Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
torproject vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2017-0377
Tor 0.3.x prior to 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote malicious users to defeat intended anonymity properties by leveraging the existence of large families.
Torproject Tor 0.3.0.5
Torproject Tor 0.3.0.4
Torproject Tor 0.3.0.3
Torproject Tor 0.3.0.2
Torproject Tor 0.3.0.8
Torproject Tor 0.3.0.6
Torproject Tor 0.3.0.1
Torproject Tor 0.3.0.7
5
CVSSv2
CVE-2016-8860
Tor prior to 0.2.8.9 and 0.2.9.x prior to 0.2.9.4-alpha had internal functions that were entitled to expect that buf_t data had NUL termination, but the implementation of or/buffers.c did not ensure that NUL termination was present, which allows remote malicious users to cause a ...
Torproject Tor 0.2.9.3
Torproject Tor 0.2.9.0
Torproject Tor
Torproject Tor 0.2.9.2
Torproject Tor 0.2.9.1
5
CVSSv2
CVE-2021-28089
Tor prior to 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001.
Torproject Tor 0.4.4.1
Torproject Tor 0.4.4.0
Torproject Tor
Torproject Tor 0.4.4.2
Torproject Tor 0.4.4.3
Fedoraproject Fedora 33
5
CVSSv2
CVE-2021-28090
Tor prior to 0.4.5.7 allows a remote malicious user to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002.
Torproject Tor 0.4.4.1
Torproject Tor 0.4.4.0
Torproject Tor
Torproject Tor 0.4.4.2
Torproject Tor 0.4.4.3
Fedoraproject Fedora 33
4.3
CVSSv2
CVE-2020-15572
Tor prior to 0.4.3.6 has an out-of-bounds memory access that allows a remote denial-of-service (crash) attack against Tor instances built to use Mozilla Network Security Services (NSS), aka TROVE-2020-001.
Torproject Tor
Torproject Tor 0.4.4.0
Torproject Tor 0.4.4.1
3.6
CVSSv2
CVE-2021-39246
Tor Browser up to and including 10.5.6 and 11.x up to and including 11.0a4 allows a correlation attack that can compromise the privacy of visits to v2 onion addresses. Exact timestamps of these onion-service visits are logged locally, and an attacker might be able to compare them...
Torproject Tor Browser
Torproject Tor Browser 11.0
5
CVSSv2
CVE-2018-0491
A use-after-free issue exists in Tor 0.3.2.x prior to 0.3.2.10. It allows remote malicious users to cause a denial of service (relay crash) because the KIST implementation allows a channel to be added more than once in the pending list.
Torproject Tor
1 EDB exploit
5
CVSSv2
CVE-2015-2688
buf_pullup in Tor prior to 0.2.4.26 and 0.2.5.x prior to 0.2.5.11 does not properly handle unexpected arrival times of buffers with invalid layouts, which allows remote malicious users to cause a denial of service (assertion failure and daemon exit) via crafted packets.
Torproject Tor
5
CVSSv2
CVE-2015-2689
Tor prior to 0.2.4.26 and 0.2.5.x prior to 0.2.5.11 does not properly handle pending-connection resolve states during periods of high DNS load, which allows remote malicious users to cause a denial of service (assertion failure and daemon exit) via crafted packets.
Torproject Tor
NA
CVE-2022-33903
Tor 0.4.7.x prior to 0.4.7.8 allows a denial of service via the wedging of RTT estimation.
Torproject Tor
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code execution
CVE-2024-34909
CVE-2024-3317
SSTI
CVE-2024-3400
CVE-2024-30051
wireless
CVE-2024-4622
CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »