CVSS: 2.1EPSS: 0%CPEs: 12EXPL: 0CVE-2010-0384
https://notcve.org/view.php?id=CVE-2010-0384
25 Jan 2010 — Tor 0.2.2.x before 0.2.2.7-alpha, when functioning as a directory mirror, does not prevent logging of the client IP address upon detection of erroneous client behavior, which might make it easier for local users to discover the identities of clients in opportunistic circumstances by reading log files. Tor v0.2.2.x anterior a v0.2.2.7-alpha, cuando está funcionando como espejo de directorio, no previene el acceso a la dirección IP cliente al detectar un comportamiento erróneo del cliente, lo que podría facil... • http://archives.seul.org/or/talk/Jan-2010/msg00162.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2009-2425
https://notcve.org/view.php?id=CVE-2009-2425
10 Jul 2009 — Tor before 0.2.0.35 allows remote attackers to cause a denial of service (application crash) via a malformed router descriptor. Tor anterior a v0.2.0.35 permite a atacantes remotos provocar una denegación de servicio (cuelgue de aplicación) a través de un descriptor de enrutador (router) malformado. • http://archives.seul.org/or/announce/Jun-2009/msg00000.html • CWE-20: Improper Input Validation •
CVSS: 8.2EPSS: 0%CPEs: 95EXPL: 0CVE-2009-2426
https://notcve.org/view.php?id=CVE-2009-2426
10 Jul 2009 — The connection_edge_process_relay_cell_not_open function in src/or/relay.c in Tor 0.2.x before 0.2.0.35 and 0.1.x before 0.1.2.8-beta allows exit relays to have an unspecified impact by causing controllers to accept DNS responses that redirect to an internal IP address via unknown vectors. NOTE: some of these details are obtained from third party information. La función connection_edge_process_relay_cell_not_open en src/or/relay.c en Tor v0.2.x anterior a v0.2.0.35 y v0.1.x anterior a v0.1.2.8-beta permite ... • http://archives.seul.org/or/announce/Jun-2009/msg00000.html •
CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0CVE-2009-0937
https://notcve.org/view.php?id=CVE-2009-0937
18 Mar 2009 — Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirrors to cause a denial of service via unknown vectors. Vulnerabilidad no especificada en Tor anterior a v0.2.0.34 permite replicaciones de directorio que provocan una denegación de servicio a través de vectores desconocidos. • http://archives.seul.org/or/announce/Feb-2009/msg00000.html •
CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0CVE-2009-0938
https://notcve.org/view.php?id=CVE-2009-0938
18 Mar 2009 — Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirrors to cause a denial of service (exit node crash) via "malformed input." Vulnerabilidad no especificada en Tor anterior a v0.2.0.34 permite replicaciones de directorios que provocan una denegación de servicio (caída de nodo de salida) a través "entrada malformada". • http://archives.seul.org/or/announce/Feb-2009/msg00000.html •
CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0CVE-2009-0936
https://notcve.org/view.php?id=CVE-2009-0936
18 Mar 2009 — Unspecified vulnerability in Tor before 0.2.0.34 allows attackers to cause a denial of service (infinite loop) via "corrupt votes." Vulnerabilidad no especificada en Tor anterior a v0.2.0.34 permite a atacantes provocar una denegación de servicio (bucle infinito) a través de "votos corruptos". • http://archives.seul.org/or/announce/Feb-2009/msg00000.html •
CVSS: 10.0EPSS: 0%CPEs: 30EXPL: 0CVE-2009-0939
https://notcve.org/view.php?id=CVE-2009-0939
18 Mar 2009 — Tor before 0.2.0.34 treats incomplete IPv4 addresses as valid, which has unknown impact and attack vectors related to "Spec conformance," as demonstrated using 192.168.0. Tor anterior a v0.2.0.34 trata direcciones IPv4 incompletas como validas, lo que tiene un impacto desconocido y vectores de ataque relacionados con "Spec conformance," como se ha demostrado utilizando 192.168.0. • http://archives.seul.org/or/announce/Feb-2009/msg00000.html •
CVSS: 7.5EPSS: 0%CPEs: 33EXPL: 1CVE-2009-0654
https://notcve.org/view.php?id=CVE-2009-0654
20 Feb 2009 — Tor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote attackers, with control of an entry router and an exit router, to confirm that a sender and receiver are communicating via vectors involving (1) replaying, (2) modifying, (3) inserting, or (4) deleting a single cell, and then observing cell recognition errors at the exit router. NOTE: the vendor disputes the significance of this issue, noting that the product's design "accepted end-to-end correlation as an attack that is too expensive to solve."... • http://blog.torproject.org/blog/one-cell-enough •
CVSS: 10.0EPSS: 1%CPEs: 160EXPL: 1CVE-2009-0414
https://notcve.org/view.php?id=CVE-2009-0414
03 Feb 2009 — Unspecified vulnerability in Tor before 0.2.0.33 has unspecified impact and remote attack vectors that trigger heap corruption. Vulnerabilidad sin especificar en Tor anterior a v0.2.0.33 tiene un impacto y vectores de ataque desconocidos que lanzan una corrupción de montículo (heap). • http://archives.seul.org/or/announce/Jan-2009/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 0%CPEs: 100EXPL: 0CVE-2008-5398
https://notcve.org/view.php?id=CVE-2008-5398
09 Dec 2008 — Tor before 0.2.0.32 does not properly process the ClientDNSRejectInternalAddresses configuration option in situations where an exit relay issues a policy-based refusal of a stream, which allows remote exit relays to have an unknown impact by mapping an internal IP address to the destination hostname of a refused stream. Tor anterior a v0.2.0.32 no procesa adecuadamente la opción de configuración ClientDNSRejectInternalAddresses en situaciones donde una cuestión en la salida de transmisión de una política qu... • http://blog.torproject.org/blog/tor-0.2.0.32-released • CWE-264: Permissions, Privileges, and Access Controls •