Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
torproject tor vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2019-12383
Tor Browser prior to 8.0.1 has an information exposure vulnerability. It allows remote malicious users to detect the browser's UI locale by measuring a button width, even if the user has a "Don't send my language" setting.
Torproject Tor Browser
4.3
CVSSv2
CVE-2017-16639
Tor Browser on Windows prior to 8.0 allows remote malicious users to bypass the intended anonymity feature and discover a client IP address, a different vulnerability than CVE-2017-16541. User interaction is required to trigger this vulnerability.
Torproject Tor Browser
4.3
CVSSv2
CVE-2017-16541
Tor Browser prior to 7.0.9 on macOS and Linux allows remote malicious users to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected.
Torproject Tor
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Eus 7.5
Redhat Enterprise Linux Eus 7.6
Redhat Enterprise Linux Eus 7.7
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Server Aus 7.6
Redhat Enterprise Linux Server Aus 7.7
Redhat Enterprise Linux Server Tus 7.6
Redhat Enterprise Linux Server Tus 7.7
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Workstation 7.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
1 Github repository
4.3
CVSSv2
CVE-2017-0380
The rend_service_intro_established function in or/rendservice.c in Tor prior to 0.2.8.15, 0.2.9.x prior to 0.2.9.12, 0.3.0.x prior to 0.3.0.11, 0.3.1.x prior to 0.3.1.7, and 0.3.2.x prior to 0.3.2.1-alpha, when SafeLogging is disabled, allows malicious users to obtain sensitive i...
Torproject Tor 0.3.1.2
Torproject Tor 0.3.1.3
Torproject Tor 0.3.0.5
Torproject Tor 0.3.0.4
Torproject Tor 0.2.9.0
Torproject Tor 0.2.9.1
Torproject Tor 0.2.9.9
Torproject Tor 0.2.9.10
Torproject Tor 0.3.1.4
Torproject Tor 0.3.1.5
Torproject Tor 0.3.0.6
Torproject Tor 0.3.0.7
Torproject Tor 0.2.9.2
Torproject Tor 0.2.9.3
Torproject Tor 0.2.9.11
Torproject Tor
Torproject Tor 0.3.2
Torproject Tor 0.3.1.1
Torproject Tor 0.3.0.2
Torproject Tor 0.3.0.1
Torproject Tor 0.3.0.10
Torproject Tor 0.2.9.6
4
CVSSv2
CVE-2013-7295
Tor prior to 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for (1) relay identity keys and (2) hidden-service identity keys, which might make it easi...
Torproject Tor
Torproject Tor 0.2.4.18
Torproject Tor 0.2.4.10
Torproject Tor 0.2.4.9
Torproject Tor 0.2.4.2
Torproject Tor 0.2.4.1
Torproject Tor 0.2.4.17
Torproject Tor 0.2.4.16
Torproject Tor 0.2.4.15
Torproject Tor 0.2.4.8
Torproject Tor 0.2.4.7
Torproject Tor 0.2.4.14
Torproject Tor 0.2.4.13
Torproject Tor 0.2.4.6
Torproject Tor 0.2.4.5
Torproject Tor 0.2.4.12
Torproject Tor 0.2.4.11
Torproject Tor 0.2.4.4
Torproject Tor 0.2.4.3
3.6
CVSSv2
CVE-2021-39246
Tor Browser up to and including 10.5.6 and 11.x up to and including 11.0a4 allows a correlation attack that can compromise the privacy of visits to v2 onion addresses. Exact timestamps of these onion-service visits are logged locally, and an attacker might be able to compare them...
Torproject Tor Browser
Torproject Tor Browser 11.0
2.1
CVSSv2
CVE-2021-46702
Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to information disclosure. This could allow local malicious users to bypass the intended anonymity feature and obtain information regarding the onion services visited by a local user. This can be accomplished by analyzing ...
Torproject Tor 9.0.7
1 Github repository
NA
CVE-2023-23589
The SafeSocks option in Tor prior to 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002.
Torproject Tor
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 36
Fedoraproject Fedora 37
NA
CVE-2022-33903
Tor 0.4.7.x prior to 0.4.7.8 allows a denial of service via the wedging of RTT estimation.
Torproject Tor
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4