CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0CVE-2009-0936
https://notcve.org/view.php?id=CVE-2009-0936
18 Mar 2009 — Unspecified vulnerability in Tor before 0.2.0.34 allows attackers to cause a denial of service (infinite loop) via "corrupt votes." Vulnerabilidad no especificada en Tor anterior a v0.2.0.34 permite a atacantes provocar una denegación de servicio (bucle infinito) a través de "votos corruptos". • http://archives.seul.org/or/announce/Feb-2009/msg00000.html •
CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0CVE-2009-0937
https://notcve.org/view.php?id=CVE-2009-0937
18 Mar 2009 — Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirrors to cause a denial of service via unknown vectors. Vulnerabilidad no especificada en Tor anterior a v0.2.0.34 permite replicaciones de directorio que provocan una denegación de servicio a través de vectores desconocidos. • http://archives.seul.org/or/announce/Feb-2009/msg00000.html •
CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0CVE-2009-0938
https://notcve.org/view.php?id=CVE-2009-0938
18 Mar 2009 — Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirrors to cause a denial of service (exit node crash) via "malformed input." Vulnerabilidad no especificada en Tor anterior a v0.2.0.34 permite replicaciones de directorios que provocan una denegación de servicio (caída de nodo de salida) a través "entrada malformada". • http://archives.seul.org/or/announce/Feb-2009/msg00000.html •
CVSS: 10.0EPSS: 0%CPEs: 30EXPL: 0CVE-2009-0939
https://notcve.org/view.php?id=CVE-2009-0939
18 Mar 2009 — Tor before 0.2.0.34 treats incomplete IPv4 addresses as valid, which has unknown impact and attack vectors related to "Spec conformance," as demonstrated using 192.168.0. Tor anterior a v0.2.0.34 trata direcciones IPv4 incompletas como validas, lo que tiene un impacto desconocido y vectores de ataque relacionados con "Spec conformance," como se ha demostrado utilizando 192.168.0. • http://archives.seul.org/or/announce/Feb-2009/msg00000.html •
CVSS: 7.5EPSS: 0%CPEs: 33EXPL: 1CVE-2009-0654
https://notcve.org/view.php?id=CVE-2009-0654
20 Feb 2009 — Tor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote attackers, with control of an entry router and an exit router, to confirm that a sender and receiver are communicating via vectors involving (1) replaying, (2) modifying, (3) inserting, or (4) deleting a single cell, and then observing cell recognition errors at the exit router. NOTE: the vendor disputes the significance of this issue, noting that the product's design "accepted end-to-end correlation as an attack that is too expensive to solve."... • http://blog.torproject.org/blog/one-cell-enough •
CVSS: 10.0EPSS: 1%CPEs: 160EXPL: 1CVE-2009-0414
https://notcve.org/view.php?id=CVE-2009-0414
03 Feb 2009 — Unspecified vulnerability in Tor before 0.2.0.33 has unspecified impact and remote attack vectors that trigger heap corruption. Vulnerabilidad sin especificar en Tor anterior a v0.2.0.33 tiene un impacto y vectores de ataque desconocidos que lanzan una corrupción de montículo (heap). • http://archives.seul.org/or/announce/Jan-2009/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 100EXPL: 0CVE-2008-5397
https://notcve.org/view.php?id=CVE-2008-5397
09 Dec 2008 — Tor before 0.2.0.32 does not properly process the (1) User and (2) Group configuration options, which might allow local users to gain privileges by leveraging unintended supplementary group memberships of the Tor process. Tor anterior a v0.2.32 no procesa adecuadamente la configuración de las opciones de (1)usuario (User) y (2) Grupo (group), lo que permitiría a usuarios locales obtener privilegios aprovechando la pertenencia a grupos creados por defecto en los procesos de Tor. • http://blog.torproject.org/blog/tor-0.2.0.32-released • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 0%CPEs: 100EXPL: 0CVE-2008-5398
https://notcve.org/view.php?id=CVE-2008-5398
09 Dec 2008 — Tor before 0.2.0.32 does not properly process the ClientDNSRejectInternalAddresses configuration option in situations where an exit relay issues a policy-based refusal of a stream, which allows remote exit relays to have an unknown impact by mapping an internal IP address to the destination hostname of a refused stream. Tor anterior a v0.2.0.32 no procesa adecuadamente la opción de configuración ClientDNSRejectInternalAddresses en situaciones donde una cuestión en la salida de transmisión de una política qu... • http://blog.torproject.org/blog/tor-0.2.0.32-released • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 16%CPEs: 16EXPL: 2CVE-2007-4174 – Tor 0.1.2.15 - ControlPort Missing Authentication Unauthorized Access
https://notcve.org/view.php?id=CVE-2007-4174
07 Aug 2007 — Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid authentication, as demonstrated by an HTML form (1) hosted on a web site or (2) injected by a Tor exit node. Tor versiones anteriores a 0.1.2.16, cuando ControlPort está habilitado, no restringe apropiadamente los comandos ... • https://www.exploit-db.com/exploits/30447 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2007-4096
https://notcve.org/view.php?id=CVE-2007-4096
30 Jul 2007 — Buffer overflow in Tor before 0.1.2.15, when using BSD natd support, allows remote attackers to cause a denial of service via unspecified vectors. Desbordamiento de búfer en Tor anterior a 0.1.2.15, cuando está siendo utilizado son soporte BSD natd, permite a atacantes remotos provocar denegación de servicio a través de vectores no especificados. • http://archives.seul.org/or/announce/Jul-2007/msg00000.html •