CVSS: 6.4EPSS: 0%CPEs: 68EXPL: 0CVE-2006-3417
https://notcve.org/view.php?id=CVE-2006-3417
Tor client before 0.1.1.20 prefers entry points based on is_fast or is_stable flags, which could allow remote attackers to be preferred over nodes that are identified as more trustworthy "entry guard" (is_guard) systems by directory authorities. El Cliente Tor, anterior a 0.1.1.20, prefiere puntos de entrada basados en las banderas is_fast o is_stable, que permitiría a atacantes remotos ser preferidos sobre los nodos que están identificados como sistemas más confiables "entry guard" (is_guard) por las autoridades de directorio. • http://secunia.com/advisories/20514 http://security.gentoo.org/glsa/glsa-200606-04.xml http://tor.eff.org/cvs/tor/ChangeLog http://www.osvdb.org/25879 •
CVSS: 5.0EPSS: 0%CPEs: 68EXPL: 0CVE-2006-3413
https://notcve.org/view.php?id=CVE-2006-3413
The privoxy configuration file in Tor before 0.1.1.20, when run on Apple OS X, logs all data via the "logfile", which allows attackers to obtain potentially sensitive information. El archivo de configuración en Tor antes de la versión 0.1.1.20, cuando se ejecuta en Apple OS X, almacena todos los archivos de log a través del "logfile", lo que permite a atacantes remotos obtener información potencialmente sensible. • http://secunia.com/advisories/20514 http://security.gentoo.org/glsa/glsa-200606-04.xml http://tor.eff.org/cvs/tor/ChangeLog http://www.osvdb.org/25875 •
CVSS: 5.0EPSS: 0%CPEs: 68EXPL: 0CVE-2006-3414
https://notcve.org/view.php?id=CVE-2006-3414
Tor before 0.1.1.20 supports server descriptors that contain hostnames instead of IP addresses, which allows remote attackers to arbitrarily group users by providing preferential address resolution. Tor anterior a 0.1.1.20 soporta descriptores de servidor que contienen nombres de equipos en lugar de direcciones IP, lo que permite a los atacantes remotos, agrupar usuarios de forma arbitraria, facilitando la resolución de direcciones preferencial. • http://secunia.com/advisories/20514 http://security.gentoo.org/glsa/glsa-200606-04.xml http://tor.eff.org/cvs/tor/ChangeLog http://www.osvdb.org/25877 •
CVSS: 5.0EPSS: 1%CPEs: 57EXPL: 0CVE-2006-0414
https://notcve.org/view.php?id=CVE-2006-0414
Tor before 0.1.1.20 allows remote attackers to identify hidden services via a malicious Tor server that attempts a large number of accesses of the hidden service, which eventually causes a circuit to be built through the malicious server. Tor anterior a 0.1.1.10 permite a atacantes remotos identificar servicios ocultos mediante un servidor Tor malicioso que intenta un gran número de accesos al servicio oculto, lo que acaba causando que un circuito sea construido a través del servidor malicioso. • http://archives.seul.org/or/announce/Jan-2006/msg00001.html http://secunia.com/advisories/18576 http://secunia.com/advisories/20514 http://security.gentoo.org/glsa/glsa-200606-04.xml http://tor.eff.org/cvs/tor/ChangeLog http://www.osvdb.org/22689 http://www.securityfocus.com/bid/18323 http://www.securityfocus.com/bid/19795 https://exchange.xforce.ibmcloud.com/vulnerabilities/24285 •
CVSS: 5.0EPSS: 0%CPEs: 27EXPL: 0CVE-2005-2643
https://notcve.org/view.php?id=CVE-2005-2643
Tor 0.1.0.13 and earlier, and experimental versions 0.1.1.4-alpha and earlier, does not reject certain weak keys when using ephemeral Diffie-Hellman (DH) handshakes, which allows malicious Tor servers to obtain the keys that a client uses for other systems in the circuit. • http://archives.seul.org/or/announce/Aug-2005/msg00002.html http://marc.info/?l=bugtraq&m=112448002732443&w=2 http://secunia.com/advisories/16424 http://securitytracker.com/id?1014739 •