Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tor vulnerabilities and exploits
(subscribe to this query)
3.7
CVSSv3
CVE-2017-8822
In Tor prior to 0.2.5.16, 0.2.6 up to and including 0.2.8 prior to 0.2.8.17, 0.2.9 prior to 0.2.9.14, 0.3.0 prior to 0.3.0.13, and 0.3.1 prior to 0.3.1.9, relays (that have incompletely downloaded descriptors) can pick themselves in a circuit path, leading to a degradation of ano...
Tor Project Tor
Debian Debian Linux 9.0
Debian Debian Linux 8.0
NA
CVE-2014-5751
The Tor Browser the Short Guide (aka com.wTorShortUserManual) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Tor Browser The Short Guide Project Tor Browser The Short Guide 0.1
7.5
CVSSv3
CVE-2022-33903
Tor 0.4.7.x prior to 0.4.7.8 allows a denial of service via the wedging of RTT estimation.
Torproject Tor
7.5
CVSSv3
CVE-2021-34548
An issue exists in Tor prior to 0.4.6.5, aka TROVE-2021-003. An attacker can forge RELAY_END or RELAY_RESOLVED to bypass the intended access control for ending a stream.
Torproject Tor
7.5
CVSSv3
CVE-2021-34549
An issue exists in Tor prior to 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit data. Consequently. an attacker can trigger the use of an attacker-chosen circuit ID to cause algorithm inefficiency.
Torproject Tor
7.5
CVSSv3
CVE-2021-34550
An issue exists in Tor prior to 0.4.6.5, aka TROVE-2021-006. The v3 onion service descriptor parsing allows out-of-bounds memory access, and a client crash, via a crafted onion service descriptor
Torproject Tor
7.5
CVSSv3
CVE-2021-38385
Tor prior to 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-007.
Torproject Tor
7.5
CVSSv3
CVE-2015-2688
buf_pullup in Tor prior to 0.2.4.26 and 0.2.5.x prior to 0.2.5.11 does not properly handle unexpected arrival times of buffers with invalid layouts, which allows remote malicious users to cause a denial of service (assertion failure and daemon exit) via crafted packets.
Torproject Tor
7.5
CVSSv3
CVE-2015-2689
Tor prior to 0.2.4.26 and 0.2.5.x prior to 0.2.5.11 does not properly handle pending-connection resolve states during periods of high DNS load, which allows remote malicious users to cause a denial of service (assertion failure and daemon exit) via crafted packets.
Torproject Tor
7.5
CVSSv3
CVE-2018-0491
A use-after-free issue exists in Tor 0.3.2.x prior to 0.3.2.10. It allows remote malicious users to cause a denial of service (relay crash) because the KIST implementation allows a channel to be added more than once in the pending list.
Torproject Tor
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »