CVSS: 9.8EPSS: 5%CPEs: 207EXPL: 0CVE-2011-0427 – Debian Security Advisory 2148-1
https://notcve.org/view.php?id=CVE-2011-0427
18 Jan 2011 — Heap-based buffer overflow in Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. Desbordamiento de búfer basado en memoria dinámica en Tor anterior a v0.2.1.29 y v0.2.2.x anterior a v0.2.2.21-alpha permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y bloqueo de la aplicación) o posiblemente ejecutar código arbitrario... • http://archives.seul.org/or/announce/Jan-2011/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 12%CPEs: 145EXPL: 0CVE-2010-1676 – Gentoo Linux Security Advisory 201101-02
https://notcve.org/view.php?id=CVE-2010-1676
20 Dec 2010 — Heap-based buffer overflow in Tor before 0.2.1.28 and 0.2.2.x before 0.2.2.20-alpha allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors. Desbordamiento de Desbordamiento de búfer basado en montículo en Tor before v0.2.1.28 y v0.2.2.x anterior v0.2.2.20-alpha permite a atacantes remotos causar una denegación de servicio (caída de demonio) o probablemente ejecutar código arbitrario de su elección a través de vectores no especificados. ... • http://archives.seul.org/or/announce/Dec-2010/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 0%CPEs: 127EXPL: 0CVE-2010-0383
https://notcve.org/view.php?id=CVE-2010-0383
25 Jan 2010 — Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, uses deprecated identity keys for certain directory authorities, which makes it easier for man-in-the-middle attackers to compromise the anonymity of traffic sources and destinations. Tor anteriores a v0.2.1.22, y v0.2.2.x anteriores a v0.2.2.7-alpha, utiliza claves de identidad obsoleto para determinadas autoridades de directorio , lo que facilita ataques "man-in-the-middle" para comprometer el anonimato de las fuentes y de los destinos del tráfico. • http://archives.seul.org/or/announce/Jan-2010/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 127EXPL: 0CVE-2010-0385
https://notcve.org/view.php?id=CVE-2010-0385
25 Jan 2010 — Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, when functioning as a bridge directory authority, allows remote attackers to obtain sensitive information about bridge identities and bridge descriptors via a dbg-stability.txt directory query. Tor anterior a v0.2.1.22, y 0.2.2.x anteriores a v0.2.2.7-alpha, cuando funciona como autoridad de directorio puente, permite a atacantes remotos obtener información sensible acerca de las identidades y descriptores puente a través de una consulta al directorio d... • http://archives.seul.org/or/announce/Jan-2010/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.2EPSS: 0%CPEs: 95EXPL: 0CVE-2009-2426
https://notcve.org/view.php?id=CVE-2009-2426
10 Jul 2009 — The connection_edge_process_relay_cell_not_open function in src/or/relay.c in Tor 0.2.x before 0.2.0.35 and 0.1.x before 0.1.2.8-beta allows exit relays to have an unspecified impact by causing controllers to accept DNS responses that redirect to an internal IP address via unknown vectors. NOTE: some of these details are obtained from third party information. La función connection_edge_process_relay_cell_not_open en src/or/relay.c en Tor v0.2.x anterior a v0.2.0.35 y v0.1.x anterior a v0.1.2.8-beta permite ... • http://archives.seul.org/or/announce/Jun-2009/msg00000.html •
CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0CVE-2009-0936 – Gentoo Linux Security Advisory 200904-11
https://notcve.org/view.php?id=CVE-2009-0936
18 Mar 2009 — Unspecified vulnerability in Tor before 0.2.0.34 allows attackers to cause a denial of service (infinite loop) via "corrupt votes." Vulnerabilidad no especificada en Tor anterior a v0.2.0.34 permite a atacantes provocar una denegación de servicio (bucle infinito) a través de "votos corruptos". Multiple vulnerabilities in Tor might allow for heap corruption, Denial of Service, escalation of privileges and information disclosure. Versions less than 0.2.0.34 are affected. • http://archives.seul.org/or/announce/Feb-2009/msg00000.html •
CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0CVE-2009-0937 – Gentoo Linux Security Advisory 200904-11
https://notcve.org/view.php?id=CVE-2009-0937
18 Mar 2009 — Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirrors to cause a denial of service via unknown vectors. Vulnerabilidad no especificada en Tor anterior a v0.2.0.34 permite replicaciones de directorio que provocan una denegación de servicio a través de vectores desconocidos. Multiple vulnerabilities in Tor might allow for heap corruption, Denial of Service, escalation of privileges and information disclosure. Versions less than 0.2.0.34 are affected. • http://archives.seul.org/or/announce/Feb-2009/msg00000.html •
CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0CVE-2009-0938 – Gentoo Linux Security Advisory 200904-11
https://notcve.org/view.php?id=CVE-2009-0938
18 Mar 2009 — Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirrors to cause a denial of service (exit node crash) via "malformed input." Vulnerabilidad no especificada en Tor anterior a v0.2.0.34 permite replicaciones de directorios que provocan una denegación de servicio (caída de nodo de salida) a través "entrada malformada". Multiple vulnerabilities in Tor might allow for heap corruption, Denial of Service, escalation of privileges and information disclosure. Versions less than 0.2.0.34 are affect... • http://archives.seul.org/or/announce/Feb-2009/msg00000.html •
CVSS: 10.0EPSS: 0%CPEs: 30EXPL: 0CVE-2009-0939 – Gentoo Linux Security Advisory 200904-11
https://notcve.org/view.php?id=CVE-2009-0939
18 Mar 2009 — Tor before 0.2.0.34 treats incomplete IPv4 addresses as valid, which has unknown impact and attack vectors related to "Spec conformance," as demonstrated using 192.168.0. Tor anterior a v0.2.0.34 trata direcciones IPv4 incompletas como validas, lo que tiene un impacto desconocido y vectores de ataque relacionados con "Spec conformance," como se ha demostrado utilizando 192.168.0. Multiple vulnerabilities in Tor might allow for heap corruption, Denial of Service, escalation of privileges and information disc... • http://archives.seul.org/or/announce/Feb-2009/msg00000.html •
CVSS: 7.5EPSS: 0%CPEs: 33EXPL: 1CVE-2009-0654
https://notcve.org/view.php?id=CVE-2009-0654
20 Feb 2009 — Tor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote attackers, with control of an entry router and an exit router, to confirm that a sender and receiver are communicating via vectors involving (1) replaying, (2) modifying, (3) inserting, or (4) deleting a single cell, and then observing cell recognition errors at the exit router. NOTE: the vendor disputes the significance of this issue, noting that the product's design "accepted end-to-end correlation as an attack that is too expensive to solve."... • http://blog.torproject.org/blog/one-cell-enough •