Filtered by vendor Torproject
Subscribe
Total
40 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-2688 | 1 Torproject | 1 Tor | 2020-01-31 | 5.0 MEDIUM | 7.5 HIGH |
buf_pullup in Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle unexpected arrival times of buffers with invalid layouts, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets. | |||||
CVE-2018-16983 | 2 Noscript, Torproject | 2 Noscript, Tor Browser | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
NoScript Classic before 5.1.8.7, as used in Tor Browser 7.x and other products, allows attackers to bypass script blocking via the text/html;/json Content-Type value. | |||||
CVE-2017-0375 | 1 Torproject | 1 Tor | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the relay_send_end_cell_from_edge_ function via a malformed BEGIN cell. | |||||
CVE-2017-0376 | 2 Debian, Torproject | 2 Debian Linux, Tor | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the connection_edge_process_relay_cell function via a BEGIN_DIR cell on a rendezvous circuit. | |||||
CVE-2019-13075 | 1 Torproject | 1 Tor Browser | 2019-07-08 | 5.0 MEDIUM | 5.3 MEDIUM |
Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that language is included in the title attribute of a LINK element for a non-HTML page. This is related to a behavior of Firefox before 68. | |||||
CVE-2018-0490 | 2 Debian, Torproject | 2 Debian Linux, Tor | 2019-04-30 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before 0.3.1.10, and 0.3.2.x before 0.3.2.10. The directory-authority protocol-list subprotocol implementation allows remote attackers to cause a denial of service (NULL pointer dereference and directory-authority crash) via a misformatted relay descriptor that is mishandled during voting. | |||||
CVE-2018-0491 | 1 Torproject | 1 Tor | 2019-03-26 | 5.0 MEDIUM | 7.5 HIGH |
A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. It allows remote attackers to cause a denial of service (relay crash) because the KIST implementation allows a channel to be added more than once in the pending list. | |||||
CVE-2017-16639 | 2 Microsoft, Torproject | 2 Windows, Tor Browser | 2018-11-26 | 4.3 MEDIUM | 4.3 MEDIUM |
Tor Browser on Windows before 8.0 allows remote attackers to bypass the intended anonymity feature and discover a client IP address, a different vulnerability than CVE-2017-16541. User interaction is required to trigger this vulnerability. | |||||
CVE-2016-1254 | 5 Debian, Fedoraproject, Opensuse and 2 more | 6 Debian Linux, Fedora, Leap and 3 more | 2018-10-30 | 5.0 MEDIUM | 7.5 HIGH |
Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor. | |||||
CVE-2016-9079 | 5 Debian, Microsoft, Mozilla and 2 more | 12 Debian Linux, Windows, Firefox and 9 more | 2018-08-09 | 5.0 MEDIUM | 7.5 HIGH |
A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1. | |||||
CVE-2017-0380 | 1 Torproject | 1 Tor | 2017-11-05 | 4.3 MEDIUM | 5.9 MEDIUM |
The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive information by leveraging access to the log files of a hidden service, because uninitialized stack data is included in an error message about construction of an introduction point circuit. | |||||
CVE-2012-5573 | 1 Torproject | 1 Tor | 2017-08-28 | 5.0 MEDIUM | N/A |
The connection_edge_process_relay_cell function in or/relay.c in Tor before 0.2.3.25 maintains circuits even if an unexpected SENDME cell arrives, which might allow remote attackers to cause a denial of service (memory consumption or excessive cell reception rate) or bypass intended flow-control restrictions via a RELAY_COMMAND_SENDME command. | |||||
CVE-2017-0377 | 1 Torproject | 1 Tor | 2017-07-14 | 5.0 MEDIUM | 7.5 HIGH |
Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families. | |||||
CVE-2016-8860 | 1 Torproject | 1 Tor | 2017-06-30 | 5.0 MEDIUM | 7.5 HIGH |
Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal functions that were entitled to expect that buf_t data had NUL termination, but the implementation of or/buffers.c did not ensure that NUL termination was present, which allows remote attackers to cause a denial of service (client, hidden service, relay, or authority crash) via crafted data. | |||||
CVE-2014-5117 | 1 Torproject | 1 Tor | 2017-01-06 | 5.8 MEDIUM | N/A |
Tor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a circuit after an inbound RELAY_EARLY cell is received by a client, which makes it easier for remote attackers to conduct traffic-confirmation attacks by using the pattern of RELAY and RELAY_EARLY cells as a means of communicating information about hidden service names. | |||||
CVE-2012-2250 | 1 Torproject | 1 Tor | 2014-02-21 | 5.0 MEDIUM | N/A |
Tor before 0.2.3.24-rc allows remote attackers to cause a denial of service (assertion failure and daemon exit) by performing link protocol negotiation incorrectly. | |||||
CVE-2012-2249 | 1 Torproject | 1 Tor | 2014-02-21 | 5.0 MEDIUM | N/A |
Tor before 0.2.3.23-rc allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a renegotiation attempt that occurs after the initiation of the V3 link protocol. | |||||
CVE-2013-7295 | 1 Torproject | 1 Tor | 2014-02-11 | 4.0 MEDIUM | N/A |
Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for (1) relay identity keys and (2) hidden-service identity keys, which might make it easier for remote attackers to bypass cryptographic protection mechanisms via unspecified vectors. | |||||
CVE-2012-4922 | 1 Torproject | 1 Tor | 2013-08-21 | 5.0 MEDIUM | N/A |
The tor_timegm function in common/util.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.22-rc, does not properly validate time values, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed directory object, a different vulnerability than CVE-2012-4419. | |||||
CVE-2012-4419 | 1 Torproject | 1 Tor | 2013-08-21 | 5.0 MEDIUM | N/A |
The compare_tor_addr_to_addr_policy function in or/policies.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a zero-valued port field that is not properly handled during policy comparison. |