Page 8 of 66 results (0.007 seconds)

CVSS: 5.1EPSS: 0%CPEs: 33EXPL: 1

Tor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote attackers, with control of an entry router and an exit router, to confirm that a sender and receiver are communicating via vectors involving (1) replaying, (2) modifying, (3) inserting, or (4) deleting a single cell, and then observing cell recognition errors at the exit router. NOTE: the vendor disputes the significance of this issue, noting that the product's design "accepted end-to-end correlation as an attack that is too expensive to solve." Tor v0.2.0.28, y posiblemente v0.2.0.34 y anteriores, permite a atacantes remotos, con el control de un enrutador de salida y otro de entrada, confirmar que un receptor y un remitente estan comunicandose a traves de los vectores (1) replaying, (2) modifying, (3) inserting, or (4) deleting a single cell, y despues observar los errores de reconocimiento de celula en el enrutador de salida. NOTA: El vendedor no esta de acuerda con la importancia de este hecho. • http://blog.torproject.org/blog/one-cell-enough http://www.blackhat.com/html/bh-dc-09/bh-dc-09-archives.html#Fu http://www.blackhat.com/presentations/bh-dc-09/Fu/BlackHat-DC-09-Fu-Break-Tors-Anonymity.pdf •

CVSS: 10.0EPSS: 1%CPEs: 160EXPL: 1

Unspecified vulnerability in Tor before 0.2.0.33 has unspecified impact and remote attack vectors that trigger heap corruption. Vulnerabilidad sin especificar en Tor anterior a v0.2.0.33 tiene un impacto y vectores de ataque desconocidos que lanzan una corrupción de montículo (heap). • http://archives.seul.org/or/announce/Jan-2009/msg00000.html http://blog.torproject.org/blog/tor-0.2.0.33-stable-released http://secunia.com/advisories/33635 http://secunia.com/advisories/33677 http://secunia.com/advisories/34583 http://security.gentoo.org/glsa/glsa-200904-11.xml http://www.securityfocus.com/bid/33399 http://www.securitytracker.com/id?1021633 http://www.vupen.com/english/advisories/2009/0210 https://www.redhat.com/archives/fedora-package-announce/2009-Janu • CWE-399: Resource Management Errors •

CVSS: 7.2EPSS: 0%CPEs: 100EXPL: 0

Tor before 0.2.0.32 does not properly process the (1) User and (2) Group configuration options, which might allow local users to gain privileges by leveraging unintended supplementary group memberships of the Tor process. Tor anterior a v0.2.32 no procesa adecuadamente la configuración de las opciones de (1)usuario (User) y (2) Grupo (group), lo que permitiría a usuarios locales obtener privilegios aprovechando la pertenencia a grupos creados por defecto en los procesos de Tor. • http://blog.torproject.org/blog/tor-0.2.0.32-released http://secunia.com/advisories/33025 http://secunia.com/advisories/34583 http://security.gentoo.org/glsa/glsa-200904-11.xml http://www.securityfocus.com/bid/32648 http://www.vupen.com/english/advisories/2008/3366 https://exchange.xforce.ibmcloud.com/vulnerabilities/47101 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.3EPSS: 0%CPEs: 100EXPL: 0

Tor before 0.2.0.32 does not properly process the ClientDNSRejectInternalAddresses configuration option in situations where an exit relay issues a policy-based refusal of a stream, which allows remote exit relays to have an unknown impact by mapping an internal IP address to the destination hostname of a refused stream. Tor anterior a v0.2.0.32 no procesa adecuadamente la opción de configuración ClientDNSRejectInternalAddresses en situaciones donde una cuestión en la salida de transmisión de una política que deniega el flujo, puede permitir a flujos de salida remotos tener un impacto desconocido mediante el mapeo de una dirección IP interna hacia el nombre de host destino de una flujo denegado. • http://blog.torproject.org/blog/tor-0.2.0.32-released http://secunia.com/advisories/33025 http://secunia.com/advisories/34583 http://security.gentoo.org/glsa/glsa-200904-11.xml http://www.securityfocus.com/bid/32648 http://www.vupen.com/english/advisories/2008/3366 https://exchange.xforce.ibmcloud.com/vulnerabilities/47102 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

Cross-site scripting (XSS) vulnerability in (1) Tor World Tor Board 1.3 and earlier, (2) Topics BBS 1.11 and earlier, (3) Simple BBS 1.86 and earlier, and (4) Interactive BBS 1.57 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-0917. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en (1) Tor World Tor Board 1.3 y versiones anteriores, (2) Topics BBS 1.11 y versiones anteriores, (3) Simple BBS 1.86 y versiones anteriores, y (4) Interactive BBS 1.57 y versiones anteriores permite a atacantes remotos inyectar web script o HTML a través de vectores no especificados, una cuestión diferente a CVE-2008-0917. • http://download.torworld.com/bug/20080905.html http://jvn.jp/en/jp/JVN18616622/index.html http://secunia.com/advisories/31835 http://www.securityfocus.com/bid/31105 https://exchange.xforce.ibmcloud.com/vulnerabilities/45043 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •