Page 11 of 78 results (0.007 seconds)

CVSS: 6.8EPSS: 4%CPEs: 207EXPL: 0

Heap-based buffer overflow in Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. Desbordamiento de búfer basado en memoria dinámica en Tor anterior a v0.2.1.29 y v0.2.2.x anterior a v0.2.2.21-alpha permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y bloqueo de la aplicación) o posiblemente ejecutar código arbitrario a través de vectores no especificados. • http://archives.seul.org/or/announce/Jan-2011/msg00000.html http://blog.torproject.org/blog/tor-02129-released-security-patches http://secunia.com/advisories/42905 http://secunia.com/advisories/42907 http://www.debian.org/security/2011/dsa-2148 http://www.securityfocus.com/bid/45832 http://www.securitytracker.com/id?1024980 http://www.vupen.com/english/advisories/2011/0131 http://www.vupen.com/english/advisories/2011/0132 https://exchange.xforce.ibmcloud.com/vulnerabilities/64748&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 15%CPEs: 145EXPL: 0

Heap-based buffer overflow in Tor before 0.2.1.28 and 0.2.2.x before 0.2.2.20-alpha allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors. Desbordamiento de Desbordamiento de búfer basado en montículo en Tor before v0.2.1.28 y v0.2.2.x anterior v0.2.2.20-alpha permite a atacantes remotos causar una denegación de servicio (caída de demonio) o probablemente ejecutar código arbitrario de su elección a través de vectores no especificados. • http://archives.seul.org/or/announce/Dec-2010/msg00000.html http://blog.torproject.org/blog/tor-02128-released-security-patches http://blog.torproject.org/blog/tor-02220-alpha-out-security-patches http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052657.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052690.html http://secunia.com/advisories/42536 http://secunia.com/advisories/42667 http://secunia.com/advisories/42783 http://secunia.com/advisories& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 0%CPEs: 127EXPL: 0

Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, uses deprecated identity keys for certain directory authorities, which makes it easier for man-in-the-middle attackers to compromise the anonymity of traffic sources and destinations. Tor anteriores a v0.2.1.22, y v0.2.2.x anteriores a v0.2.2.7-alpha, utiliza claves de identidad obsoleto para determinadas autoridades de directorio , lo que facilita ataques "man-in-the-middle" para comprometer el anonimato de las fuentes y de los destinos del tráfico. • http://archives.seul.org/or/announce/Jan-2010/msg00000.html http://archives.seul.org/or/talk/Jan-2010/msg00161.html http://archives.seul.org/or/talk/Jan-2010/msg00162.html http://archives.seul.org/or/talk/Jan-2010/msg00165.html http://osvdb.org/61977 http://secunia.com/advisories/38198 http://www.securityfocus.com/bid/37901 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 0%CPEs: 127EXPL: 0

Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, when functioning as a bridge directory authority, allows remote attackers to obtain sensitive information about bridge identities and bridge descriptors via a dbg-stability.txt directory query. Tor anterior a v0.2.1.22, y 0.2.2.x anteriores a v0.2.2.7-alpha, cuando funciona como autoridad de directorio puente, permite a atacantes remotos obtener información sensible acerca de las identidades y descriptores puente a través de una consulta al directorio dbg-stability.txt. • http://archives.seul.org/or/announce/Jan-2010/msg00000.html http://archives.seul.org/or/talk/Jan-2010/msg00162.html http://secunia.com/advisories/38198 http://www.osvdb.org/61865 http://www.securityfocus.com/bid/37901 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 0%CPEs: 30EXPL: 0

Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirrors to cause a denial of service (exit node crash) via "malformed input." Vulnerabilidad no especificada en Tor anterior a v0.2.0.34 permite replicaciones de directorios que provocan una denegación de servicio (caída de nodo de salida) a través "entrada malformada". • http://archives.seul.org/or/announce/Feb-2009/msg00000.html http://secunia.com/advisories/33880 http://secunia.com/advisories/34583 http://security.gentoo.org/glsa/glsa-200904-11.xml http://www.securityfocus.com/bid/33713 https://exchange.xforce.ibmcloud.com/vulnerabilities/49323 •