Page 11 of 54 results (0.003 seconds)

CVSS: 10.0EPSS: 15%CPEs: 145EXPL: 0

Heap-based buffer overflow in Tor before 0.2.1.28 and 0.2.2.x before 0.2.2.20-alpha allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors. Desbordamiento de Desbordamiento de búfer basado en montículo en Tor before v0.2.1.28 y v0.2.2.x anterior v0.2.2.20-alpha permite a atacantes remotos causar una denegación de servicio (caída de demonio) o probablemente ejecutar código arbitrario de su elección a través de vectores no especificados. • http://archives.seul.org/or/announce/Dec-2010/msg00000.html http://blog.torproject.org/blog/tor-02128-released-security-patches http://blog.torproject.org/blog/tor-02220-alpha-out-security-patches http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052657.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052690.html http://secunia.com/advisories/42536 http://secunia.com/advisories/42667 http://secunia.com/advisories/42783 http://secunia.com/advisories& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 0%CPEs: 127EXPL: 0

Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, uses deprecated identity keys for certain directory authorities, which makes it easier for man-in-the-middle attackers to compromise the anonymity of traffic sources and destinations. Tor anteriores a v0.2.1.22, y v0.2.2.x anteriores a v0.2.2.7-alpha, utiliza claves de identidad obsoleto para determinadas autoridades de directorio , lo que facilita ataques "man-in-the-middle" para comprometer el anonimato de las fuentes y de los destinos del tráfico. • http://archives.seul.org/or/announce/Jan-2010/msg00000.html http://archives.seul.org/or/talk/Jan-2010/msg00161.html http://archives.seul.org/or/talk/Jan-2010/msg00162.html http://archives.seul.org/or/talk/Jan-2010/msg00165.html http://osvdb.org/61977 http://secunia.com/advisories/38198 http://www.securityfocus.com/bid/37901 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 2.1EPSS: 0%CPEs: 12EXPL: 0

Tor 0.2.2.x before 0.2.2.7-alpha, when functioning as a directory mirror, does not prevent logging of the client IP address upon detection of erroneous client behavior, which might make it easier for local users to discover the identities of clients in opportunistic circumstances by reading log files. Tor v0.2.2.x anterior a v0.2.2.7-alpha, cuando está funcionando como espejo de directorio, no previene el acceso a la dirección IP cliente al detectar un comportamiento erróneo del cliente, lo que podría facilitar a usuarios locales descubrir las identidades de los clientes en circunstancias favorables, leyendo sus ficheros de registro. • http://archives.seul.org/or/talk/Jan-2010/msg00162.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 0%CPEs: 127EXPL: 0

Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, when functioning as a bridge directory authority, allows remote attackers to obtain sensitive information about bridge identities and bridge descriptors via a dbg-stability.txt directory query. Tor anterior a v0.2.1.22, y 0.2.2.x anteriores a v0.2.2.7-alpha, cuando funciona como autoridad de directorio puente, permite a atacantes remotos obtener información sensible acerca de las identidades y descriptores puente a través de una consulta al directorio dbg-stability.txt. • http://archives.seul.org/or/announce/Jan-2010/msg00000.html http://archives.seul.org/or/talk/Jan-2010/msg00162.html http://secunia.com/advisories/38198 http://www.osvdb.org/61865 http://www.securityfocus.com/bid/37901 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •