CVSS: 5.0EPSS: 30%CPEs: 207EXPL: 0CVE-2011-0015
https://notcve.org/view.php?id=CVE-2011-0015
Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properly check the amount of compression in zlib-compressed data, which allows remote attackers to cause a denial of service via a large compression factor. Tor antes de v0.2.1.29 y v0.2.2.x antes de v0.2.2.21-alfa no comprueba correctamente el nivel de compresión de datos de zlib, lo que permite a atacantes remotos provocar una denegación de servicio a través de un factor de compresión de gran tamaño. • http://archives.seul.org/or/announce/Jan-2011/msg00000.html http://blog.torproject.org/blog/tor-02129-released-security-patches http://secunia.com/advisories/42905 http://secunia.com/advisories/42907 http://www.debian.org/security/2011/dsa-2148 http://www.openwall.com/lists/oss-security/2011/01/18/7 http://www.securityfocus.com/bid/45832 http://www.securitytracker.com/id?1024980 http://www.vupen.com/english/advisories/2011/0131 http://www.vupen.com/english/advisories/ • CWE-20: Improper Input Validation •
CVSS: 2.1EPSS: 0%CPEs: 207EXPL: 0CVE-2011-0016
https://notcve.org/view.php?id=CVE-2011-0016
Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properly manage key data in memory, which might allow local users to obtain sensitive information by leveraging the ability to read memory that was previously used by a different process. Tor en versiones anteriores a la 0.2.1.29 y 0.2.2.x anteriores a la 0.2.2.21-alpha no gestiona apropiadamente datos de clave en memoria, lo que puede permitir a usuarios locales obtener información confidencial a través de la lectura de memoria que ha sido utilizada previamente por un proceso diferente. • http://archives.seul.org/or/announce/Jan-2011/msg00000.html http://blog.torproject.org/blog/tor-02129-released-security-patches http://secunia.com/advisories/42905 http://secunia.com/advisories/42907 http://www.debian.org/security/2011/dsa-2148 http://www.openwall.com/lists/oss-security/2011/01/18/7 http://www.securityfocus.com/bid/45832 http://www.securitytracker.com/id?1024980 http://www.vupen.com/english/advisories/2011/0131 http://www.vupen.com/english/advisories/ • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 4%CPEs: 207EXPL: 0CVE-2011-0427
https://notcve.org/view.php?id=CVE-2011-0427
Heap-based buffer overflow in Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. Desbordamiento de búfer basado en memoria dinámica en Tor anterior a v0.2.1.29 y v0.2.2.x anterior a v0.2.2.21-alpha permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y bloqueo de la aplicación) o posiblemente ejecutar código arbitrario a través de vectores no especificados. • http://archives.seul.org/or/announce/Jan-2011/msg00000.html http://blog.torproject.org/blog/tor-02129-released-security-patches http://secunia.com/advisories/42905 http://secunia.com/advisories/42907 http://www.debian.org/security/2011/dsa-2148 http://www.securityfocus.com/bid/45832 http://www.securitytracker.com/id?1024980 http://www.vupen.com/english/advisories/2011/0131 http://www.vupen.com/english/advisories/2011/0132 https://exchange.xforce.ibmcloud.com/vulnerabilities/64748&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 15%CPEs: 145EXPL: 0CVE-2010-1676
https://notcve.org/view.php?id=CVE-2010-1676
Heap-based buffer overflow in Tor before 0.2.1.28 and 0.2.2.x before 0.2.2.20-alpha allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors. Desbordamiento de Desbordamiento de búfer basado en montículo en Tor before v0.2.1.28 y v0.2.2.x anterior v0.2.2.20-alpha permite a atacantes remotos causar una denegación de servicio (caída de demonio) o probablemente ejecutar código arbitrario de su elección a través de vectores no especificados. • http://archives.seul.org/or/announce/Dec-2010/msg00000.html http://blog.torproject.org/blog/tor-02128-released-security-patches http://blog.torproject.org/blog/tor-02220-alpha-out-security-patches http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052657.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052690.html http://secunia.com/advisories/42536 http://secunia.com/advisories/42667 http://secunia.com/advisories/42783 http://secunia.com/advisories& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 127EXPL: 0CVE-2010-0383
https://notcve.org/view.php?id=CVE-2010-0383
Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, uses deprecated identity keys for certain directory authorities, which makes it easier for man-in-the-middle attackers to compromise the anonymity of traffic sources and destinations. Tor anteriores a v0.2.1.22, y v0.2.2.x anteriores a v0.2.2.7-alpha, utiliza claves de identidad obsoleto para determinadas autoridades de directorio , lo que facilita ataques "man-in-the-middle" para comprometer el anonimato de las fuentes y de los destinos del tráfico. • http://archives.seul.org/or/announce/Jan-2010/msg00000.html http://archives.seul.org/or/talk/Jan-2010/msg00161.html http://archives.seul.org/or/talk/Jan-2010/msg00162.html http://archives.seul.org/or/talk/Jan-2010/msg00165.html http://osvdb.org/61977 http://secunia.com/advisories/38198 http://www.securityfocus.com/bid/37901 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •