CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-2689
https://notcve.org/view.php?id=CVE-2015-2689
24 Jan 2020 — Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle pending-connection resolve states during periods of high DNS load, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets. Tor versiones anteriores a 0.2.4.26 y versiones 0.2.5.x anteriores a 0.2.5.11, no maneja apropiadamente los estados de resolución de conexión pendiente durante los períodos de alta carga DNS, lo que permite a atacantes remotos causar una denegación de serv... • https://lists.torproject.org/pipermail/tor-talk/2015-March/037281.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 2%CPEs: 19EXPL: 0CVE-2019-8955
https://notcve.org/view.php?id=CVE-2019-8955
21 Feb 2019 — In Tor before 0.3.3.12, 0.3.4.x before 0.3.4.11, 0.3.5.x before 0.3.5.8, and 0.4.x before 0.4.0.2-alpha, remote denial of service against Tor clients and relays can occur via memory exhaustion in the KIST cell scheduler. En Tor, en versiones anteriores a la 0.3.3.12, en las 0.3.4.x anteriores a la 0.3.4.11, en las 0.3.5.x anteriores a la 0.3.5.8 y en las 0.4.x anteriores a la 0.4.0.2-alpha, puede ocurrir una denegación de servicio (DoS) remota contra los clientes Tor, además de reproducciones mediante el ag... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00013.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 1%CPEs: 18EXPL: 0CVE-2018-0490 – Debian Security Advisory 4183-1
https://notcve.org/view.php?id=CVE-2018-0490
05 Mar 2018 — An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before 0.3.1.10, and 0.3.2.x before 0.3.2.10. The directory-authority protocol-list subprotocol implementation allows remote attackers to cause a denial of service (NULL pointer dereference and directory-authority crash) via a misformatted relay descriptor that is mishandled during voting. Se ha descubierto un problema en Tor en versiones anteriores a la 0.2.9.15, versiones 0.3.1.x anteriores a la 0.3.1.10 y versiones 0.3.2.x anteriores a la 0.3.2.10. ... • https://blog.torproject.org/new-stable-tor-releases-security-fixes-and-dos-prevention-03210-03110-02915 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 3%CPEs: 8EXPL: 0CVE-2016-1254
https://notcve.org/view.php?id=CVE-2016-1254
05 Dec 2017 — Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor. Tor, en versiones anteriores a la 0.2.8.12 podría permitir que los atacantes remotos provoquen una denegación de servicio (cierre inesperado del cliente) mediante un descriptor de servicio oculto manipulado. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00154.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2017-8819
https://notcve.org/view.php?id=CVE-2017-8819
03 Dec 2017 — In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, the replay-cache protection mechanism is ineffective for v2 onion services, aka TROVE-2017-009. An attacker can send many INTRODUCE2 cells to trigger this issue. En Tor, en versiones anteriores a la 0.2.5.16; de la versión 0.2.6 hasta la 0.2.8 anterior a la 0.2.8.17; versiones 0.2.9 anteriores a la 0.2.9.14; versiones 0.3.0 anteriores a la 0.3.0.13 y versiones 0.3.1 anteriores... • https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516 •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2017-8820
https://notcve.org/view.php?id=CVE-2017-8820
03 Dec 2017 — In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, remote attackers can cause a denial of service (NULL pointer dereference and application crash) against directory authorities via a malformed descriptor, aka TROVE-2017-010. En Tor, en versiones anteriores a la 0.2.5.16; de la versión 0.2.6 hasta la 0.2.8 anterior a la 0.2.8.17, versiones 0.2.9 anteriores a la 0.2.9.14; versiones 0.3.0 anteriores a la 0.3.0.13 y versiones 0.3.... • https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 0CVE-2017-8821
https://notcve.org/view.php?id=CVE-2017-8821
03 Dec 2017 — In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, an attacker can cause a denial of service (application hang) via crafted PEM input that signifies a public key requiring a password, which triggers an attempt by the OpenSSL library to ask the user for the password, aka TROVE-2017-011. En Tor, en versiones anteriores a la 0.2.5.16; de la versión 0.2.6 hasta la 0.2.8 anterior a la 0.2.8.17; versiones 0.2.9 anteriores a la 0.2.9... • https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2017-8822
https://notcve.org/view.php?id=CVE-2017-8822
03 Dec 2017 — In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, relays (that have incompletely downloaded descriptors) can pick themselves in a circuit path, leading to a degradation of anonymity, aka TROVE-2017-012. En Tor, en versiones anteriores a la 0.2.5.16; de la versión 0.2.6 hasta la 0.2.8 anterior a la 0.2.8.17; versiones 0.2.9 anteriores a la 0.2.9.14; versiones 0.3.0 anteriores a la 0.3.0.13 y versiones 0.3.1 anteriores a la 0.3... • https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516 • CWE-417: Communication Channel Errors •
CVSS: 8.1EPSS: 0%CPEs: 7EXPL: 0CVE-2017-8823
https://notcve.org/view.php?id=CVE-2017-8823
03 Dec 2017 — In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, there is a use-after-free in onion service v2 during intro-point expiration because the expiring list is mismanaged in certain error cases, aka TROVE-2017-013. En Tor, en versiones anteriores a la 0.2.5.16; de la versión 0.2.6 hasta la 0.2.8 anterior a la 0.2.8.17: versiones 0.2.9 anteriores a la 0.2.9.14; versiones 0.3.0 anteriores a la 0.3.0.13 y versiones 0.3.1 anteriores a... • https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 2%CPEs: 18EXPL: 3CVE-2017-16541 – Mozilla: Proxy bypass using automount and autofs
https://notcve.org/view.php?id=CVE-2017-16541
04 Nov 2017 — Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected. El navegador Tor en versiones anteriores a la 7.0.9 en macOS y Linux permite que atacantes remotos sin omitan las características de anonimato previstas y descubran una dirección IP de cliente mediante vectores que impliquen un sitio web mani... • https://packetstorm.news/files/id/149298 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •