Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Torproject Subscribe
Total 40 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-2688 1 Torproject 1 Tor 2020-01-31 5.0 MEDIUM 7.5 HIGH
buf_pullup in Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle unexpected arrival times of buffers with invalid layouts, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets.
CVE-2018-16983 2 Noscript, Torproject 2 Noscript, Tor Browser 2019-10-02 7.5 HIGH 9.8 CRITICAL
NoScript Classic before 5.1.8.7, as used in Tor Browser 7.x and other products, allows attackers to bypass script blocking via the text/html;/json Content-Type value.
CVE-2017-0375 1 Torproject 1 Tor 2019-10-02 5.0 MEDIUM 7.5 HIGH
The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the relay_send_end_cell_from_edge_ function via a malformed BEGIN cell.
CVE-2017-0376 2 Debian, Torproject 2 Debian Linux, Tor 2019-10-02 5.0 MEDIUM 7.5 HIGH
The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the connection_edge_process_relay_cell function via a BEGIN_DIR cell on a rendezvous circuit.
CVE-2019-13075 1 Torproject 1 Tor Browser 2019-07-08 5.0 MEDIUM 5.3 MEDIUM
Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that language is included in the title attribute of a LINK element for a non-HTML page. This is related to a behavior of Firefox before 68.
CVE-2018-0490 2 Debian, Torproject 2 Debian Linux, Tor 2019-04-30 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before 0.3.1.10, and 0.3.2.x before 0.3.2.10. The directory-authority protocol-list subprotocol implementation allows remote attackers to cause a denial of service (NULL pointer dereference and directory-authority crash) via a misformatted relay descriptor that is mishandled during voting.
CVE-2018-0491 1 Torproject 1 Tor 2019-03-26 5.0 MEDIUM 7.5 HIGH
A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. It allows remote attackers to cause a denial of service (relay crash) because the KIST implementation allows a channel to be added more than once in the pending list.
CVE-2017-16639 2 Microsoft, Torproject 2 Windows, Tor Browser 2018-11-26 4.3 MEDIUM 4.3 MEDIUM
Tor Browser on Windows before 8.0 allows remote attackers to bypass the intended anonymity feature and discover a client IP address, a different vulnerability than CVE-2017-16541. User interaction is required to trigger this vulnerability.
CVE-2016-1254 5 Debian, Fedoraproject, Opensuse and 2 more 6 Debian Linux, Fedora, Leap and 3 more 2018-10-30 5.0 MEDIUM 7.5 HIGH
Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.
CVE-2016-9079 5 Debian, Microsoft, Mozilla and 2 more 12 Debian Linux, Windows, Firefox and 9 more 2018-08-09 5.0 MEDIUM 7.5 HIGH
A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.
CVE-2017-0380 1 Torproject 1 Tor 2017-11-05 4.3 MEDIUM 5.9 MEDIUM
The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive information by leveraging access to the log files of a hidden service, because uninitialized stack data is included in an error message about construction of an introduction point circuit.
CVE-2012-5573 1 Torproject 1 Tor 2017-08-28 5.0 MEDIUM N/A
The connection_edge_process_relay_cell function in or/relay.c in Tor before 0.2.3.25 maintains circuits even if an unexpected SENDME cell arrives, which might allow remote attackers to cause a denial of service (memory consumption or excessive cell reception rate) or bypass intended flow-control restrictions via a RELAY_COMMAND_SENDME command.
CVE-2017-0377 1 Torproject 1 Tor 2017-07-14 5.0 MEDIUM 7.5 HIGH
Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families.
CVE-2016-8860 1 Torproject 1 Tor 2017-06-30 5.0 MEDIUM 7.5 HIGH
Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal functions that were entitled to expect that buf_t data had NUL termination, but the implementation of or/buffers.c did not ensure that NUL termination was present, which allows remote attackers to cause a denial of service (client, hidden service, relay, or authority crash) via crafted data.
CVE-2014-5117 1 Torproject 1 Tor 2017-01-06 5.8 MEDIUM N/A
Tor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a circuit after an inbound RELAY_EARLY cell is received by a client, which makes it easier for remote attackers to conduct traffic-confirmation attacks by using the pattern of RELAY and RELAY_EARLY cells as a means of communicating information about hidden service names.
CVE-2012-2250 1 Torproject 1 Tor 2014-02-21 5.0 MEDIUM N/A
Tor before 0.2.3.24-rc allows remote attackers to cause a denial of service (assertion failure and daemon exit) by performing link protocol negotiation incorrectly.
CVE-2012-2249 1 Torproject 1 Tor 2014-02-21 5.0 MEDIUM N/A
Tor before 0.2.3.23-rc allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a renegotiation attempt that occurs after the initiation of the V3 link protocol.
CVE-2013-7295 1 Torproject 1 Tor 2014-02-11 4.0 MEDIUM N/A
Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for (1) relay identity keys and (2) hidden-service identity keys, which might make it easier for remote attackers to bypass cryptographic protection mechanisms via unspecified vectors.
CVE-2012-4922 1 Torproject 1 Tor 2013-08-21 5.0 MEDIUM N/A
The tor_timegm function in common/util.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.22-rc, does not properly validate time values, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed directory object, a different vulnerability than CVE-2012-4419.
CVE-2012-4419 1 Torproject 1 Tor 2013-08-21 5.0 MEDIUM N/A
The compare_tor_addr_to_addr_policy function in or/policies.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a zero-valued port field that is not properly handled during policy comparison.