CVSS: 7.5EPSS: 1%CPEs: 68EXPL: 0CVE-2006-3408
https://notcve.org/view.php?id=CVE-2006-3408
07 Jul 2006 — Unspecified vulnerability in the directory server (dirserver) in Tor before 0.1.1.20 allows remote attackers to cause an unspecified denial of service via unknown vectors. Vulnerabilidad sin especificar en el servidor de directorios (dirserver) en Tor antes de 0.1.1.20 permite a atacantes remotos provocar una denegación de servicio no especificada a través de vectores desconocidos. • http://secunia.com/advisories/20277 •
CVSS: 7.5EPSS: 0%CPEs: 68EXPL: 0CVE-2006-3418
https://notcve.org/view.php?id=CVE-2006-3418
07 Jul 2006 — Tor before 0.1.1.20 does not validate that a server descriptor's fingerprint line matches its identity key, which allows remote attackers to spoof the fingerprint line, which might be trusted by users or other applications. • http://secunia.com/advisories/20514 •
CVSS: 7.5EPSS: 0%CPEs: 68EXPL: 0CVE-2006-3416
https://notcve.org/view.php?id=CVE-2006-3416
07 Jul 2006 — Tor before 0.1.1.20 kills the circuit when it receives an unrecognized relay command, which causes network circuits to be disbanded. NOTE: while this item is listed under the "Security fixes" section of the developer changelog, the developer clarified on 20060707 that this is only a self-DoS. Therefore this issue should not be included in CVE ** CUESTIONADA ** Tor anterior a 0.1.1.20 cancela el circuito cuando recibe un comando de transmitir erróneo, lo que provoca que los circuitos de la red sean desconect... • http://secunia.com/advisories/20514 •
CVSS: 7.5EPSS: 0%CPEs: 68EXPL: 0CVE-2006-3419
https://notcve.org/view.php?id=CVE-2006-3419
07 Jul 2006 — Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes (RAND_pseudo_bytes) instead of cryptographically strong RAND_bytes, and seeds the entropy value at start-up with 160-bit chunks without reseeding, which makes it easier for attackers to conduct brute force guessing attacks. Tor versiones anteriores a la 0.1.1.20 utiliza bytes pseudo aleatorios OpenSSL (RAND_pseudo_bytes) en vez de RAND_bytes que son criptográficamente fuertes y genera el valor de entropía al arranque con fragmentos de 160 bits sin regener... • http://secunia.com/advisories/20514 •
CVSS: 5.0EPSS: 1%CPEs: 57EXPL: 0CVE-2006-0414
https://notcve.org/view.php?id=CVE-2006-0414
25 Jan 2006 — Tor before 0.1.1.20 allows remote attackers to identify hidden services via a malicious Tor server that attempts a large number of accesses of the hidden service, which eventually causes a circuit to be built through the malicious server. Tor anterior a 0.1.1.10 permite a atacantes remotos identificar servicios ocultos mediante un servidor Tor malicioso que intenta un gran número de accesos al servicio oculto, lo que acaba causando que un circuito sea construido a través del servidor malicioso. • http://archives.seul.org/or/announce/Jan-2006/msg00001.html •