CVSS: 6.8EPSS: 4%CPEs: 207EXPL: 0CVE-2011-0427
https://notcve.org/view.php?id=CVE-2011-0427
Heap-based buffer overflow in Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. Desbordamiento de búfer basado en memoria dinámica en Tor anterior a v0.2.1.29 y v0.2.2.x anterior a v0.2.2.21-alpha permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y bloqueo de la aplicación) o posiblemente ejecutar código arbitrario a través de vectores no especificados. • http://archives.seul.org/or/announce/Jan-2011/msg00000.html http://blog.torproject.org/blog/tor-02129-released-security-patches http://secunia.com/advisories/42905 http://secunia.com/advisories/42907 http://www.debian.org/security/2011/dsa-2148 http://www.securityfocus.com/bid/45832 http://www.securitytracker.com/id?1024980 http://www.vupen.com/english/advisories/2011/0131 http://www.vupen.com/english/advisories/2011/0132 https://exchange.xforce.ibmcloud.com/vulnerabilities/64748&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 15%CPEs: 145EXPL: 0CVE-2010-1676
https://notcve.org/view.php?id=CVE-2010-1676
Heap-based buffer overflow in Tor before 0.2.1.28 and 0.2.2.x before 0.2.2.20-alpha allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors. Desbordamiento de Desbordamiento de búfer basado en montículo en Tor before v0.2.1.28 y v0.2.2.x anterior v0.2.2.20-alpha permite a atacantes remotos causar una denegación de servicio (caída de demonio) o probablemente ejecutar código arbitrario de su elección a través de vectores no especificados. • http://archives.seul.org/or/announce/Dec-2010/msg00000.html http://blog.torproject.org/blog/tor-02128-released-security-patches http://blog.torproject.org/blog/tor-02220-alpha-out-security-patches http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052657.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052690.html http://secunia.com/advisories/42536 http://secunia.com/advisories/42667 http://secunia.com/advisories/42783 http://secunia.com/advisories& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 127EXPL: 0CVE-2010-0383
https://notcve.org/view.php?id=CVE-2010-0383
Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, uses deprecated identity keys for certain directory authorities, which makes it easier for man-in-the-middle attackers to compromise the anonymity of traffic sources and destinations. Tor anteriores a v0.2.1.22, y v0.2.2.x anteriores a v0.2.2.7-alpha, utiliza claves de identidad obsoleto para determinadas autoridades de directorio , lo que facilita ataques "man-in-the-middle" para comprometer el anonimato de las fuentes y de los destinos del tráfico. • http://archives.seul.org/or/announce/Jan-2010/msg00000.html http://archives.seul.org/or/talk/Jan-2010/msg00161.html http://archives.seul.org/or/talk/Jan-2010/msg00162.html http://archives.seul.org/or/talk/Jan-2010/msg00165.html http://osvdb.org/61977 http://secunia.com/advisories/38198 http://www.securityfocus.com/bid/37901 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 127EXPL: 0CVE-2010-0385
https://notcve.org/view.php?id=CVE-2010-0385
Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, when functioning as a bridge directory authority, allows remote attackers to obtain sensitive information about bridge identities and bridge descriptors via a dbg-stability.txt directory query. Tor anterior a v0.2.1.22, y 0.2.2.x anteriores a v0.2.2.7-alpha, cuando funciona como autoridad de directorio puente, permite a atacantes remotos obtener información sensible acerca de las identidades y descriptores puente a través de una consulta al directorio dbg-stability.txt. • http://archives.seul.org/or/announce/Jan-2010/msg00000.html http://archives.seul.org/or/talk/Jan-2010/msg00162.html http://secunia.com/advisories/38198 http://www.osvdb.org/61865 http://www.securityfocus.com/bid/37901 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 95EXPL: 0CVE-2009-2426
https://notcve.org/view.php?id=CVE-2009-2426
The connection_edge_process_relay_cell_not_open function in src/or/relay.c in Tor 0.2.x before 0.2.0.35 and 0.1.x before 0.1.2.8-beta allows exit relays to have an unspecified impact by causing controllers to accept DNS responses that redirect to an internal IP address via unknown vectors. NOTE: some of these details are obtained from third party information. La función connection_edge_process_relay_cell_not_open en src/or/relay.c en Tor v0.2.x anterior a v0.2.0.35 y v0.1.x anterior a v0.1.2.8-beta permite a los retransmisores (relays) de salida tener un impacto no especificado al provocar que los controladores acepten respuestas DNS que redirigen a direcciones IP internas a traves de vectores desconocidos. NOTA: algunos de estos detalles se obtienen a partir de información de terceros. • http://archives.seul.org/or/announce/Jun-2009/msg00000.html http://secunia.com/advisories/35546 http://www.osvdb.org/55341 http://www.securityfocus.com/bid/35505 http://www.vupen.com/english/advisories/2009/1716 https://exchange.xforce.ibmcloud.com/vulnerabilities/51377 •