CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 2CVE-2021-39246
https://notcve.org/view.php?id=CVE-2021-39246
24 Sep 2021 — Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack that can compromise the privacy of visits to v2 onion addresses. Exact timestamps of these onion-service visits are logged locally, and an attacker might be able to compare them to timestamp data collected by the destination server (or collected by a rogue site within the Tor network). Tor Browser hasta la versión 10.5.6 y la versión 11.x hasta la 11.0a4 permite un ataque de correlación que puede comprometer la privacidad de las ... • https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-111.md • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2019-13075
https://notcve.org/view.php?id=CVE-2019-13075
30 Jun 2019 — Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that language is included in the title attribute of a LINK element for a non-HTML page. This is related to a behavior of Firefox before 68. El navegador Tor hasta la versión 8.5.3, presenta una vulnerabilidad de exposición de información. Permite a los atacantes remotos detectar el idioma del navegador por medio de vectores ... • https://hackerone.com/reports/588239 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12383
https://notcve.org/view.php?id=CVE-2019-12383
28 May 2019 — Tor Browser before 8.0.1 has an information exposure vulnerability. It allows remote attackers to detect the browser's UI locale by measuring a button width, even if the user has a "Don't send my language" setting. Tor Browser anterior de la versión 8.0.1, presenta una vulnerabilidad de exposición de información. Permite a atacantes remotos detectar la interfaz de usuario (UI) local del navegador mediante la medición de el ancho de Buttom, incluso si el usuario tiene una configuración de "Don't send my lang... • http://www.securityfocus.com/bid/108484 • CWE-203: Observable Discrepancy •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-16983
https://notcve.org/view.php?id=CVE-2018-16983
13 Sep 2018 — NoScript Classic before 5.1.8.7, as used in Tor Browser 7.x and other products, allows attackers to bypass script blocking via the text/html;/json Content-Type value. NoScript Classic en versiones anteriores a la 5.1.8.7, tal y como se emplea en Tor Browser 7.x y otros productos, permite que los atacantes omitan el bloqueo de scripts mediante el valor de Content-Type text/html;/json. • https://noscript.net/getit#classic •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 4CVE-2017-16639 – Tor Browser SMB Deanonymization / Information Disclosure
https://notcve.org/view.php?id=CVE-2017-16639
13 Sep 2018 — Tor Browser on Windows before 8.0 allows remote attackers to bypass the intended anonymity feature and discover a client IP address, a different vulnerability than CVE-2017-16541. User interaction is required to trigger this vulnerability. Tor Browser en Windows en versiones anteriores a la 8.0 permite que atacantes remotos omitan la característica de anonimato planeada y descubrir una dirección IP de cliente. Esta vulnerabilidad es diferente de CVE-2017-16541. Se requiere interacción del usuario para explo... • https://packetstorm.news/files/id/149351 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •