Page 19 of 95 results (0.010 seconds)

CVSS: 6.4EPSS: 0%CPEs: 68EXPL: 0

Tor before 0.1.1.20 uses improper logic to validate the "OR" destination, which allows remote attackers to perform a man-in-the-middle (MITM) attack via unspecified vectors. Tor versiones anteriores a 0.1.1.20 utiliza una lógica inapropiada para validar el destino "OR", lo cual permite a atacantes remotos llevar a cabo un ataque man-in-the-middle (MITM) a través de vectores no especificados. • http://secunia.com/advisories/20514 http://security.gentoo.org/glsa/glsa-200606-04.xml http://tor.eff.org/cvs/tor/ChangeLog http://www.osvdb.org/25878 •

CVSS: 5.0EPSS: 0%CPEs: 68EXPL: 0

Tor before 0.1.1.20 does not validate that a server descriptor's fingerprint line matches its identity key, which allows remote attackers to spoof the fingerprint line, which might be trusted by users or other applications. • http://secunia.com/advisories/20514 http://security.gentoo.org/glsa/glsa-200606-04.xml http://tor.eff.org/cvs/tor/ChangeLog http://www.osvdb.org/25881 •

CVSS: 5.0EPSS: 1%CPEs: 57EXPL: 0

Tor before 0.1.1.20 allows remote attackers to identify hidden services via a malicious Tor server that attempts a large number of accesses of the hidden service, which eventually causes a circuit to be built through the malicious server. Tor anterior a 0.1.1.10 permite a atacantes remotos identificar servicios ocultos mediante un servidor Tor malicioso que intenta un gran número de accesos al servicio oculto, lo que acaba causando que un circuito sea construido a través del servidor malicioso. • http://archives.seul.org/or/announce/Jan-2006/msg00001.html http://secunia.com/advisories/18576 http://secunia.com/advisories/20514 http://security.gentoo.org/glsa/glsa-200606-04.xml http://tor.eff.org/cvs/tor/ChangeLog http://www.osvdb.org/22689 http://www.securityfocus.com/bid/18323 http://www.securityfocus.com/bid/19795 https://exchange.xforce.ibmcloud.com/vulnerabilities/24285 •

CVSS: 5.0EPSS: 0%CPEs: 27EXPL: 0

Tor 0.1.0.13 and earlier, and experimental versions 0.1.1.4-alpha and earlier, does not reject certain weak keys when using ephemeral Diffie-Hellman (DH) handshakes, which allows malicious Tor servers to obtain the keys that a client uses for other systems in the circuit. • http://archives.seul.org/or/announce/Aug-2005/msg00002.html http://marc.info/?l=bugtraq&m=112448002732443&w=2 http://secunia.com/advisories/16424 http://securitytracker.com/id?1014739 •

CVSS: 5.0EPSS: 3%CPEs: 10EXPL: 0

Unknown vulnerability in Tor before 0.1.0.10 allows remote attackers to read arbitrary memory and possibly key information from the exit server's process space. • http://archives.seul.org/or/announce/Jun-2005/msg00001.html http://bugs.gentoo.org/show_bug.cgi?id=96320 http://secunia.com/advisories/15764 http://www.gentoo.org/security/en/glsa/glsa-200506-18.xml https://exchange.xforce.ibmcloud.com/vulnerabilities/21093 •