CVSS: 5.9EPSS: 0%CPEs: 31EXPL: 0CVE-2017-0380 – Debian Security Advisory 3993-1
https://notcve.org/view.php?id=CVE-2017-0380
18 Sep 2017 — The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive information by leveraging access to the log files of a hidden service, because uninitialized stack data is included in an error message about construction of an introduction point circuit. La función rend_service_intro_established en or/rendservice.... • http://www.debian.org/security/2017/dsa-3993 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2017-0375
https://notcve.org/view.php?id=CVE-2017-0375
09 Jun 2017 — The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the relay_send_end_cell_from_edge_ function via a malformed BEGIN cell. La función de servicio oculto en Tor antes de la versión 0.3.0.8 permite una denegación de servicio (fallo de aserción y salida de demonio) en la función relay_send_end_cell_from_edge_ a través de una llamada BEGIN con formato incorrecto. • http://www.securityfocus.com/bid/99017 • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-0376 – Debian Security Advisory 3877-1
https://notcve.org/view.php?id=CVE-2017-0376
09 Jun 2017 — The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the connection_edge_process_relay_cell function via a BEGIN_DIR cell on a rendezvous circuit. La función de servicio oculto en Tor antes de la versión 0.3.0.8 permite una denegación de servicio (fallo de aserción y salida de demonio) en la función connection_edge_process_relay_cell a través de una célula BEGIN_DIR en un circuito de rendezvous It has been discovered that Tor, a connection-based ... • http://www.debian.org/security/2017/dsa-3877 • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 2%CPEs: 5EXPL: 0CVE-2016-8860 – Gentoo Linux Security Advisory 201612-45
https://notcve.org/view.php?id=CVE-2016-8860
24 Dec 2016 — Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal functions that were entitled to expect that buf_t data had NUL termination, but the implementation of or/buffers.c did not ensure that NUL termination was present, which allows remote attackers to cause a denial of service (client, hidden service, relay, or authority crash) via crafted data. Tor en versiones anteriores a 0.2.8.9 y 0.2.9.x en versiones anteriores a 0.2.9.4-alpha tenía funciones internas autorizadas a esperar que buf_t data tení... • http://openwall.com/lists/oss-security/2016/10/19/11 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-2928 – Mandriva Linux Security Advisory 2015-205
https://notcve.org/view.php?id=CVE-2015-2928
06 Apr 2015 — The Hidden Service (HS) server implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. La implementación del servidor Hidden Service (HS) en Tor versiones anteriores a 0.2.4.27, versiones 0.2.5.x anteriores a 0.2.5.12 y versiones 0.2.6.x anteriores a 0.2.6.7, permite a atacantes remotos causar una denegación de servicio (falla de aserción y salida del demonio )... • http://openwall.com/lists/oss-security/2015/04/06/5 •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-2929 – Mandriva Linux Security Advisory 2015-205
https://notcve.org/view.php?id=CVE-2015-2929
06 Apr 2015 — The Hidden Service (HS) client implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote servers to cause a denial of service (assertion failure and application exit) via a malformed HS descriptor. La implementación del cliente Hidden Service (HS) en Tor versiones anteriores a 0.2.4.27, versiones 0.2.5.x anteriores a 0.2.5.12 y versiones 0.2.6.x anteriores a 0.2.6.7, permite a los servidores remotos causar una denegación de servicio (falla de aserción y salida ... • http://openwall.com/lists/oss-security/2015/04/06/5 •
CVSS: 5.8EPSS: 0%CPEs: 124EXPL: 0CVE-2014-5117 – Debian Security Advisory 2993-1
https://notcve.org/view.php?id=CVE-2014-5117
30 Jul 2014 — Tor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a circuit after an inbound RELAY_EARLY cell is received by a client, which makes it easier for remote attackers to conduct traffic-confirmation attacks by using the pattern of RELAY and RELAY_EARLY cells as a means of communicating information about hidden service names. Tor anterior a 0.2.4.23 y 0.2.5 anterior a 0.2.5.6-alpha mantiene un circuito después de que un cliente reciba una célula RELAY_EARLY entrante, lo que facilita a atacantes remotos... • http://secunia.com/advisories/60084 •
CVSS: 7.5EPSS: 0%CPEs: 97EXPL: 0CVE-2012-2249
https://notcve.org/view.php?id=CVE-2012-2249
03 Feb 2014 — Tor before 0.2.3.23-rc allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a renegotiation attempt that occurs after the initiation of the V3 link protocol. Tor anterior a 0.2.3.23-rc permite a atacantes remotos causar una denegación de servicio (fallo de aserción y cierre de demonio) a través de un intento de renegociación que se produce después de la iniciación del procolo de enlace V3. • https://gitweb.torproject.org/tor.git?a=blob_plain%3Bhb=HEAD%3Bf=ChangeLog •
CVSS: 7.5EPSS: 0%CPEs: 98EXPL: 0CVE-2012-2250
https://notcve.org/view.php?id=CVE-2012-2250
03 Feb 2014 — Tor before 0.2.3.24-rc allows remote attackers to cause a denial of service (assertion failure and daemon exit) by performing link protocol negotiation incorrectly. Tor anterior a 0.2.3.24-rc permite a atacantes remotos causar una denegación de servicio (fallo de aserción y cierre de demonio) mediante la realización de la negociación del protocolo de enlace de forma incorrecta. • https://gitweb.torproject.org/tor.git?a=blob_plain%3Bhb=HEAD%3Bf=ChangeLog •
CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 0CVE-2013-7295 – Mandriva Linux Security Advisory 2014-123
https://notcve.org/view.php?id=CVE-2013-7295
17 Jan 2014 — Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for (1) relay identity keys and (2) hidden-service identity keys, which might make it easier for remote attackers to bypass cryptographic protection mechanisms via unspecified vectors. Tor anteriores a 0.2.4.20, cuando OpenSSL 1.x es utilizado en conjunción con cierto ajuste de HardwareAccel en las plataformas Intel Sandy ... • http://lists.opensuse.org/opensuse-updates/2014-01/msg00095.html • CWE-310: Cryptographic Issues •