Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tor project tor vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2016-3180
Tor Browser Launcher (aka torbrowser-launcher) prior to 0.2.4, during the initial run, allows man-in-the-middle malicious users to bypass the PGP signature verification and execute arbitrary code via a Trojan horse tar file and a signature file with the valid tarball and signatur...
Tor Browser Launcher Project Tor Browser Launcher 0.2.3
7.5
CVSSv3
CVE-2017-8819
In Tor prior to 0.2.5.16, 0.2.6 up to and including 0.2.8 prior to 0.2.8.17, 0.2.9 prior to 0.2.9.14, 0.3.0 prior to 0.3.0.13, and 0.3.1 prior to 0.3.1.9, the replay-cache protection mechanism is ineffective for v2 onion services, aka TROVE-2017-009. An attacker can send many INT...
Tor Project Tor
Debian Debian Linux 8.0
Debian Debian Linux 9.0
7.5
CVSSv3
CVE-2017-8820
In Tor prior to 0.2.5.16, 0.2.6 up to and including 0.2.8 prior to 0.2.8.17, 0.2.9 prior to 0.2.9.14, 0.3.0 prior to 0.3.0.13, and 0.3.1 prior to 0.3.1.9, remote attackers can cause a denial of service (NULL pointer dereference and application crash) against directory authorities...
Tor Project Tor
Debian Debian Linux 8.0
Debian Debian Linux 9.0
7.5
CVSSv3
CVE-2017-8821
In Tor prior to 0.2.5.16, 0.2.6 up to and including 0.2.8 prior to 0.2.8.17, 0.2.9 prior to 0.2.9.14, 0.3.0 prior to 0.3.0.13, and 0.3.1 prior to 0.3.1.9, an attacker can cause a denial of service (application hang) via crafted PEM input that signifies a public key requiring a pa...
Tor Project Tor
Debian Debian Linux 8.0
Debian Debian Linux 9.0
3.7
CVSSv3
CVE-2017-8822
In Tor prior to 0.2.5.16, 0.2.6 up to and including 0.2.8 prior to 0.2.8.17, 0.2.9 prior to 0.2.9.14, 0.3.0 prior to 0.3.0.13, and 0.3.1 prior to 0.3.1.9, relays (that have incompletely downloaded descriptors) can pick themselves in a circuit path, leading to a degradation of ano...
Tor Project Tor
Debian Debian Linux 8.0
Debian Debian Linux 9.0
8.1
CVSSv3
CVE-2017-8823
In Tor prior to 0.2.5.16, 0.2.6 up to and including 0.2.8 prior to 0.2.8.17, 0.2.9 prior to 0.2.9.14, 0.3.0 prior to 0.3.0.13, and 0.3.1 prior to 0.3.1.9, there is a use-after-free in onion service v2 during intro-point expiration because the expiring list is mismanaged in certai...
Tor Project Tor
Debian Debian Linux 8.0
Debian Debian Linux 9.0
NA
CVE-2014-5751
The Tor Browser the Short Guide (aka com.wTorShortUserManual) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Tor Browser The Short Guide Project Tor Browser The Short Guide 0.1
7.5
CVSSv3
CVE-2016-1254
Tor prior to 0.2.8.12 might allow remote malicious users to cause a denial of service (client crash) via a crafted hidden service descriptor.
Torproject Tor
Opensuse Project Leap 42.1
Debian Debian Linux 8.0
Fedoraproject Fedora 25
Fedoraproject Fedora 24
Debian Debian Linux 9.0
Opensuse Leap 42.2
Opensuse Opensuse 13.2
7.5
CVSSv3
CVE-2023-45813
Torbot is an open source tor network intelligence tool. In affected versions the `torbot.modules.validators.validate_link function` uses the python-validators URL validation regex. This particular regular expression has an exponential complexity which allows an malicious user to ...
Validators Project Validators 0.20.0
Torbot Project Torbot
Validators Project Validators 0.11.0
5.3
CVSSv3
CVE-2015-7665
Tails prior to 1.7 includes the wget program but does not prevent automatic fallback from passive FTP to active FTP, which allows remote FTP servers to discover the Tor client IP address by reading a (1) PORT or (2) EPRT command. NOTE: within wget itself, the automatic fallback i...
Tails Project Tails
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »