CVSS: 7.4EPSS: 0%CPEs: 68EXPL: 0CVE-2006-3415
https://notcve.org/view.php?id=CVE-2006-3415
07 Jul 2006 — Tor before 0.1.1.20 uses improper logic to validate the "OR" destination, which allows remote attackers to perform a man-in-the-middle (MITM) attack via unspecified vectors. Tor versiones anteriores a 0.1.1.20 utiliza una lógica inapropiada para validar el destino "OR", lo cual permite a atacantes remotos llevar a cabo un ataque man-in-the-middle (MITM) a través de vectores no especificados. • http://secunia.com/advisories/20514 •
CVSS: 7.5EPSS: 0%CPEs: 68EXPL: 0CVE-2006-3419
https://notcve.org/view.php?id=CVE-2006-3419
07 Jul 2006 — Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes (RAND_pseudo_bytes) instead of cryptographically strong RAND_bytes, and seeds the entropy value at start-up with 160-bit chunks without reseeding, which makes it easier for attackers to conduct brute force guessing attacks. Tor versiones anteriores a la 0.1.1.20 utiliza bytes pseudo aleatorios OpenSSL (RAND_pseudo_bytes) en vez de RAND_bytes que son criptográficamente fuertes y genera el valor de entropía al arranque con fragmentos de 160 bits sin regener... • http://secunia.com/advisories/20514 •
CVSS: 5.0EPSS: 0%CPEs: 57EXPL: 0CVE-2006-0414
https://notcve.org/view.php?id=CVE-2006-0414
25 Jan 2006 — Tor before 0.1.1.20 allows remote attackers to identify hidden services via a malicious Tor server that attempts a large number of accesses of the hidden service, which eventually causes a circuit to be built through the malicious server. Tor anterior a 0.1.1.10 permite a atacantes remotos identificar servicios ocultos mediante un servidor Tor malicioso que intenta un gran número de accesos al servicio oculto, lo que acaba causando que un circuito sea construido a través del servidor malicioso. • http://archives.seul.org/or/announce/Jan-2006/msg00001.html •
CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 0CVE-2005-2643
https://notcve.org/view.php?id=CVE-2005-2643
21 Aug 2005 — Tor 0.1.0.13 and earlier, and experimental versions 0.1.1.4-alpha and earlier, does not reject certain weak keys when using ephemeral Diffie-Hellman (DH) handshakes, which allows malicious Tor servers to obtain the keys that a client uses for other systems in the circuit. • http://archives.seul.org/or/announce/Aug-2005/msg00002.html •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2005-2050
https://notcve.org/view.php?id=CVE-2005-2050
26 Jun 2005 — Unknown vulnerability in Tor before 0.1.0.10 allows remote attackers to read arbitrary memory and possibly key information from the exit server's process space. • http://archives.seul.org/or/announce/Jun-2005/msg00001.html •