CVSS: 9.1EPSS: 0%CPEs: 15EXPL: 0CVE-2007-4098
https://notcve.org/view.php?id=CVE-2007-4098
30 Jul 2007 — Tor before 0.1.2.15 does not properly distinguish "streamids from different exits," which might allow remote attackers with control over Tor routers to inject cells into arbitrary streams. Tor anterior a 0.1.2.15 no distingue de forma adecuada "identificadores de tráfico de diversas salidas," lo cual podría permitir a atacantes remotos con control sobre los routers Tor inyectar celdas dentro de tráfico de su elección. • http://archives.seul.org/or/announce/Jul-2007/msg00000.html •
CVSS: 9.1EPSS: 0%CPEs: 24EXPL: 0CVE-2007-3165
https://notcve.org/view.php?id=CVE-2007-3165
11 Jun 2007 — Tor before 0.1.2.14 can construct circuits in which an entry guard is in the same family as the exit node, which might compromise the anonymity of traffic sources and destinations by exposing traffic to inappropriate remote observers. Tor anterior a 0.1.2.14 puede construir circuitos en los cuales un protector de entrada está en la misma familia que el nodo de la salida, lo cual puede comprometer el anonimato de las fuentes y de los destinatarios del tráfico exponiendo tráfico a los observadores remotos ina... • http://archives.seul.org/or/announce/May-2007/msg00000.html •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-1103
https://notcve.org/view.php?id=CVE-2007-1103
26 Feb 2007 — Tor does not verify a node's uptime and bandwidth advertisements, which allows remote attackers who operate a low resource node to make false claims of greater resources, which places the node into use for many circuits and compromises the anonymity of traffic sources and destinations. Tor no verifica el tiempo de funcionamiento y los anuncios de ancho de banda, lo cual permite a atacantes remotos que operan un nodo con bajos recursos afirmar que poseen recursos mayores, lo cual pone el nodo en uso para muc... • http://archives.seul.org/or/talk/Feb-2007/msg00197.html •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2006-6893
https://notcve.org/view.php?id=CVE-2006-6893
31 Dec 2006 — Tor allows remote attackers to discover the IP address of a hidden service by accessing this service at a high rate, thereby changing the server's CPU temperature and consequently changing the pattern of time values visible through (1) ICMP timestamps, (2) TCP sequence numbers, and (3) TCP timestamps, a different vulnerability than CVE-2006-0414. NOTE: it could be argued that this is a laws-of-physics vulnerability that is a fundamental design limitation of certain hardware implementations, so perhaps this ... • http://events.ccc.de/congress/2006/Fahrplan/events/1513.en.html •
CVSS: 7.5EPSS: 1%CPEs: 40EXPL: 0CVE-2006-4508
https://notcve.org/view.php?id=CVE-2006-4508
31 Aug 2006 — Unspecified vulnerability in (1) Tor 0.1.0.x before 0.1.0.18 and 0.1.1.x before 0.1.1.23, and (2) ScatterChat before 1.0.2, allows remote attackers operating a Tor entry node to route arbitrary Tor traffic through clients or cause a denial of service (flood) via unspecified vectors. Vulnerabilidad no especificada en (1) Tor 0.1.0.x anteriores a 0.1.0.18 y 0.1.1.x anteriores a 0.1.1.23, y (2) ScatterChat anterior a 1.0.2, permite a atacantes remotos operando un "nodo de entrada" en la red Tor encaminar tráfi... • http://archives.seul.org/or/announce/Aug-2006/msg00001.html •
CVSS: 9.8EPSS: 0%CPEs: 68EXPL: 0CVE-2006-3410
https://notcve.org/view.php?id=CVE-2006-3410
07 Jul 2006 — Tor before 0.1.1.20 creates "internal circuits" primarily consisting of nodes with "useful exit nodes," which allows remote attackers to conduct unspecified statistical attacks. Tor versiones anteriores a 0.1.1.20 crea "circuitos internos" principalmente consistentes en nodos con "nodos de salida útil", lo cual permite a atacantes remotos conducir ataques estadísticamente no especificados. • http://secunia.com/advisories/20277 •
CVSS: 7.5EPSS: 0%CPEs: 68EXPL: 0CVE-2006-3419
https://notcve.org/view.php?id=CVE-2006-3419
07 Jul 2006 — Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes (RAND_pseudo_bytes) instead of cryptographically strong RAND_bytes, and seeds the entropy value at start-up with 160-bit chunks without reseeding, which makes it easier for attackers to conduct brute force guessing attacks. Tor versiones anteriores a la 0.1.1.20 utiliza bytes pseudo aleatorios OpenSSL (RAND_pseudo_bytes) en vez de RAND_bytes que son criptográficamente fuertes y genera el valor de entropía al arranque con fragmentos de 160 bits sin regener... • http://secunia.com/advisories/20514 •
CVSS: 7.5EPSS: 0%CPEs: 68EXPL: 0CVE-2006-3417
https://notcve.org/view.php?id=CVE-2006-3417
07 Jul 2006 — Tor client before 0.1.1.20 prefers entry points based on is_fast or is_stable flags, which could allow remote attackers to be preferred over nodes that are identified as more trustworthy "entry guard" (is_guard) systems by directory authorities. El Cliente Tor, anterior a 0.1.1.20, prefiere puntos de entrada basados en las banderas is_fast o is_stable, que permitiría a atacantes remotos ser preferidos sobre los nodos que están identificados como sistemas más confiables "entry guard" (is_guard) por las autor... • http://secunia.com/advisories/20514 •
CVSS: 7.5EPSS: 0%CPEs: 68EXPL: 0CVE-2006-3418
https://notcve.org/view.php?id=CVE-2006-3418
07 Jul 2006 — Tor before 0.1.1.20 does not validate that a server descriptor's fingerprint line matches its identity key, which allows remote attackers to spoof the fingerprint line, which might be trusted by users or other applications. • http://secunia.com/advisories/20514 •
CVSS: 9.1EPSS: 0%CPEs: 68EXPL: 0CVE-2006-3407
https://notcve.org/view.php?id=CVE-2006-3407
07 Jul 2006 — Tor before 0.1.1.20 allows remote attackers to spoof log entries or possibly execute shell code via strings with non-printable characters. Tor versiones anteriores a la 0.1.1.20 permite a atacantes remotos falsificar entradas de log o posiblemente ejecutar código por consola a través de cadenas de caracteres no imprimibles. • http://secunia.com/advisories/20277 •