Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tor vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2017-8822
In Tor prior to 0.2.5.16, 0.2.6 up to and including 0.2.8 prior to 0.2.8.17, 0.2.9 prior to 0.2.9.14, 0.3.0 prior to 0.3.0.13, and 0.3.1 prior to 0.3.1.9, relays (that have incompletely downloaded descriptors) can pick themselves in a circuit path, leading to a degradation of ano...
Tor Project Tor
Debian Debian Linux 9.0
Debian Debian Linux 8.0
481
VMScore
CVE-2014-5751
The Tor Browser the Short Guide (aka com.wTorShortUserManual) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Tor Browser The Short Guide Project Tor Browser The Short Guide 0.1
445
VMScore
CVE-2021-38385
Tor prior to 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-007.
Torproject Tor
445
VMScore
CVE-2020-8516
The daemon in Tor up to and including 0.4.1.8 and 0.4.2.x up to and including 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote malicious users to discover circuit information. NOTE: The network team ...
Torproject Tor
445
VMScore
CVE-2015-2688
buf_pullup in Tor prior to 0.2.4.26 and 0.2.5.x prior to 0.2.5.11 does not properly handle unexpected arrival times of buffers with invalid layouts, which allows remote malicious users to cause a denial of service (assertion failure and daemon exit) via crafted packets.
Torproject Tor
445
VMScore
CVE-2015-2689
Tor prior to 0.2.4.26 and 0.2.5.x prior to 0.2.5.11 does not properly handle pending-connection resolve states during periods of high DNS load, which allows remote malicious users to cause a denial of service (assertion failure and daemon exit) via crafted packets.
Torproject Tor
445
VMScore
CVE-2017-0375
The hidden-service feature in Tor prior to 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the relay_send_end_cell_from_edge_ function via a malformed BEGIN cell.
Torproject Tor
505
VMScore
CVE-2018-0491
A use-after-free issue exists in Tor 0.3.2.x prior to 0.3.2.10. It allows remote malicious users to cause a denial of service (relay crash) because the KIST implementation allows a channel to be added more than once in the pending list.
Torproject Tor
1 EDB exploit
NA
CVE-2022-33903
Tor 0.4.7.x prior to 0.4.7.8 allows a denial of service via the wedging of RTT estimation.
Torproject Tor
445
VMScore
CVE-2015-2928
The Hidden Service (HS) server implementation in Tor prior to 0.2.4.27, 0.2.5.x prior to 0.2.5.12, and 0.2.6.x prior to 0.2.6.7 allows remote malicious users to cause a denial of service (assertion failure and daemon exit) via unspecified vectors.
Torproject Tor
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »