Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tor vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2007-1103
Tor does not verify a node's uptime and bandwidth advertisements, which allows remote attackers who operate a low resource node to make false claims of greater resources, which places the node into use for many circuits and compromises the anonymity of traffic sources and de...
Tor Tor
383
VMScore
CVE-2020-15572
Tor prior to 0.4.3.6 has an out-of-bounds memory access that allows a remote denial-of-service (crash) attack against Tor instances built to use Mozilla Network Security Services (NSS), aka TROVE-2020-001.
Torproject Tor
Torproject Tor 0.4.4.0
Torproject Tor 0.4.4.1
445
VMScore
CVE-2006-6893
Tor allows remote malicious users to discover the IP address of a hidden service by accessing this service at a high rate, thereby changing the server's CPU temperature and consequently changing the pattern of time values visible through (1) ICMP timestamps, (2) TCP sequence...
Tor Tor 0.1.1.26
445
VMScore
CVE-2009-2425
Tor prior to 0.2.0.35 allows remote malicious users to cause a denial of service (application crash) via a malformed router descriptor.
Tor Tor 0.2.0.35
NA
CVE-2023-41442
An issue in Kloudq Technologies Limited Tor Equip 1.0, Tor Loco Mini 1.0 up to and including 3.1 allows a remote malicious user to execute arbitrary code via a crafted request to the MQTT component.
Kloudq Tor Loco Min
Kloudq Tor Equip Gateway 1.0
Kloudq Tor Shield 1.0
Kloudq Tor Lenz 0.0.1
605
VMScore
CVE-2016-3180
Tor Browser Launcher (aka torbrowser-launcher) prior to 0.2.4, during the initial run, allows man-in-the-middle malicious users to bypass the PGP signature verification and execute arbitrary code via a Trojan horse tar file and a signature file with the valid tarball and signatur...
Tor Browser Launcher Project Tor Browser Launcher 0.2.3
445
VMScore
CVE-2017-8819
In Tor prior to 0.2.5.16, 0.2.6 up to and including 0.2.8 prior to 0.2.8.17, 0.2.9 prior to 0.2.9.14, 0.3.0 prior to 0.3.0.13, and 0.3.1 prior to 0.3.1.9, the replay-cache protection mechanism is ineffective for v2 onion services, aka TROVE-2017-009. An attacker can send many INT...
Tor Project Tor
Debian Debian Linux 8.0
Debian Debian Linux 9.0
445
VMScore
CVE-2017-8821
In Tor prior to 0.2.5.16, 0.2.6 up to and including 0.2.8 prior to 0.2.8.17, 0.2.9 prior to 0.2.9.14, 0.3.0 prior to 0.3.0.13, and 0.3.1 prior to 0.3.1.9, an attacker can cause a denial of service (application hang) via crafted PEM input that signifies a public key requiring a pa...
Tor Project Tor
Debian Debian Linux 8.0
Debian Debian Linux 9.0
383
VMScore
CVE-2017-8822
In Tor prior to 0.2.5.16, 0.2.6 up to and including 0.2.8 prior to 0.2.8.17, 0.2.9 prior to 0.2.9.14, 0.3.0 prior to 0.3.0.13, and 0.3.1 prior to 0.3.1.9, relays (that have incompletely downloaded descriptors) can pick themselves in a circuit path, leading to a degradation of ano...
Tor Project Tor
Debian Debian Linux 9.0
Debian Debian Linux 8.0
605
VMScore
CVE-2017-8823
In Tor prior to 0.2.5.16, 0.2.6 up to and including 0.2.8 prior to 0.2.8.17, 0.2.9 prior to 0.2.9.14, 0.3.0 prior to 0.3.0.13, and 0.3.1 prior to 0.3.1.9, there is a use-after-free in onion service v2 during intro-point expiration because the expiring list is mismanaged in certai...
Tor Project Tor
Debian Debian Linux 8.0
Debian Debian Linux 9.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »