CVE-2006-3415
https://notcve.org/view.php?id=CVE-2006-3415
Tor before 0.1.1.20 uses improper logic to validate the "OR" destination, which allows remote attackers to perform a man-in-the-middle (MITM) attack via unspecified vectors. Tor versiones anteriores a 0.1.1.20 utiliza una lógica inapropiada para validar el destino "OR", lo cual permite a atacantes remotos llevar a cabo un ataque man-in-the-middle (MITM) a través de vectores no especificados. • http://secunia.com/advisories/20514 http://security.gentoo.org/glsa/glsa-200606-04.xml http://tor.eff.org/cvs/tor/ChangeLog http://www.osvdb.org/25878 •
CVE-2006-3418
https://notcve.org/view.php?id=CVE-2006-3418
Tor before 0.1.1.20 does not validate that a server descriptor's fingerprint line matches its identity key, which allows remote attackers to spoof the fingerprint line, which might be trusted by users or other applications. • http://secunia.com/advisories/20514 http://security.gentoo.org/glsa/glsa-200606-04.xml http://tor.eff.org/cvs/tor/ChangeLog http://www.osvdb.org/25881 •
CVE-2006-0414
https://notcve.org/view.php?id=CVE-2006-0414
Tor before 0.1.1.20 allows remote attackers to identify hidden services via a malicious Tor server that attempts a large number of accesses of the hidden service, which eventually causes a circuit to be built through the malicious server. Tor anterior a 0.1.1.10 permite a atacantes remotos identificar servicios ocultos mediante un servidor Tor malicioso que intenta un gran número de accesos al servicio oculto, lo que acaba causando que un circuito sea construido a través del servidor malicioso. • http://archives.seul.org/or/announce/Jan-2006/msg00001.html http://secunia.com/advisories/18576 http://secunia.com/advisories/20514 http://security.gentoo.org/glsa/glsa-200606-04.xml http://tor.eff.org/cvs/tor/ChangeLog http://www.osvdb.org/22689 http://www.securityfocus.com/bid/18323 http://www.securityfocus.com/bid/19795 https://exchange.xforce.ibmcloud.com/vulnerabilities/24285 •
CVE-2005-2643
https://notcve.org/view.php?id=CVE-2005-2643
Tor 0.1.0.13 and earlier, and experimental versions 0.1.1.4-alpha and earlier, does not reject certain weak keys when using ephemeral Diffie-Hellman (DH) handshakes, which allows malicious Tor servers to obtain the keys that a client uses for other systems in the circuit. • http://archives.seul.org/or/announce/Aug-2005/msg00002.html http://marc.info/?l=bugtraq&m=112448002732443&w=2 http://secunia.com/advisories/16424 http://securitytracker.com/id?1014739 •
CVE-2005-2050
https://notcve.org/view.php?id=CVE-2005-2050
Unknown vulnerability in Tor before 0.1.0.10 allows remote attackers to read arbitrary memory and possibly key information from the exit server's process space. • http://archives.seul.org/or/announce/Jun-2005/msg00001.html http://bugs.gentoo.org/show_bug.cgi?id=96320 http://secunia.com/advisories/15764 http://www.gentoo.org/security/en/glsa/glsa-200506-18.xml https://exchange.xforce.ibmcloud.com/vulnerabilities/21093 •