CVSS: 7.8EPSS: 0%CPEs: 100EXPL: 0CVE-2008-5397
https://notcve.org/view.php?id=CVE-2008-5397
09 Dec 2008 — Tor before 0.2.0.32 does not properly process the (1) User and (2) Group configuration options, which might allow local users to gain privileges by leveraging unintended supplementary group memberships of the Tor process. Tor anterior a v0.2.32 no procesa adecuadamente la configuración de las opciones de (1)usuario (User) y (2) Grupo (group), lo que permitiría a usuarios locales obtener privilegios aprovechando la pertenencia a grupos creados por defecto en los procesos de Tor. • http://blog.torproject.org/blog/tor-0.2.0.32-released • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 1%CPEs: 16EXPL: 2CVE-2007-4174 – Tor 0.1.2.15 - ControlPort Missing Authentication Unauthorized Access
https://notcve.org/view.php?id=CVE-2007-4174
07 Aug 2007 — Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid authentication, as demonstrated by an HTML form (1) hosted on a web site or (2) injected by a Tor exit node. Tor versiones anteriores a 0.1.2.16, cuando ControlPort está habilitado, no restringe apropiadamente los comandos ... • https://www.exploit-db.com/exploits/30447 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 15EXPL: 0CVE-2007-4099
https://notcve.org/view.php?id=CVE-2007-4099
30 Jul 2007 — Tor before 0.1.2.15 can select a guard node beyond the first listed never-before-connected-to guard node, which allows remote attackers with control of certain guard nodes to obtain sensitive information and possibly leverage further attacks. Tor anterior a 0.1.2.15 podría seleccionar un nodo guardía más allá del nodo protector nunca-antes-conectar-a, el cual podría permitir a atacantes remotos con control sobre ciertos nodos guarda obtener información sensible y posiblemente llevar a cabo ataques adicional... • http://archives.seul.org/or/announce/Jul-2007/msg00000.html •
CVSS: 7.5EPSS: 1%CPEs: 15EXPL: 0CVE-2007-4097
https://notcve.org/view.php?id=CVE-2007-4097
30 Jul 2007 — Tor before 0.1.2.15 sends "destroy cells" containing the reason for tearing down a circuit, which allows remote attackers to obtain sensitive information, contrary to specifications. Tor anterior a 0.1.2.15 envía "destruir celdas" conteniendo la razón para derribar un circuito, lo cual podría permite a un atacante remoto obtener información sensible, contraria a las especificaciones. • http://archives.seul.org/or/announce/Jul-2007/msg00000.html •
CVSS: 7.5EPSS: 1%CPEs: 15EXPL: 0CVE-2007-4096
https://notcve.org/view.php?id=CVE-2007-4096
30 Jul 2007 — Buffer overflow in Tor before 0.1.2.15, when using BSD natd support, allows remote attackers to cause a denial of service via unspecified vectors. Desbordamiento de búfer en Tor anterior a 0.1.2.15, cuando está siendo utilizado son soporte BSD natd, permite a atacantes remotos provocar denegación de servicio a través de vectores no especificados. • http://archives.seul.org/or/announce/Jul-2007/msg00000.html •
CVSS: 9.1EPSS: 1%CPEs: 15EXPL: 0CVE-2007-4098
https://notcve.org/view.php?id=CVE-2007-4098
30 Jul 2007 — Tor before 0.1.2.15 does not properly distinguish "streamids from different exits," which might allow remote attackers with control over Tor routers to inject cells into arbitrary streams. Tor anterior a 0.1.2.15 no distingue de forma adecuada "identificadores de tráfico de diversas salidas," lo cual podría permitir a atacantes remotos con control sobre los routers Tor inyectar celdas dentro de tráfico de su elección. • http://archives.seul.org/or/announce/Jul-2007/msg00000.html •
CVSS: 9.1EPSS: 0%CPEs: 24EXPL: 0CVE-2007-3165
https://notcve.org/view.php?id=CVE-2007-3165
11 Jun 2007 — Tor before 0.1.2.14 can construct circuits in which an entry guard is in the same family as the exit node, which might compromise the anonymity of traffic sources and destinations by exposing traffic to inappropriate remote observers. Tor anterior a 0.1.2.14 puede construir circuitos en los cuales un protector de entrada está en la misma familia que el nodo de la salida, lo cual puede comprometer el anonimato de las fuentes y de los destinatarios del tráfico exponiendo tráfico a los observadores remotos ina... • http://archives.seul.org/or/announce/May-2007/msg00000.html •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2007-1103
https://notcve.org/view.php?id=CVE-2007-1103
26 Feb 2007 — Tor does not verify a node's uptime and bandwidth advertisements, which allows remote attackers who operate a low resource node to make false claims of greater resources, which places the node into use for many circuits and compromises the anonymity of traffic sources and destinations. Tor no verifica el tiempo de funcionamiento y los anuncios de ancho de banda, lo cual permite a atacantes remotos que operan un nodo con bajos recursos afirmar que poseen recursos mayores, lo cual pone el nodo en uso para muc... • http://archives.seul.org/or/talk/Feb-2007/msg00197.html •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2006-6893
https://notcve.org/view.php?id=CVE-2006-6893
31 Dec 2006 — Tor allows remote attackers to discover the IP address of a hidden service by accessing this service at a high rate, thereby changing the server's CPU temperature and consequently changing the pattern of time values visible through (1) ICMP timestamps, (2) TCP sequence numbers, and (3) TCP timestamps, a different vulnerability than CVE-2006-0414. NOTE: it could be argued that this is a laws-of-physics vulnerability that is a fundamental design limitation of certain hardware implementations, so perhaps this ... • http://events.ccc.de/congress/2006/Fahrplan/events/1513.en.html •
CVSS: 7.5EPSS: 1%CPEs: 40EXPL: 0CVE-2006-4508
https://notcve.org/view.php?id=CVE-2006-4508
31 Aug 2006 — Unspecified vulnerability in (1) Tor 0.1.0.x before 0.1.0.18 and 0.1.1.x before 0.1.1.23, and (2) ScatterChat before 1.0.2, allows remote attackers operating a Tor entry node to route arbitrary Tor traffic through clients or cause a denial of service (flood) via unspecified vectors. Vulnerabilidad no especificada en (1) Tor 0.1.0.x anteriores a 0.1.0.18 y 0.1.1.x anteriores a 0.1.1.23, y (2) ScatterChat anterior a 1.0.2, permite a atacantes remotos operando un "nodo de entrada" en la red Tor encaminar tráfi... • http://archives.seul.org/or/announce/Aug-2006/msg00001.html •