVSSv2
CVE-2018-0491
A use-after-free issue exists in Tor 0.3.2.x prior to 0.3.2.10. It allows remote malicious users to cause a denial of service (relay crash) because the KIST implementation allows a channel to be added more than once in the pending list.
Torproject Tor
1 EDB exploit
5
CVSSv2
CVE-2017-0375
The hidden-service feature in Tor prior to 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the relay_send_end_cell_from_edge_ function via a malformed BEGIN cell.
Torproject Tor
NA
CVE-2022-33903
Tor 0.4.7.x prior to 0.4.7.8 allows a denial of service via the wedging of RTT estimation.
Torproject Tor
5
CVSSv2
CVE-2015-2689
Tor prior to 0.2.4.26 and 0.2.5.x prior to 0.2.5.11 does not properly handle pending-connection resolve states during periods of high DNS load, which allows remote malicious users to cause a denial of service (assertion failure and daemon exit) via crafted packets.
Torproject Tor
5
CVSSv2
CVE-2015-2928
The Hidden Service (HS) server implementation in Tor prior to 0.2.4.27, 0.2.5.x prior to 0.2.5.12, and 0.2.6.x prior to 0.2.6.7 allows remote malicious users to cause a denial of service (assertion failure and daemon exit) via unspecified vectors.
Torproject Tor
5
CVSSv2
CVE-2015-2929
The Hidden Service (HS) client implementation in Tor prior to 0.2.4.27, 0.2.5.x prior to 0.2.5.12, and 0.2.6.x prior to 0.2.6.7 allows remote servers to cause a denial of service (assertion failure and application exit) via a malformed HS descriptor.
Torproject Tor
5
CVSSv2
CVE-2020-8516
The daemon in Tor up to and including 0.4.1.8 and 0.4.2.x up to and including 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote malicious users to discover circuit information. NOTE: The network team ...
Torproject Tor
5
CVSSv2
CVE-2015-2688
buf_pullup in Tor prior to 0.2.4.26 and 0.2.5.x prior to 0.2.5.11 does not properly handle unexpected arrival times of buffers with invalid layouts, which allows remote malicious users to cause a denial of service (assertion failure and daemon exit) via crafted packets.
Torproject Tor
5
CVSSv2
CVE-2019-13075
Tor Browser up to and including 8.5.3 has an information exposure vulnerability. It allows remote malicious users to detect the browser's language via vectors involving an IFRAME element, because text in that language is included in the title attribute of a LINK element for ...
Torproject Tor Browser
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304
CVE-2024-4240
arbitrary
CVE-2024-31601
XSS
CVE-2023-20198
CVE-2024-4256
CVE-2024-3342
encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »