Search...

Fedora Update for tor FEDORA-2011-0650

2011-06-10T00:00:00

ID OPENVAS:863130
Type openvas
Reporter Copyright (c) 2011 Greenbone Networks GmbH
Modified 2017-07-10T00:00:00

Description

Check for the Version of tor

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
#
# Fedora Update for tor FEDORA-2011-0650
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

include("revisions-lib.inc");
tag_insight = "Tor is a connection-based low-latency anonymous communication system.

  Applications connect to the local Tor proxy using the SOCKS protocol. The
  local proxy chooses a path through a set of relays, in which each relay
  knows its predecessor and successor, but no others. Traffic flowing down
  the circuit is unwrapped by a symmetric key at each relay, which reveals
  the downstream relay.
  
  Warnings: Tor does no protocol cleaning.  That means there is a danger
  that application protocols and associated programs can be induced to
  reveal information about the initiator. Tor depends on Privoxy and
  similar protocol cleaners to solve this problem. This is alpha code,
  and is even more likely than released code to have anonymity-spoiling
  bugs. The present network is very small -- this further reduces the
  strength of the anonymity provided. Tor is not presently suitable for
  high-stakes anonymity.";
tag_solution = "Please Install the Updated Packages.";

tag_affected = "tor on Fedora 13";


if(description)
{
  script_xref(name : "URL" , value : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061286.html");
  script_id(863130);
  script_version("$Revision: 6626 $");
  script_tag(name:"last_modification", value:"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $");
  script_tag(name:"creation_date", value:"2011-06-10 16:29:51 +0200 (Fri, 10 Jun 2011)");
  script_tag(name:"cvss_base", value:"6.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_xref(name: "FEDORA", value: "2011-0650");
  script_cve_id("CVE-2011-0427", "CVE-2011-0015", "CVE-2011-0016", "CVE-2011-0490", "CVE-2011-0491", "CVE-2011-0492", "CVE-2011-0493");
  script_name("Fedora Update for tor FEDORA-2011-0650");

  script_summary("Check for the Version of tor");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
  script_family("Fedora Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms");
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("pkg-lib-rpm.inc");

release = get_kb_item("ssh/login/release");


res = "";
if(release == NULL){
  exit(0);
}

if(release == "FC13")
{

  if ((res = isrpmvuln(pkg:"tor", rpm:"tor~0.2.1.29~1300.fc13", rls:"FC13")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}

JSON Vulners Source

Initial Source

{"id": "OPENVAS:863130", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Update for tor FEDORA-2011-0650", "description": "Check for the Version of tor", "published": "2011-06-10T00:00:00", "modified": "2017-07-10T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=863130", "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "references": ["2011-0650", "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061286.html"], "cvelist": ["CVE-2011-0493", "CVE-2011-0016", "CVE-2011-0491", "CVE-2011-0492", "CVE-2011-0015", "CVE-2011-0427", "CVE-2011-0490"], "lastseen": "2017-07-25T10:55:38", "viewCount": 0, "enchantments": {"score": {"value": 6.4, "vector": "NONE", "modified": "2017-07-25T10:55:38", "rev": 2}, "dependencies": {"references": [{"type": "nessus", "idList": ["FEDORA_2011-7972.NASL", "GENTOO_GLSA-201110-13.NASL", "FREEBSD_PKG_38BDF10E229311E0BFA4001676740879.NASL", "FEDORA_2011-0642.NASL", "FEDORA_2011-0650.NASL", "DEBIAN_DSA-2148.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:863090", "OPENVAS:863202", "OPENVAS:136141256231070776", "OPENVAS:136141256231068986", "OPENVAS:136141256231068817", "OPENVAS:1361412562310863202", "OPENVAS:70776", "OPENVAS:68986", "OPENVAS:1361412562310863090", "OPENVAS:1361412562310863130"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11359", "SECURITYVULNS:DOC:25506"]}, {"type": "gentoo", "idList": ["GLSA-201110-13"]}, {"type": "cve", "idList": ["CVE-2011-0493", "CVE-2011-0015", "CVE-2011-0490", "CVE-2011-0650", "CVE-2011-0427", "CVE-2011-0491", "CVE-2011-0016", "CVE-2011-0492"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2148-1:EB706"]}, {"type": "freebsd", "idList": ["38BDF10E-2293-11E0-BFA4-001676740879"]}], "modified": "2017-07-25T10:55:38", "rev": 2}, "vulnersScore": 6.4}, "pluginID": "863130", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tor FEDORA-2011-0650\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Tor is a connection-based low-latency anonymous communication system.\n\n Applications connect to the local Tor proxy using the SOCKS protocol. The\n local proxy chooses a path through a set of relays, in which each relay\n knows its predecessor and successor, but no others. Traffic flowing down\n the circuit is unwrapped by a symmetric key at each relay, which reveals\n the downstream relay.\n \n Warnings: Tor does no protocol cleaning. That means there is a danger\n that application protocols and associated programs can be induced to\n reveal information about the initiator. Tor depends on Privoxy and\n similar protocol cleaners to solve this problem. This is alpha code,\n and is even more likely than released code to have anonymity-spoiling\n bugs. The present network is very small -- this further reduces the\n strength of the anonymity provided. Tor is not presently suitable for\n high-stakes anonymity.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"tor on Fedora 13\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061286.html\");\n script_id(863130);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-06-10 16:29:51 +0200 (Fri, 10 Jun 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-0650\");\n script_cve_id(\"CVE-2011-0427\", \"CVE-2011-0015\", \"CVE-2011-0016\", \"CVE-2011-0490\", \"CVE-2011-0491\", \"CVE-2011-0492\", \"CVE-2011-0493\");\n script_name(\"Fedora Update for tor FEDORA-2011-0650\");\n\n script_summary(\"Check for the Version of tor\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"tor\", rpm:\"tor~0.2.1.29~1300.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "naslFamily": "Fedora Local Security Checks"}

{"openvas": [{"lastseen": "2017-07-25T10:55:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0493", "CVE-2011-0016", "CVE-2011-0491", "CVE-2011-0492", "CVE-2011-0015", "CVE-2011-0427", "CVE-2011-0490"], "description": "Check for the Version of tor", "modified": "2017-07-10T00:00:00", "published": "2011-05-17T00:00:00", "id": "OPENVAS:863090", "href": "http://plugins.openvas.org/nasl.php?oid=863090", "type": "openvas", "title": "Fedora Update for tor FEDORA-2011-0642", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tor FEDORA-2011-0642\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Tor is a connection-based low-latency anonymous communication system.\n\n Applications connect to the local Tor proxy using the SOCKS protocol. The\n local proxy chooses a path through a set of relays, in which each relay\n knows its predecessor and successor, but no others. Traffic flowing down\n the circuit is unwrapped by a symmetric key at each relay, which reveals\n the downstream relay.\n \n Warnings: Tor does no protocol cleaning. That means there is a danger\n that application protocols and associated programs can be induced to\n reveal information about the initiator. Tor depends on Privoxy and\n similar protocol cleaners to solve this problem. This is alpha code,\n and is even more likely than released code to have anonymity-spoiling\n bugs. The present network is very small -- this further reduces the\n strength of the anonymity provided. Tor is not presently suitable for\n high-stakes anonymity.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"tor on Fedora 14\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060123.html\");\n script_id(863090);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-17 15:58:48 +0200 (Tue, 17 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-0642\");\n script_cve_id(\"CVE-2011-0427\", \"CVE-2011-0015\", \"CVE-2011-0016\", \"CVE-2011-0490\", \"CVE-2011-0491\", \"CVE-2011-0492\", \"CVE-2011-0493\");\n script_name(\"Fedora Update for tor FEDORA-2011-0642\");\n\n script_summary(\"Check for the Version of tor\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"tor\", rpm:\"tor~0.2.1.29~1400.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0493", "CVE-2011-0016", "CVE-2011-0491", "CVE-2011-0492", "CVE-2011-0015", "CVE-2011-0427", "CVE-2011-0490"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-05-17T00:00:00", "id": "OPENVAS:1361412562310863090", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863090", "type": "openvas", "title": "Fedora Update for tor FEDORA-2011-0642", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tor FEDORA-2011-0642\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060123.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863090\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-17 15:58:48 +0200 (Tue, 17 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2011-0642\");\n script_cve_id(\"CVE-2011-0427\", \"CVE-2011-0015\", \"CVE-2011-0016\", \"CVE-2011-0490\", \"CVE-2011-0491\", \"CVE-2011-0492\", \"CVE-2011-0493\");\n script_name(\"Fedora Update for tor FEDORA-2011-0642\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tor'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC14\");\n script_tag(name:\"affected\", value:\"tor on Fedora 14\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"tor\", rpm:\"tor~0.2.1.29~1400.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0493", "CVE-2011-0016", "CVE-2011-0491", "CVE-2011-0492", "CVE-2011-0015", "CVE-2011-0427", "CVE-2011-0490"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-06-10T00:00:00", "id": "OPENVAS:1361412562310863130", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863130", "type": "openvas", "title": "Fedora Update for tor FEDORA-2011-0650", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tor FEDORA-2011-0650\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061286.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863130\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-06-10 16:29:51 +0200 (Fri, 10 Jun 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2011-0650\");\n script_cve_id(\"CVE-2011-0427\", \"CVE-2011-0015\", \"CVE-2011-0016\", \"CVE-2011-0490\", \"CVE-2011-0491\", \"CVE-2011-0492\", \"CVE-2011-0493\");\n script_name(\"Fedora Update for tor FEDORA-2011-0650\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tor'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC13\");\n script_tag(name:\"affected\", value:\"tor on Fedora 13\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"tor\", rpm:\"tor~0.2.1.29~1300.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:51:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0493", "CVE-2011-0016", "CVE-2011-0491", "CVE-2011-1924", "CVE-2011-0492", "CVE-2011-0015", "CVE-2011-0427", "CVE-2011-0490"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201110-13.", "modified": "2017-07-07T00:00:00", "published": "2012-02-12T00:00:00", "id": "OPENVAS:70776", "href": "http://plugins.openvas.org/nasl.php?oid=70776", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201110-13 (Tor)", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities were found in Tor, the most severe of\n which may allow a remote attacker to execute arbitrary code.\";\ntag_solution = \"All Tor users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/tor-0.2.1.30'\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are\n available since April 2, 2011. It is likely that your system is\nalready\n no longer affected by this issue.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201110-13\nhttp://bugs.gentoo.org/show_bug.cgi?id=351920\nhttp://bugs.gentoo.org/show_bug.cgi?id=359789\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201110-13.\";\n\n \n \nif(description)\n{\n script_id(70776);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-0015\", \"CVE-2011-0016\", \"CVE-2011-0427\", \"CVE-2011-0490\", \"CVE-2011-0491\", \"CVE-2011-0492\", \"CVE-2011-0493\", \"CVE-2011-1924\");\n script_version(\"$Revision: 6593 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:18:14 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 10:04:39 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201110-13 (Tor)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"net-misc/tor\", unaffected: make_list(\"ge 0.2.1.30\"), vulnerable: make_list(\"lt 0.2.1.30\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0493", "CVE-2011-0016", "CVE-2011-0491", "CVE-2011-1924", "CVE-2011-0492", "CVE-2011-0015", "CVE-2011-0427", "CVE-2011-0490"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201110-13.", "modified": "2018-10-12T00:00:00", "published": "2012-02-12T00:00:00", "id": "OPENVAS:136141256231070776", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070776", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201110-13 (Tor)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201110_13.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70776\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-0015\", \"CVE-2011-0016\", \"CVE-2011-0427\", \"CVE-2011-0490\", \"CVE-2011-0491\", \"CVE-2011-0492\", \"CVE-2011-0493\", \"CVE-2011-1924\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 10:04:39 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201110-13 (Tor)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities were found in Tor, the most severe of\n which may allow a remote attacker to execute arbitrary code.\");\n script_tag(name:\"solution\", value:\"All Tor users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/tor-0.2.1.30'\n\n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are\n available since April 2, 2011. It is likely that your system is\nalready\n no longer affected by this issue.\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201110-13\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=351920\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=359789\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201110-13.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"net-misc/tor\", unaffected: make_list(\"ge 0.2.1.30\"), vulnerable: make_list(\"lt 0.2.1.30\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-25T10:55:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0427"], "description": "Check for the Version of tor", "modified": "2017-07-10T00:00:00", "published": "2011-06-10T00:00:00", "id": "OPENVAS:863202", "href": "http://plugins.openvas.org/nasl.php?oid=863202", "type": "openvas", "title": "Fedora Update for tor FEDORA-2011-7972", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tor FEDORA-2011-7972\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Tor is a connection-based low-latency anonymous communication system.\n\n Applications connect to the local Tor proxy using the SOCKS protocol. The\n local proxy chooses a path through a set of relays, in which each relay\n knows its predecessor and successor, but no others. Traffic flowing down\n the circuit is unwrapped by a symmetric key at each relay, which reveals\n the downstream relay.\n \n Warnings: Tor does no protocol cleaning. That means there is a danger\n that application protocols and associated programs can be induced to\n reveal information about the initiator. Tor depends on Privoxy and\n similar protocol cleaners to solve this problem. This is alpha code,\n and is even more likely than released code to have anonymity-spoiling\n bugs. The present network is very small -- this further reduces the\n strength of the anonymity provided. Tor is not presently suitable for\n high-stakes anonymity.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"tor on Fedora 14\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061258.html\");\n script_id(863202);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-06-10 16:29:51 +0200 (Fri, 10 Jun 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-7972\");\n script_cve_id(\"CVE-2011-0427\");\n script_name(\"Fedora Update for tor FEDORA-2011-7972\");\n\n script_summary(\"Check for the Version of tor\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"tor\", rpm:\"tor~0.2.1.30~1400.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0427"], "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "modified": "2018-10-05T00:00:00", "published": "2011-01-24T00:00:00", "id": "OPENVAS:136141256231068817", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231068817", "type": "openvas", "title": "FreeBSD Ports: tor", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_tor5.nasl 11762 2018-10-05 10:54:12Z cfischer $\n#\n# Auto generated from VID 38bdf10e-2293-11e0-bfa4-001676740879\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.68817\");\n script_version(\"$Revision: 11762 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-05 12:54:12 +0200 (Fri, 05 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-24 17:55:59 +0100 (Mon, 24 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-0427\");\n script_bugtraq_id(45832);\n script_name(\"FreeBSD Ports: tor\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following packages are affected:\n\n tor\n tor-devel\n\nCVE-2011-0427\nHeap-based buffer overflow in Tor before 0.2.1.29 and 0.2.2.x before\n0.2.2.21-alpha allows remote attackers to cause a denial of service\n(memory corruption and application crash) or possibly execute\narbitrary code via unspecified vectors.\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_xref(name:\"URL\", value:\"https://gitweb.torproject.org/tor.git/blob/release-0.2.1:/ChangeLog\");\n script_xref(name:\"URL\", value:\"https://gitweb.torproject.org/tor.git/blob/release-0.2.2:/ChangeLog\");\n script_xref(name:\"URL\", value:\"http://archives.seul.org/or/announce/Jan-2011/msg00000.html\");\n script_xref(name:\"URL\", value:\"http://www.vuxml.org/freebsd/38bdf10e-2293-11e0-bfa4-001676740879.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"tor\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.2.1.29\")<0) {\n txt += 'Package tor version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nbver = portver(pkg:\"tor-devel\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.2.2.21.a\")<0) {\n txt += 'Package tor-devel version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0427"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-06-10T00:00:00", "id": "OPENVAS:1361412562310863202", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863202", "type": "openvas", "title": "Fedora Update for tor FEDORA-2011-7972", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tor FEDORA-2011-7972\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061258.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863202\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-06-10 16:29:51 +0200 (Fri, 10 Jun 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2011-7972\");\n script_cve_id(\"CVE-2011-0427\");\n script_name(\"Fedora Update for tor FEDORA-2011-7972\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tor'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC14\");\n script_tag(name:\"affected\", value:\"tor on Fedora 14\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"tor\", rpm:\"tor~0.2.1.30~1400.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:55:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0427"], "description": "The remote host is missing an update to tor\nannounced via advisory DSA 2148-1.", "modified": "2017-07-07T00:00:00", "published": "2011-03-07T00:00:00", "id": "OPENVAS:68986", "href": "http://plugins.openvas.org/nasl.php?oid=68986", "type": "openvas", "title": "Debian Security Advisory DSA 2148-1 (tor)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2148_1.nasl 6613 2017-07-07 12:08:40Z cfischer $\n# Description: Auto-generated from advisory DSA 2148-1 (tor)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The developers of Tor, an anonymizing overlay network for TCP, found\nthree security issues during a security audit. A heap overflow allowed\nthe execution of arbitrary code (CVE-2011-0427), a denial of service\nvulnerability was found in the zlib compression handling and some key\nmemory was incorrectly zeroed out before being freed. The latter two\nissues do not yet have CVE identifiers assigned. The Debian Security\nTracker will be updated once they're available:\nhttp://security-tracker.debian.org/tracker/source-package/tor\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 0.2.1.29-1~lenny+1.\n\nFor the testing distribution (squeeze) and the unstable distribution (sid),\nthis problem has been fixed in version 0.2.1.29-1.\n\nFor the experimental distribution, this problem has been fixed in\nversion 0.2.2.21-alpha-1.\n\nWe recommend that you upgrade your tor packages.\";\ntag_summary = \"The remote host is missing an update to tor\nannounced via advisory DSA 2148-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202148-1\";\n\n\nif(description)\n{\n script_id(68986);\n script_version(\"$Revision: 6613 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:40 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-07 16:04:02 +0100 (Mon, 07 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-0427\");\n script_name(\"Debian Security Advisory DSA 2148-1 (tor)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"tor\", ver:\"0.2.1.29-1~lenny+1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tor-dbg\", ver:\"0.2.1.29-1~lenny+1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tor-geoipdb\", ver:\"0.2.1.29-1~lenny+1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tor\", ver:\"0.2.1.29-1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tor-dbg\", ver:\"0.2.1.29-1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tor-geoipdb\", ver:\"0.2.1.29-1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:13:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0427"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2017-02-25T00:00:00", "published": "2011-01-24T00:00:00", "id": "OPENVAS:68817", "href": "http://plugins.openvas.org/nasl.php?oid=68817", "type": "openvas", "title": "FreeBSD Ports: tor", "sourceData": "#\n#VID 38bdf10e-2293-11e0-bfa4-001676740879\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 38bdf10e-2293-11e0-bfa4-001676740879\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n tor\n tor-devel\n\nCVE-2011-0427\nHeap-based buffer overflow in Tor before 0.2.1.29 and 0.2.2.x before\n0.2.2.21-alpha allows remote attackers to cause a denial of service\n(memory corruption and application crash) or possibly execute\narbitrary code via unspecified vectors.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttps://gitweb.torproject.org/tor.git/blob/release-0.2.1:/ChangeLog\nhttps://gitweb.torproject.org/tor.git/blob/release-0.2.2:/ChangeLog\nhttp://archives.seul.org/or/announce/Jan-2011/msg00000.html\nhttp://www.vuxml.org/freebsd/38bdf10e-2293-11e0-bfa4-001676740879.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(68817);\n script_version(\"$Revision: 5424 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-25 17:52:36 +0100 (Sat, 25 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-24 17:55:59 +0100 (Mon, 24 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-0427\");\n script_bugtraq_id(45832);\n script_name(\"FreeBSD Ports: tor\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"tor\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.2.1.29\")<0) {\n txt += 'Package tor version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"tor-devel\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.2.2.21.a\")<0) {\n txt += 'Package tor-devel version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-12T10:08:59", "description": " - Mon Jan 17 2011 Enrico Scholz <enrico.scholz at\n informatik.tu-chemnitz.de> - 0.2.1.29-1300\n\n - updated to 0.2.1.29 (SECURITY)\n\n - CVE-2011-0427: heap overflow bug, potential remote\n code execution\n\n - Tue Dec 21 2010 Luke Macken <lmacken at redhat.com> -\n 0.2.1.28-1300\n\n - updated to 0.2.1.28 (SECURITY: fixes a remotely\n exploitable heap overflow bug)\n\n - Fri Nov 26 2010 Enrico Scholz <enrico.scholz at\n informatik.tu-chemnitz.de> - 0.2.1.27-1300\n\n - updated to 0.2.1.27\n\n - work around broken chkconfig by adding dummy\n Default-Start: in -lsb (#647512)\n\n - Fri Nov 26 2010 Enrico Scholz <enrico.scholz at\n informatik.tu-chemnitz.de>\n\n - fixed 'limit' statement in upstart script\n\n - Tue Jun 1 2010 Enrico Scholz <enrico.scholz at\n informatik.tu-chemnitz.de> - 0.2.1.26-1300\n\n - updated to 0.2.1.26\n\n - removed workaround to install lsb initscript because\n parts of the underlying problem have been fixed in\n redhat-lsb and the remaining ones were solved by\n previous commit\n\n - Tue Jun 1 2010 Enrico Scholz <enrico.scholz at\n informatik.tu-chemnitz.de> - 0.2.1.25-1301\n\n - removed $local_fs dependency in -lsb initscript to\n workaround buggy redhat-lsb; $remote_fs should imply\n it\n\n - Thu Mar 18 2010 Enrico Scholz <enrico.scholz at\n informatik.tu-chemnitz.de> - 0.2.1.25-1300\n\n - updated to 0.2.1.25\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2011-06-09T00:00:00", "title": "Fedora 13 : tor-0.2.1.29-1300.fc13 (2011-0650)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0493", "CVE-2011-0016", "CVE-2011-0491", "CVE-2011-0492", "CVE-2011-0015", "CVE-2011-0427", "CVE-2011-0490"], "modified": "2011-06-09T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:13", "p-cpe:/a:fedoraproject:fedora:tor"], "id": "FEDORA_2011-0650.NASL", "href": "https://www.tenable.com/plugins/nessus/55002", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-0650.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55002);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-0015\", \"CVE-2011-0016\", \"CVE-2011-0427\", \"CVE-2011-0490\", \"CVE-2011-0491\", \"CVE-2011-0492\", \"CVE-2011-0493\");\n script_bugtraq_id(45832, 45953);\n script_xref(name:\"FEDORA\", value:\"2011-0650\");\n\n script_name(english:\"Fedora 13 : tor-0.2.1.29-1300.fc13 (2011-0650)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Mon Jan 17 2011 Enrico Scholz <enrico.scholz at\n informatik.tu-chemnitz.de> - 0.2.1.29-1300\n\n - updated to 0.2.1.29 (SECURITY)\n\n - CVE-2011-0427: heap overflow bug, potential remote\n code execution\n\n - Tue Dec 21 2010 Luke Macken <lmacken at redhat.com> -\n 0.2.1.28-1300\n\n - updated to 0.2.1.28 (SECURITY: fixes a remotely\n exploitable heap overflow bug)\n\n - Fri Nov 26 2010 Enrico Scholz <enrico.scholz at\n informatik.tu-chemnitz.de> - 0.2.1.27-1300\n\n - updated to 0.2.1.27\n\n - work around broken chkconfig by adding dummy\n Default-Start: in -lsb (#647512)\n\n - Fri Nov 26 2010 Enrico Scholz <enrico.scholz at\n informatik.tu-chemnitz.de>\n\n - fixed 'limit' statement in upstart script\n\n - Tue Jun 1 2010 Enrico Scholz <enrico.scholz at\n informatik.tu-chemnitz.de> - 0.2.1.26-1300\n\n - updated to 0.2.1.26\n\n - removed workaround to install lsb initscript because\n parts of the underlying problem have been fixed in\n redhat-lsb and the remaining ones were solved by\n previous commit\n\n - Tue Jun 1 2010 Enrico Scholz <enrico.scholz at\n informatik.tu-chemnitz.de> - 0.2.1.25-1301\n\n - removed $local_fs dependency in -lsb initscript to\n workaround buggy redhat-lsb; $remote_fs should imply\n it\n\n - Thu Mar 18 2010 Enrico Scholz <enrico.scholz at\n informatik.tu-chemnitz.de> - 0.2.1.25-1300\n\n - updated to 0.2.1.25\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=671259\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-June/061286.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?204d659a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected tor package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tor\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"tor-0.2.1.29-1300.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tor\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:08:58", "description": " - Mon Jan 17 2011 Enrico Scholz <enrico.scholz at\n informatik.tu-chemnitz.de> - 0.2.1.29-1400\n\n - updated to 0.2.1.29 (SECURITY)\n\n - CVE-2011-0427: heap overflow bug, potential remote\n code execution\n\n - Tue Dec 21 2010 Luke Macken <lmacken at redhat.com> -\n 0.2.1.28-1400\n\n - updated to 0.2.1.28 (SECURITY: fixes a remotely\n exploitable heap overflow bug)\n\n - Fri Nov 26 2010 Enrico Scholz <enrico.scholz at\n informatik.tu-chemnitz.de> - 0.2.1.27-1400\n\n - updated to 0.2.1.27\n\n - work around broken chkconfig by adding dummy\n Default-Start: in -lsb (#647512)\n\n - Fri Nov 26 2010 Enrico Scholz <enrico.scholz at\n informatik.tu-chemnitz.de> - 0.2.1.26-1401\n\n - fixed 'limit' statement in upstart script\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2011-05-16T00:00:00", "title": "Fedora 14 : tor-0.2.1.29-1400.fc14 (2011-0642)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0493", "CVE-2011-0016", "CVE-2011-0491", "CVE-2011-0492", "CVE-2011-0015", "CVE-2011-0427", "CVE-2011-0490"], "modified": "2011-05-16T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:14", "p-cpe:/a:fedoraproject:fedora:tor"], "id": "FEDORA_2011-0642.NASL", "href": "https://www.tenable.com/plugins/nessus/53901", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-0642.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53901);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-0015\", \"CVE-2011-0016\", \"CVE-2011-0427\", \"CVE-2011-0490\", \"CVE-2011-0491\", \"CVE-2011-0492\", \"CVE-2011-0493\");\n script_bugtraq_id(45832, 45953);\n script_xref(name:\"FEDORA\", value:\"2011-0642\");\n\n script_name(english:\"Fedora 14 : tor-0.2.1.29-1400.fc14 (2011-0642)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Mon Jan 17 2011 Enrico Scholz <enrico.scholz at\n informatik.tu-chemnitz.de> - 0.2.1.29-1400\n\n - updated to 0.2.1.29 (SECURITY)\n\n - CVE-2011-0427: heap overflow bug, potential remote\n code execution\n\n - Tue Dec 21 2010 Luke Macken <lmacken at redhat.com> -\n 0.2.1.28-1400\n\n - updated to 0.2.1.28 (SECURITY: fixes a remotely\n exploitable heap overflow bug)\n\n - Fri Nov 26 2010 Enrico Scholz <enrico.scholz at\n informatik.tu-chemnitz.de> - 0.2.1.27-1400\n\n - updated to 0.2.1.27\n\n - work around broken chkconfig by adding dummy\n Default-Start: in -lsb (#647512)\n\n - Fri Nov 26 2010 Enrico Scholz <enrico.scholz at\n informatik.tu-chemnitz.de> - 0.2.1.26-1401\n\n - fixed 'limit' statement in upstart script\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=671259\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-May/060123.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9ba2cee8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected tor package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tor\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"tor-0.2.1.29-1400.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tor\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:52:50", "description": "The remote host is affected by the vulnerability described in GLSA-201110-13\n(Tor: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Tor. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n A remote unauthenticated attacker may be able to execute arbitrary code\n with the privileges of the Tor process or create a Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 21, "published": "2011-10-19T00:00:00", "title": "GLSA-201110-13 : Tor: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0493", "CVE-2011-0016", "CVE-2011-0491", "CVE-2011-1924", "CVE-2011-0492", "CVE-2011-0015", "CVE-2011-0427", "CVE-2011-0490"], "modified": "2011-10-19T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:tor", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201110-13.NASL", "href": "https://www.tenable.com/plugins/nessus/56549", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201110-13.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56549);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-0015\", \"CVE-2011-0016\", \"CVE-2011-0427\", \"CVE-2011-0490\", \"CVE-2011-0491\", \"CVE-2011-0492\", \"CVE-2011-0493\", \"CVE-2011-1924\");\n script_bugtraq_id(45832, 45953, 46618);\n script_xref(name:\"GLSA\", value:\"201110-13\");\n\n script_name(english:\"GLSA-201110-13 : Tor: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201110-13\n(Tor: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Tor. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n A remote unauthenticated attacker may be able to execute arbitrary code\n with the privileges of the Tor process or create a Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201110-13\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Tor users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/tor-0.2.1.30'\n NOTE: This is a legacy GLSA. Updates for all affected architectures are\n available since April 2, 2011. It is likely that your system is already\n no longer affected by this issue.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:tor\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-misc/tor\", unaffected:make_list(\"ge 0.2.1.30\"), vulnerable:make_list(\"lt 0.2.1.30\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Tor\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:46:14", "description": "The developers of Tor, an anonymizing overlay network for TCP, found\nthree security issues during a security audit. A heap overflow allowed\nthe execution of arbitrary code (CVE-2011-0427 ), a denial of service\nvulnerability was found in the zlib compression handling and some key\nmemory was incorrectly zeroed out before being freed. The latter two\nissues do not yet have CVE identifiers assigned. The Debian Security\nTracker will be updated once they're available:\nhttps://security-tracker.debian.org/tracker/source-package/tor", "edition": 18, "published": "2011-01-18T00:00:00", "title": "Debian DSA-2148-1 : tor - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0427"], "modified": "2011-01-18T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:tor", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-2148.NASL", "href": "https://www.tenable.com/plugins/nessus/51559", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2148. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51559);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-0427\");\n script_xref(name:\"DSA\", value:\"2148\");\n\n script_name(english:\"Debian DSA-2148-1 : tor - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The developers of Tor, an anonymizing overlay network for TCP, found\nthree security issues during a security audit. A heap overflow allowed\nthe execution of arbitrary code (CVE-2011-0427 ), a denial of service\nvulnerability was found in the zlib compression handling and some key\nmemory was incorrectly zeroed out before being freed. The latter two\nissues do not yet have CVE identifiers assigned. The Debian Security\nTracker will be updated once they're available:\nhttps://security-tracker.debian.org/tracker/source-package/tor\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0427\"\n );\n # https://security-tracker.debian.org/tracker/source-package/source-package/tor\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f1a39dcf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2148\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tor packages.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 0.2.1.29-1~lenny+1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tor\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"tor\", reference:\"0.2.1.29-1~lenny+1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:41:25", "description": "The Tor Project reports :\n\nA remote heap overflow vulnerability that can allow remote code\nexecution. Other fixes address a variety of assert and crash bugs,\nmost of which we think are hard to exploit remotely. All Tor users\nshould upgrade.", "edition": 24, "published": "2011-01-18T00:00:00", "title": "FreeBSD : tor -- remote code execution and crash (38bdf10e-2293-11e0-bfa4-001676740879)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0427"], "modified": "2011-01-18T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:tor-devel", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:tor"], "id": "FREEBSD_PKG_38BDF10E229311E0BFA4001676740879.NASL", "href": "https://www.tenable.com/plugins/nessus/51560", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51560);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-0427\");\n script_bugtraq_id(45832);\n\n script_name(english:\"FreeBSD : tor -- remote code execution and crash (38bdf10e-2293-11e0-bfa4-001676740879)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Tor Project reports :\n\nA remote heap overflow vulnerability that can allow remote code\nexecution. Other fixes address a variety of assert and crash bugs,\nmost of which we think are hard to exploit remotely. All Tor users\nshould upgrade.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=154099\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://archives.seul.org/or/announce/Jan-2011/msg00000.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://gitweb.torproject.org/tor.git/blob/release-0.2.1:/ChangeLog\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://gitweb.torproject.org/tor.git/blob/release-0.2.2:/ChangeLog\"\n );\n # https://vuxml.freebsd.org/freebsd/38bdf10e-2293-11e0-bfa4-001676740879.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2cab108c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tor-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/01/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"tor<0.2.1.29\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tor-devel<0.2.2.21.a\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:09:42", "description": " - Thu Mar 17 2011 Enrico Scholz <enrico.scholz at\n informatik.tu-chemnitz.de> - 0.2.1.30-1400\n\n - updated to 0.2.1.30\n\n - Mon Jan 17 2011 Enrico Scholz <enrico.scholz at\n informatik.tu-chemnitz.de> - 0.2.1.29-1400\n\n - updated to 0.2.1.29 (SECURITY)\n\n - CVE-2011-0427: heap overflow bug, potential remote\n code execution\n\n - Tue Dec 21 2010 Luke Macken <lmacken at redhat.com> -\n 0.2.1.28-1400\n\n - updated to 0.2.1.28 (SECURITY: fixes a remotely\n exploitable heap overflow bug)\n\n - Fri Nov 26 2010 Enrico Scholz <enrico.scholz at\n informatik.tu-chemnitz.de> - 0.2.1.27-1400\n\n - updated to 0.2.1.27\n\n - work around broken chkconfig by adding dummy\n Default-Start: in -lsb (#647512)\n\n - Fri Nov 26 2010 Enrico Scholz <enrico.scholz at\n informatik.tu-chemnitz.de> - 0.2.1.26-1401\n\n - fixed 'limit' statement in upstart script\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2011-06-07T00:00:00", "title": "Fedora 14 : tor-0.2.1.30-1400.fc14 (2011-7972)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1924", "CVE-2011-0427"], "modified": "2011-06-07T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:14", "p-cpe:/a:fedoraproject:fedora:tor"], "id": "FEDORA_2011-7972.NASL", "href": "https://www.tenable.com/plugins/nessus/54981", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-7972.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(54981);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-1924\");\n script_bugtraq_id(46618);\n script_xref(name:\"FEDORA\", value:\"2011-7972\");\n\n script_name(english:\"Fedora 14 : tor-0.2.1.30-1400.fc14 (2011-7972)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Thu Mar 17 2011 Enrico Scholz <enrico.scholz at\n informatik.tu-chemnitz.de> - 0.2.1.30-1400\n\n - updated to 0.2.1.30\n\n - Mon Jan 17 2011 Enrico Scholz <enrico.scholz at\n informatik.tu-chemnitz.de> - 0.2.1.29-1400\n\n - updated to 0.2.1.29 (SECURITY)\n\n - CVE-2011-0427: heap overflow bug, potential remote\n code execution\n\n - Tue Dec 21 2010 Luke Macken <lmacken at redhat.com> -\n 0.2.1.28-1400\n\n - updated to 0.2.1.28 (SECURITY: fixes a remotely\n exploitable heap overflow bug)\n\n - Fri Nov 26 2010 Enrico Scholz <enrico.scholz at\n informatik.tu-chemnitz.de> - 0.2.1.27-1400\n\n - updated to 0.2.1.27\n\n - work around broken chkconfig by adding dummy\n Default-Start: in -lsb (#647512)\n\n - Fri Nov 26 2010 Enrico Scholz <enrico.scholz at\n informatik.tu-chemnitz.de> - 0.2.1.26-1401\n\n - fixed 'limit' statement in upstart script\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=705194\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-June/061258.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ee118a89\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected tor package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tor\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"tor-0.2.1.30-1400.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tor\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0015", "CVE-2011-0016", "CVE-2011-0427", "CVE-2011-0491", "CVE-2011-0492", "CVE-2011-0493"], "description": "Tor is a connection-based low-latency anonymous communication system. Applications connect to the local Tor proxy using the SOCKS protocol. The local proxy chooses a path through a set of relays, in which each relay knows its predecessor and successor, but no others. Traffic flowing down the circuit is unwrapped by a symmetric key at each relay, which reveals the downstream relay. Warnings: Tor does no protocol cleaning. That means there is a danger that application protocols and associated programs can be induced to reveal information about the initiator. Tor depends on Privoxy and similar protocol cleaners to solve this problem. This is alpha code, and is even more likely than released code to have anonymity-spoiling bugs. The present network is very small -- this further reduces the strength of the anonymity provided. Tor is not presently suitable for high-stakes anonymity. ", "modified": "2011-06-08T23:59:16", "published": "2011-06-08T23:59:16", "id": "FEDORA:32EB810F991", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: tor-0.2.1.29-1300.fc13", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0015", "CVE-2011-0016", "CVE-2011-0427", "CVE-2011-0491", "CVE-2011-0492", "CVE-2011-0493"], "description": "Tor is a connection-based low-latency anonymous communication system. Applications connect to the local Tor proxy using the SOCKS protocol. The local proxy chooses a path through a set of relays, in which each relay knows its predecessor and successor, but no others. Traffic flowing down the circuit is unwrapped by a symmetric key at each relay, which reveals the downstream relay. Warnings: Tor does no protocol cleaning. That means there is a danger that application protocols and associated programs can be induced to reveal information about the initiator. Tor depends on Privoxy and similar protocol cleaners to solve this problem. This is alpha code, and is even more likely than released code to have anonymity-spoiling bugs. The present network is very small -- this further reduces the strength of the anonymity provided. Tor is not presently suitable for high-stakes anonymity. ", "modified": "2011-05-13T23:12:03", "published": "2011-05-13T23:12:03", "id": "FEDORA:7F0061114EB", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: tor-0.2.1.29-1400.fc14", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0427"], "description": "Tor is a connection-based low-latency anonymous communication system. Applications connect to the local Tor proxy using the SOCKS protocol. The local proxy chooses a path through a set of relays, in which each relay knows its predecessor and successor, but no others. Traffic flowing down the circuit is unwrapped by a symmetric key at each relay, which reveals the downstream relay. Warnings: Tor does no protocol cleaning. That means there is a danger that application protocols and associated programs can be induced to reveal information about the initiator. Tor depends on Privoxy and similar protocol cleaners to solve this problem. This is alpha code, and is even more likely than released code to have anonymity-spoiling bugs. The present network is very small -- this further reduces the strength of the anonymity provided. Tor is not presently suitable for high-stakes anonymity. ", "modified": "2011-06-07T04:41:17", "published": "2011-06-07T04:41:17", "id": "FEDORA:2EDC310F8A9", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: tor-0.2.1.30-1400.fc14", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:45", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0493", "CVE-2011-0016", "CVE-2011-0491", "CVE-2011-1924", "CVE-2011-0492", "CVE-2011-0015", "CVE-2011-0427", "CVE-2011-0490"], "edition": 1, "description": "### Background\n\nTor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Tor. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote unauthenticated attacker may be able to execute arbitrary code with the privileges of the Tor process or create a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Tor users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/tor-0.2.1.30\"\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are available since April 2, 2011. It is likely that your system is already no longer affected by this issue.", "modified": "2011-10-18T00:00:00", "published": "2011-10-18T00:00:00", "id": "GLSA-201110-13", "href": "https://security.gentoo.org/glsa/201110-13", "type": "gentoo", "title": "Tor: Multiple vulnerabilities", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:40", "bulletinFamily": "software", "cvelist": ["CVE-2011-0493", "CVE-2011-0016", "CVE-2011-0491", "CVE-2011-1924", "CVE-2011-0492", "CVE-2011-0015", "CVE-2011-0427", "CVE-2011-0490"], "description": "Heap buffer overflow, DoS, key information leak.", "edition": 1, "modified": "2011-10-24T00:00:00", "published": "2011-10-24T00:00:00", "id": "SECURITYVULNS:VULN:11359", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11359", "title": "tor multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:38", "bulletinFamily": "software", "cvelist": ["CVE-2011-0427"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2148-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nJanuary 17, 2011 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : tor\r\nVulnerability : several\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE ID : CVE-2011-0427\r\n\r\nThe developers of Tor, an anonymizing overlay network for TCP, found \r\nthree security issues during a security audit. A heap overflow allowed\r\nthe execution of arbitrary code (CVE-2011-0427), a denial of service\r\nvulnerability was found in the zlib compression handling and some key\r\nmemory was incorrectly zeroed out before being freed. The latter two \r\nissues do not yet have CVE identifiers assigned. The Debian Security\r\nTracker will be updated once they're available:\r\nhttp://security-tracker.debian.org/tracker/source-package/tor\r\n\r\nFor the stable distribution (lenny), this problem has been fixed in\r\nversion 0.2.1.29-1~lenny+1.\r\n\r\nFor the testing distribution (squeeze) and the unstable distribution (sid),\r\nthis problem has been fixed in version 0.2.1.29-1.\r\n\r\nFor the experimental distribution, this problem has been fixed in\r\nversion 0.2.2.21-alpha-1.\r\n\r\nWe recommend that you upgrade your tor packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 (GNU/Linux)\r\n\r\niEYEARECAAYFAk00jUQACgkQXm3vHE4uylpElQCdGeCpaq6kGaUtHXwyKbj4WjMe\r\nUk0AoLm9PBi6oSAqFsicw4h6M9y6gCha\r\n=NFbb\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2011-01-19T00:00:00", "published": "2011-01-19T00:00:00", "id": "SECURITYVULNS:DOC:25506", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25506", "title": "[SECURITY] [DSA 2148-1] Security update for tor", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cve": [{"lastseen": "2020-12-09T19:39:04", "description": "Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha might allow remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors related to malformed router caches and improper handling of integer values.", "edition": 5, "cvss3": {}, "published": "2011-01-19T12:00:00", "title": "CVE-2011-0493", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0493"], "modified": "2017-08-17T01:33:00", "cpe": ["cpe:/a:tor:tor:0.2.0.9", "cpe:/a:tor:tor:0.1.0.3", "cpe:/a:tor:tor:0.2.2.1", "cpe:/a:tor:tor:0.1.2.30", "cpe:/a:tor:tor:0.2.0.6", "cpe:/a:tor:tor:0.2.1.23", "cpe:/a:tor:tor:0.1.1.14", "cpe:/a:tor:tor:0.1.0.9", "cpe:/a:tor:tor:0.0.9.6", "cpe:/a:tor:tor:0.1.0.10", "cpe:/a:tor:tor:0.0.2_pre20", "cpe:/a:tor:tor:0.1.2.17", "cpe:/a:tor:tor:0.2.0.1", "cpe:/a:tor:tor:0.0.2_pre19", "cpe:/a:tor:tor:0.2.1.13", "cpe:/a:tor:tor:0.0.9.8", "cpe:/a:tor:tor:0.2.0.22", "cpe:/a:tor:tor:0.1.0.14", "cpe:/a:tor:tor:0.2.0.35", "cpe:/a:tor:tor:0.2.0.19", "cpe:/a:tor:tor:0.2.2.7", "cpe:/a:tor:tor:0.2.1.2", "cpe:/a:tor:tor:0.2.2.9", "cpe:/a:tor:tor:0.2.1.8", "cpe:/a:tor:tor:0.1.0.15", "cpe:/a:tor:tor:0.1.1.6", "cpe:/a:tor:tor:0.0.2_pre26", "cpe:/a:tor:tor:0.0.9.2", "cpe:/a:tor:tor:0.0.9", "cpe:/a:tor:tor:0.2.2.13", "cpe:/a:tor:tor:0.2.1.4", "cpe:/a:tor:tor:0.2.0.27", "cpe:/a:tor:tor:0.0.7.1", "cpe:/a:tor:tor:0.1.0.2", "cpe:/a:tor:tor:0.2.2.2", "cpe:/a:tor:tor:0.0.9.1", "cpe:/a:tor:tor:0.2.2.11", "cpe:/a:tor:tor:0.0.9.7", "cpe:/a:tor:tor:0.2.1.12", "cpe:/a:tor:tor:0.2.1.25", "cpe:/a:tor:tor:0.1.1.9", "cpe:/a:tor:tor:0.2.1.14", "cpe:/a:tor:tor:0.2.0.16", "cpe:/a:tor:tor:0.2.2.17", "cpe:/a:tor:tor:0.2.0.8", "cpe:/a:tor:tor:0.0.2_pre21", "cpe:/a:tor:tor:0.1.1.1", "cpe:/a:tor:tor:0.2.2.10", "cpe:/a:tor:tor:0.1.1.25", "cpe:/a:tor:tor:0.2.2.8", "cpe:/a:tor:tor:0.1.2.7", "cpe:/a:tor:tor:0.1.1.26", "cpe:/a:tor:tor:0.0.2_pre14", "cpe:/a:tor:tor:0.0.3", "cpe:/a:tor:tor:0.0.2_pre15", "cpe:/a:tor:tor:0.0.9.4", "cpe:/a:tor:tor:0.1.2.6", "cpe:/a:tor:tor:0.2.1.7", "cpe:/a:tor:tor:0.0.8.1", "cpe:/a:tor:tor:0.0.6.1", "cpe:/a:tor:tor:0.1.2.15", "cpe:/a:tor:tor:0.1.1.13", "cpe:/a:tor:tor:0.1.1.3", "cpe:/a:tor:tor:0.2.0.34", "cpe:/a:tor:tor:0.1.1.19", "cpe:/a:tor:tor:0.2.0.13", "cpe:/a:tor:tor:0.0.9.5", "cpe:/a:tor:tor:0.2.2.14", "cpe:/a:tor:tor:0.2.0.21", "cpe:/a:tor:tor:0.2.0.12", "cpe:/a:tor:tor:0.1.1.16", "cpe:/a:tor:tor:0.1.2.3", "cpe:/a:tor:tor:0.2.2.20", "cpe:/a:tor:tor:0.0.2", "cpe:/a:tor:tor:0.0.9.10", "cpe:/a:tor:tor:0.2.1.5", "cpe:/a:tor:tor:0.2.0.3", "cpe:/a:tor:tor:0.1.1.12", "cpe:/a:tor:tor:0.2.1.20", "cpe:/a:tor:tor:0.0.9.9", "cpe:/a:tor:tor:0.1.0.7", "cpe:/a:tor:tor:0.1.1.20", "cpe:/a:tor:tor:0.0.2_pre16", "cpe:/a:tor:tor:0.2.0.33", "cpe:/a:tor:tor:0.2.2.19", "cpe:/a:tor:tor:0.2.1.15", "cpe:/a:tor:tor:0.1.1.8", "cpe:/a:tor:tor:0.1.1.5", "cpe:/a:tor:tor:0.2.0.24", "cpe:/a:tor:tor:0.1.0.5", "cpe:/a:tor:tor:0.1.0.8", "cpe:/a:tor:tor:0.2.1.16", "cpe:/a:tor:tor:0.1.0.16", "cpe:/a:tor:tor:0.1.1.23", "cpe:/a:tor:tor:0.2.0.18", "cpe:/a:tor:tor:0.1.0.13", "cpe:/a:tor:tor:0.1.1.7", "cpe:/a:tor:tor:0.2.2.16", "cpe:/a:tor:tor:0.2.1.17", "cpe:/a:tor:tor:0.0.2_pre13", "cpe:/a:tor:tor:0.2.0.4", "cpe:/a:tor:tor:0.2.1.6", "cpe:/a:tor:tor:0.0.8", "cpe:/a:tor:tor:0.1.0.4", "cpe:/a:tor:tor:0.2.0.32", "cpe:/a:tor:tor:0.0.2_pre23", "cpe:/a:tor:tor:0.1.2.14", "cpe:/a:tor:tor:0.1.2.18", "cpe:/a:tor:tor:0.0.6.2", "cpe:/a:tor:tor:0.2.2.15", "cpe:/a:tor:tor:0.2.0.30", "cpe:/a:tor:tor:0.0.7.3", "cpe:/a:tor:tor:0.2.1.27", "cpe:/a:tor:tor:0.1.1.15", "cpe:/a:tor:tor:0.2.2.12", "cpe:/a:tor:tor:0.1.1.11", "cpe:/a:tor:tor:0.1.0.17", "cpe:/a:tor:tor:0.1.1.21", "cpe:/a:tor:tor:0.2.0.2", "cpe:/a:tor:tor:0.1.2.10", "cpe:/a:tor:tor:0.2.2.5", "cpe:/a:tor:tor:0.1.1.10", "cpe:/a:tor:tor:0.1.2.16", "cpe:/a:tor:tor:0.2.1.26", "cpe:/a:tor:tor:0.1.1.2", "cpe:/a:tor:tor:0.0.2_pre27", "cpe:/a:tor:tor:0.1.1", "cpe:/a:tor:tor:0.1.1.22", "cpe:/a:tor:tor:0.2.1.10", "cpe:/a:tor:tor:0.2.1.1", "cpe:/a:tor:tor:0.0.2_pre18", "cpe:/a:tor:tor:0.2.0.20", "cpe:/a:tor:tor:0.2.0.7", "cpe:/a:tor:tor:0.1.2.4", "cpe:/a:tor:tor:0.2.1.11", "cpe:/a:tor:tor:0.1.2.11", "cpe:/a:tor:tor:0.1.2.1", "cpe:/a:tor:tor:0.2.1.9", "cpe:/a:tor:tor:0.0.7", "cpe:/a:tor:tor:0.1.2.9", "cpe:/a:tor:tor:0.0.2_pre22", "cpe:/a:tor:tor:0.0.9.3", "cpe:/a:tor:tor:0.2.0.14", "cpe:/a:tor:tor:0.2.2.18", "cpe:/a:tor:tor:0.2.2.3", "cpe:/a:tor:tor:0.2.1.21", "cpe:/a:tor:tor:0.2.0.31", "cpe:/a:tor:tor:0.0.2_pre25", "cpe:/a:tor:tor:0.2.1.18", "cpe:/a:tor:tor:0.0.2_pre17", "cpe:/a:tor:tor:0.1.0.12", "cpe:/a:tor:tor:0.2.1.22", "cpe:/a:tor:tor:0.1.2.31", "cpe:/a:tor:tor:0.0.4", "cpe:/a:tor:tor:0.1.0.11", "cpe:/a:tor:tor:0.2.0.10", "cpe:/a:tor:tor:0.1.1.4", "cpe:/a:tor:tor:0.2.2.4", "cpe:/a:tor:tor:0.2.0.29", "cpe:/a:tor:tor:0.2.1.3", "cpe:/a:tor:tor:0.1.2.8", "cpe:/a:tor:tor:0.1.2.5", "cpe:/a:tor:tor:0.2.2.6", "cpe:/a:tor:tor:0.0.6", "cpe:/a:tor:tor:0.2.0.23", "cpe:/a:tor:tor:0.2.1.19", "cpe:/a:tor:tor:0.1.2.19", "cpe:/a:tor:tor:0.2.0.11", "cpe:/a:tor:tor:0.2.0.5", "cpe:/a:tor:tor:0.2.0.26", "cpe:/a:tor:tor:0.1.0.6", "cpe:/a:tor:tor:0.2.1.24", "cpe:/a:tor:tor:0.2.0.17", "cpe:/a:tor:tor:0.0.2_pre24", "cpe:/a:tor:tor:0.1.2.13", "cpe:/a:tor:tor:0.1.1.18", "cpe:/a:tor:tor:0.1.0.1", "cpe:/a:tor:tor:0.2.0.28", "cpe:/a:tor:tor:0.2.0.15", "cpe:/a:tor:tor:0.1.1.17", "cpe:/a:tor:tor:0.2.1.28", "cpe:/a:tor:tor:0.2.0.25", "cpe:/a:tor:tor:0.0.7.2", "cpe:/a:tor:tor:0.0.5", "cpe:/a:tor:tor:0.1.2.12", "cpe:/a:tor:tor:0.1.2.2"], "id": "CVE-2011-0493", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0493", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:tor:tor:0.0.2_pre26:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.20:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre23:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.13:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.13:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.12:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.5:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.6:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre15:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.22:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.20:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.21:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.8:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre19:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.10:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.4:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.6:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre27:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.9:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.19:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.17:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.5:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.28:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.31:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.22:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.23:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.30:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.18:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.25:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.21:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.4:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.8:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre24:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.11:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.5:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.29:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.12:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.4:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre22:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.18:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.19:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.23:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.22:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.34:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.27:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.31:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.14:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.10:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.10:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.20:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.14:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.19:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.26:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.28:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.3:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.21:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.16:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre20:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.6:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.24:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.24:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.18:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.9:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.14:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.12:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre13:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.8:beta:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre14:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.27:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.20:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre25:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.8:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.13:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.26:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.15:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.25:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.17:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre18:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.8:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.25:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.26:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.7:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.10:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.4:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.23:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.15:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre17:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.11:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.16:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.1:alpha-cvs:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.3:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.5:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.11:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.9:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.15:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre16:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.30:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.8:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.6:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.9:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.6:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.6:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.32:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.16:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.3:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.5:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.3:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre21:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.10:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.9:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.4:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.17:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.3:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.5:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.18:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:39:04", "description": "The tor_realloc function in Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not validate a certain size value during memory allocation, which might allow remote attackers to cause a denial of service (daemon crash) via unspecified vectors, related to \"underflow errors.\"", "edition": 5, "cvss3": {}, "published": "2011-01-19T12:00:00", "title": "CVE-2011-0491", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0491"], "modified": "2017-08-17T01:33:00", "cpe": ["cpe:/a:tor:tor:0.2.0.9", "cpe:/a:tor:tor:0.1.0.3", "cpe:/a:tor:tor:0.2.2.1", "cpe:/a:tor:tor:0.1.2.30", "cpe:/a:tor:tor:0.2.0.6", "cpe:/a:tor:tor:0.2.1.23", "cpe:/a:tor:tor:0.1.1.14", "cpe:/a:tor:tor:0.1.0.9", "cpe:/a:tor:tor:0.0.9.6", "cpe:/a:tor:tor:0.1.0.10", "cpe:/a:tor:tor:0.0.2_pre20", "cpe:/a:tor:tor:0.1.2.17", "cpe:/a:tor:tor:0.2.0.1", "cpe:/a:tor:tor:0.0.2_pre19", "cpe:/a:tor:tor:0.2.1.13", "cpe:/a:tor:tor:0.0.9.8", "cpe:/a:tor:tor:0.2.0.22", "cpe:/a:tor:tor:0.1.0.14", "cpe:/a:tor:tor:0.2.0.35", "cpe:/a:tor:tor:0.2.0.19", "cpe:/a:tor:tor:0.2.2.7", "cpe:/a:tor:tor:0.2.1.2", "cpe:/a:tor:tor:0.2.2.9", "cpe:/a:tor:tor:0.2.1.8", "cpe:/a:tor:tor:0.1.0.15", "cpe:/a:tor:tor:0.1.1.6", "cpe:/a:tor:tor:0.0.2_pre26", "cpe:/a:tor:tor:0.0.9.2", "cpe:/a:tor:tor:0.0.9", "cpe:/a:tor:tor:0.2.2.13", "cpe:/a:tor:tor:0.2.1.4", "cpe:/a:tor:tor:0.2.0.27", "cpe:/a:tor:tor:0.0.7.1", "cpe:/a:tor:tor:0.1.0.2", "cpe:/a:tor:tor:0.2.2.2", "cpe:/a:tor:tor:0.0.9.1", "cpe:/a:tor:tor:0.2.2.11", "cpe:/a:tor:tor:0.0.9.7", "cpe:/a:tor:tor:0.2.1.12", "cpe:/a:tor:tor:0.2.1.25", "cpe:/a:tor:tor:0.1.1.9", "cpe:/a:tor:tor:0.2.1.14", "cpe:/a:tor:tor:0.2.0.16", "cpe:/a:tor:tor:0.2.2.17", "cpe:/a:tor:tor:0.2.0.8", "cpe:/a:tor:tor:0.0.2_pre21", "cpe:/a:tor:tor:0.1.1.1", "cpe:/a:tor:tor:0.2.2.10", "cpe:/a:tor:tor:0.1.1.25", "cpe:/a:tor:tor:0.2.2.8", "cpe:/a:tor:tor:0.1.2.7", "cpe:/a:tor:tor:0.1.1.26", "cpe:/a:tor:tor:0.0.2_pre14", "cpe:/a:tor:tor:0.0.3", "cpe:/a:tor:tor:0.0.2_pre15", "cpe:/a:tor:tor:0.0.9.4", "cpe:/a:tor:tor:0.1.2.6", "cpe:/a:tor:tor:0.2.1.7", "cpe:/a:tor:tor:0.0.8.1", "cpe:/a:tor:tor:0.0.6.1", "cpe:/a:tor:tor:0.1.2.15", "cpe:/a:tor:tor:0.1.1.13", "cpe:/a:tor:tor:0.1.1.3", "cpe:/a:tor:tor:0.2.0.34", "cpe:/a:tor:tor:0.1.1.19", "cpe:/a:tor:tor:0.2.0.13", "cpe:/a:tor:tor:0.0.9.5", "cpe:/a:tor:tor:0.2.2.14", "cpe:/a:tor:tor:0.2.0.21", "cpe:/a:tor:tor:0.2.0.12", "cpe:/a:tor:tor:0.1.1.16", "cpe:/a:tor:tor:0.1.2.3", "cpe:/a:tor:tor:0.2.2.20", "cpe:/a:tor:tor:0.0.2", "cpe:/a:tor:tor:0.0.9.10", "cpe:/a:tor:tor:0.2.1.5", "cpe:/a:tor:tor:0.2.0.3", "cpe:/a:tor:tor:0.1.1.12", "cpe:/a:tor:tor:0.2.1.20", "cpe:/a:tor:tor:0.0.9.9", "cpe:/a:tor:tor:0.1.0.7", "cpe:/a:tor:tor:0.1.1.20", "cpe:/a:tor:tor:0.0.2_pre16", "cpe:/a:tor:tor:0.2.0.33", "cpe:/a:tor:tor:0.2.2.19", "cpe:/a:tor:tor:0.2.1.15", "cpe:/a:tor:tor:0.1.1.8", "cpe:/a:tor:tor:0.1.1.5", "cpe:/a:tor:tor:0.2.0.24", "cpe:/a:tor:tor:0.1.0.5", "cpe:/a:tor:tor:0.1.0.8", "cpe:/a:tor:tor:0.2.1.16", "cpe:/a:tor:tor:0.1.0.16", "cpe:/a:tor:tor:0.1.1.23", "cpe:/a:tor:tor:0.2.0.18", "cpe:/a:tor:tor:0.1.0.13", "cpe:/a:tor:tor:0.1.1.7", "cpe:/a:tor:tor:0.2.2.16", "cpe:/a:tor:tor:0.2.1.17", "cpe:/a:tor:tor:0.0.2_pre13", "cpe:/a:tor:tor:0.2.0.4", "cpe:/a:tor:tor:0.2.1.6", "cpe:/a:tor:tor:0.0.8", "cpe:/a:tor:tor:0.1.0.4", "cpe:/a:tor:tor:0.2.0.32", "cpe:/a:tor:tor:0.0.2_pre23", "cpe:/a:tor:tor:0.1.2.14", "cpe:/a:tor:tor:0.1.2.18", "cpe:/a:tor:tor:0.0.6.2", "cpe:/a:tor:tor:0.2.2.15", "cpe:/a:tor:tor:0.2.0.30", "cpe:/a:tor:tor:0.0.7.3", "cpe:/a:tor:tor:0.2.1.27", "cpe:/a:tor:tor:0.1.1.15", "cpe:/a:tor:tor:0.2.2.12", "cpe:/a:tor:tor:0.1.1.11", "cpe:/a:tor:tor:0.1.0.17", "cpe:/a:tor:tor:0.1.1.21", "cpe:/a:tor:tor:0.2.0.2", "cpe:/a:tor:tor:0.1.2.10", "cpe:/a:tor:tor:0.2.2.5", "cpe:/a:tor:tor:0.1.1.10", "cpe:/a:tor:tor:0.1.2.16", "cpe:/a:tor:tor:0.2.1.26", "cpe:/a:tor:tor:0.1.1.2", "cpe:/a:tor:tor:0.0.2_pre27", "cpe:/a:tor:tor:0.1.1", "cpe:/a:tor:tor:0.1.1.22", "cpe:/a:tor:tor:0.2.1.10", "cpe:/a:tor:tor:0.2.1.1", "cpe:/a:tor:tor:0.0.2_pre18", "cpe:/a:tor:tor:0.2.0.20", "cpe:/a:tor:tor:0.2.0.7", "cpe:/a:tor:tor:0.1.2.4", "cpe:/a:tor:tor:0.2.1.11", "cpe:/a:tor:tor:0.1.2.11", "cpe:/a:tor:tor:0.1.2.1", "cpe:/a:tor:tor:0.2.1.9", "cpe:/a:tor:tor:0.0.7", "cpe:/a:tor:tor:0.1.2.9", "cpe:/a:tor:tor:0.0.2_pre22", "cpe:/a:tor:tor:0.0.9.3", "cpe:/a:tor:tor:0.2.0.14", "cpe:/a:tor:tor:0.2.2.18", "cpe:/a:tor:tor:0.2.2.3", "cpe:/a:tor:tor:0.2.1.21", "cpe:/a:tor:tor:0.2.0.31", "cpe:/a:tor:tor:0.0.2_pre25", "cpe:/a:tor:tor:0.2.1.18", "cpe:/a:tor:tor:0.0.2_pre17", "cpe:/a:tor:tor:0.1.0.12", "cpe:/a:tor:tor:0.2.1.22", "cpe:/a:tor:tor:0.1.2.31", "cpe:/a:tor:tor:0.0.4", "cpe:/a:tor:tor:0.1.0.11", "cpe:/a:tor:tor:0.2.0.10", "cpe:/a:tor:tor:0.1.1.4", "cpe:/a:tor:tor:0.2.2.4", "cpe:/a:tor:tor:0.2.0.29", "cpe:/a:tor:tor:0.2.1.3", "cpe:/a:tor:tor:0.1.2.8", "cpe:/a:tor:tor:0.1.2.5", "cpe:/a:tor:tor:0.2.2.6", "cpe:/a:tor:tor:0.0.6", "cpe:/a:tor:tor:0.2.0.23", "cpe:/a:tor:tor:0.2.1.19", "cpe:/a:tor:tor:0.1.2.19", "cpe:/a:tor:tor:0.2.0.11", "cpe:/a:tor:tor:0.2.0.5", "cpe:/a:tor:tor:0.2.0.26", "cpe:/a:tor:tor:0.1.0.6", "cpe:/a:tor:tor:0.2.1.24", "cpe:/a:tor:tor:0.2.0.17", "cpe:/a:tor:tor:0.0.2_pre24", "cpe:/a:tor:tor:0.1.2.13", "cpe:/a:tor:tor:0.1.1.18", "cpe:/a:tor:tor:0.1.0.1", "cpe:/a:tor:tor:0.2.0.28", "cpe:/a:tor:tor:0.2.0.15", "cpe:/a:tor:tor:0.1.1.17", "cpe:/a:tor:tor:0.2.1.28", "cpe:/a:tor:tor:0.2.0.25", "cpe:/a:tor:tor:0.0.7.2", "cpe:/a:tor:tor:0.0.5", "cpe:/a:tor:tor:0.1.2.12", "cpe:/a:tor:tor:0.1.2.2"], "id": "CVE-2011-0491", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0491", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:tor:tor:0.0.2_pre26:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.20:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre23:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.13:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.13:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.12:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.5:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.6:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre15:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.22:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.20:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.21:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.8:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre19:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.10:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.4:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.6:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre27:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.9:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.19:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.17:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.5:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.28:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.31:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.22:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.23:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.30:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.18:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.25:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.21:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.4:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.8:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre24:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.11:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.5:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.29:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.12:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.4:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre22:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.18:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.19:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.23:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.22:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.34:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.27:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.31:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.14:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.10:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.10:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.20:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.14:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.19:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.26:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.28:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.3:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.21:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.16:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre20:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.6:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.24:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.24:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.18:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.9:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.14:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.12:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre13:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.8:beta:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre14:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.27:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.20:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre25:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.8:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.13:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.26:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.15:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.25:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.17:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre18:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.8:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.25:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.26:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.7:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.10:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.4:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.23:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.15:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre17:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.11:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.16:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.1:alpha-cvs:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.3:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.5:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.11:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.9:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.15:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre16:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.30:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.8:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.6:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.9:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.6:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.6:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.32:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.16:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.3:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.5:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.3:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre21:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.10:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.9:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.4:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.17:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.3:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.5:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.18:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:39:04", "description": "Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha makes calls to Libevent within Libevent log handlers, which might allow remote attackers to cause a denial of service (daemon crash) via vectors that trigger certain log messages.", "edition": 5, "cvss3": {}, "published": "2011-01-19T12:00:00", "title": "CVE-2011-0490", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0490"], "modified": "2017-08-17T01:33:00", "cpe": ["cpe:/a:tor:tor:0.2.0.9", "cpe:/a:tor:tor:0.1.0.3", "cpe:/a:tor:tor:0.2.2.1", "cpe:/a:tor:tor:0.1.2.30", "cpe:/a:tor:tor:0.2.0.6", "cpe:/a:tor:tor:0.2.1.23", "cpe:/a:tor:tor:0.1.1.14", "cpe:/a:tor:tor:0.1.0.9", "cpe:/a:tor:tor:0.0.9.6", "cpe:/a:tor:tor:0.1.0.10", "cpe:/a:tor:tor:0.0.2_pre20", "cpe:/a:tor:tor:0.1.2.17", "cpe:/a:tor:tor:0.2.0.1", "cpe:/a:tor:tor:0.0.2_pre19", "cpe:/a:tor:tor:0.2.1.13", "cpe:/a:tor:tor:0.0.9.8", "cpe:/a:tor:tor:0.2.0.22", "cpe:/a:tor:tor:0.1.0.14", "cpe:/a:tor:tor:0.2.0.35", "cpe:/a:tor:tor:0.2.0.19", "cpe:/a:tor:tor:0.2.2.7", "cpe:/a:tor:tor:0.2.1.2", "cpe:/a:tor:tor:0.2.2.9", "cpe:/a:tor:tor:0.2.1.8", "cpe:/a:tor:tor:0.1.0.15", "cpe:/a:tor:tor:0.1.1.6", "cpe:/a:tor:tor:0.0.2_pre26", "cpe:/a:tor:tor:0.0.9.2", "cpe:/a:tor:tor:0.0.9", "cpe:/a:tor:tor:0.2.2.13", "cpe:/a:tor:tor:0.2.1.4", "cpe:/a:tor:tor:0.2.0.27", "cpe:/a:tor:tor:0.0.7.1", "cpe:/a:tor:tor:0.1.0.2", "cpe:/a:tor:tor:0.2.2.2", "cpe:/a:tor:tor:0.0.9.1", "cpe:/a:tor:tor:0.2.2.11", "cpe:/a:tor:tor:0.0.9.7", "cpe:/a:tor:tor:0.2.1.12", "cpe:/a:tor:tor:0.2.1.25", "cpe:/a:tor:tor:0.1.1.9", "cpe:/a:tor:tor:0.2.1.14", "cpe:/a:tor:tor:0.2.0.16", "cpe:/a:tor:tor:0.2.2.17", "cpe:/a:tor:tor:0.2.0.8", "cpe:/a:tor:tor:0.0.2_pre21", "cpe:/a:tor:tor:0.1.1.1", "cpe:/a:tor:tor:0.2.2.10", "cpe:/a:tor:tor:0.1.1.25", "cpe:/a:tor:tor:0.2.2.8", "cpe:/a:tor:tor:0.1.2.7", "cpe:/a:tor:tor:0.1.1.26", "cpe:/a:tor:tor:0.0.2_pre14", "cpe:/a:tor:tor:0.0.3", "cpe:/a:tor:tor:0.0.2_pre15", "cpe:/a:tor:tor:0.0.9.4", "cpe:/a:tor:tor:0.1.2.6", "cpe:/a:tor:tor:0.2.1.7", "cpe:/a:tor:tor:0.0.8.1", "cpe:/a:tor:tor:0.0.6.1", "cpe:/a:tor:tor:0.1.2.15", "cpe:/a:tor:tor:0.1.1.13", "cpe:/a:tor:tor:0.1.1.3", "cpe:/a:tor:tor:0.2.0.34", "cpe:/a:tor:tor:0.1.1.19", "cpe:/a:tor:tor:0.2.0.13", "cpe:/a:tor:tor:0.0.9.5", "cpe:/a:tor:tor:0.2.2.14", "cpe:/a:tor:tor:0.2.0.21", "cpe:/a:tor:tor:0.2.0.12", "cpe:/a:tor:tor:0.1.1.16", "cpe:/a:tor:tor:0.1.2.3", "cpe:/a:tor:tor:0.2.2.20", "cpe:/a:tor:tor:0.0.2", "cpe:/a:tor:tor:0.0.9.10", "cpe:/a:tor:tor:0.2.1.5", "cpe:/a:tor:tor:0.2.0.3", "cpe:/a:tor:tor:0.1.1.12", "cpe:/a:tor:tor:0.2.1.20", "cpe:/a:tor:tor:0.0.9.9", "cpe:/a:tor:tor:0.1.0.7", "cpe:/a:tor:tor:0.1.1.20", "cpe:/a:tor:tor:0.0.2_pre16", "cpe:/a:tor:tor:0.2.0.33", "cpe:/a:tor:tor:0.2.2.19", "cpe:/a:tor:tor:0.2.1.15", "cpe:/a:tor:tor:0.1.1.8", "cpe:/a:tor:tor:0.1.1.5", "cpe:/a:tor:tor:0.2.0.24", "cpe:/a:tor:tor:0.1.0.5", "cpe:/a:tor:tor:0.1.0.8", "cpe:/a:tor:tor:0.2.1.16", "cpe:/a:tor:tor:0.1.0.16", "cpe:/a:tor:tor:0.1.1.23", "cpe:/a:tor:tor:0.2.0.18", "cpe:/a:tor:tor:0.1.0.13", "cpe:/a:tor:tor:0.1.1.7", "cpe:/a:tor:tor:0.2.2.16", "cpe:/a:tor:tor:0.2.1.17", "cpe:/a:tor:tor:0.0.2_pre13", "cpe:/a:tor:tor:0.2.0.4", "cpe:/a:tor:tor:0.2.1.6", "cpe:/a:tor:tor:0.0.8", "cpe:/a:tor:tor:0.1.0.4", "cpe:/a:tor:tor:0.2.0.32", "cpe:/a:tor:tor:0.0.2_pre23", "cpe:/a:tor:tor:0.1.2.14", "cpe:/a:tor:tor:0.1.2.18", "cpe:/a:tor:tor:0.0.6.2", "cpe:/a:tor:tor:0.2.2.15", "cpe:/a:tor:tor:0.2.0.30", "cpe:/a:tor:tor:0.0.7.3", "cpe:/a:tor:tor:0.2.1.27", "cpe:/a:tor:tor:0.1.1.15", "cpe:/a:tor:tor:0.2.2.12", "cpe:/a:tor:tor:0.1.1.11", "cpe:/a:tor:tor:0.1.0.17", "cpe:/a:tor:tor:0.1.1.21", "cpe:/a:tor:tor:0.2.0.2", "cpe:/a:tor:tor:0.1.2.10", "cpe:/a:tor:tor:0.2.2.5", "cpe:/a:tor:tor:0.1.1.10", "cpe:/a:tor:tor:0.1.2.16", "cpe:/a:tor:tor:0.2.1.26", "cpe:/a:tor:tor:0.1.1.2", "cpe:/a:tor:tor:0.0.2_pre27", "cpe:/a:tor:tor:0.1.1", "cpe:/a:tor:tor:0.1.1.22", "cpe:/a:tor:tor:0.2.1.10", "cpe:/a:tor:tor:0.2.1.1", "cpe:/a:tor:tor:0.0.2_pre18", "cpe:/a:tor:tor:0.2.0.20", "cpe:/a:tor:tor:0.2.0.7", "cpe:/a:tor:tor:0.1.2.4", "cpe:/a:tor:tor:0.2.1.11", "cpe:/a:tor:tor:0.1.2.11", "cpe:/a:tor:tor:0.1.2.1", "cpe:/a:tor:tor:0.2.1.9", "cpe:/a:tor:tor:0.0.7", "cpe:/a:tor:tor:0.1.2.9", "cpe:/a:tor:tor:0.0.2_pre22", "cpe:/a:tor:tor:0.0.9.3", "cpe:/a:tor:tor:0.2.0.14", "cpe:/a:tor:tor:0.2.2.18", "cpe:/a:tor:tor:0.2.2.3", "cpe:/a:tor:tor:0.2.1.21", "cpe:/a:tor:tor:0.2.0.31", "cpe:/a:tor:tor:0.0.2_pre25", "cpe:/a:tor:tor:0.2.1.18", "cpe:/a:tor:tor:0.0.2_pre17", "cpe:/a:tor:tor:0.1.0.12", "cpe:/a:tor:tor:0.2.1.22", "cpe:/a:tor:tor:0.1.2.31", "cpe:/a:tor:tor:0.0.4", "cpe:/a:tor:tor:0.1.0.11", "cpe:/a:tor:tor:0.2.0.10", "cpe:/a:tor:tor:0.1.1.4", "cpe:/a:tor:tor:0.2.2.4", "cpe:/a:tor:tor:0.2.0.29", "cpe:/a:tor:tor:0.2.1.3", "cpe:/a:tor:tor:0.1.2.8", "cpe:/a:tor:tor:0.1.2.5", "cpe:/a:tor:tor:0.2.2.6", "cpe:/a:tor:tor:0.0.6", "cpe:/a:tor:tor:0.2.0.23", "cpe:/a:tor:tor:0.2.1.19", "cpe:/a:tor:tor:0.1.2.19", "cpe:/a:tor:tor:0.2.0.11", "cpe:/a:tor:tor:0.2.0.5", "cpe:/a:tor:tor:0.2.0.26", "cpe:/a:tor:tor:0.1.0.6", "cpe:/a:tor:tor:0.2.1.24", "cpe:/a:tor:tor:0.2.0.17", "cpe:/a:tor:tor:0.0.2_pre24", "cpe:/a:tor:tor:0.1.2.13", "cpe:/a:tor:tor:0.1.1.18", "cpe:/a:tor:tor:0.1.0.1", "cpe:/a:tor:tor:0.2.0.28", "cpe:/a:tor:tor:0.2.0.15", "cpe:/a:tor:tor:0.1.1.17", "cpe:/a:tor:tor:0.2.1.28", "cpe:/a:tor:tor:0.2.0.25", "cpe:/a:tor:tor:0.0.7.2", "cpe:/a:tor:tor:0.0.5", "cpe:/a:tor:tor:0.1.2.12", "cpe:/a:tor:tor:0.1.2.2"], "id": "CVE-2011-0490", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0490", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:tor:tor:0.0.2_pre26:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.20:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre23:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.13:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.13:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.12:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.5:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.6:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre15:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.22:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.20:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.21:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.8:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre19:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.10:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.4:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.6:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre27:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.9:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.19:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.17:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.5:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.28:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.31:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.22:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.23:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.30:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.18:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.25:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.21:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.4:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.8:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre24:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.11:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.5:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.29:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.12:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.4:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre22:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.18:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.19:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.23:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.22:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.34:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.27:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.31:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.14:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.10:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.10:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.20:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.14:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.19:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.26:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.28:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.3:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.21:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.16:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre20:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.6:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.24:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.24:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.18:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.9:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.14:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.12:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre13:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.8:beta:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre14:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.27:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.20:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre25:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.8:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.13:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.26:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.15:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.25:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.17:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre18:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.8:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.25:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.26:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.7:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.10:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.4:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.23:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.15:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre17:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.11:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.16:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.1:alpha-cvs:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.3:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.5:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.11:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.9:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.15:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre16:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.30:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.8:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.6:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.9:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.6:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.6:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.32:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.16:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.3:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.5:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.3:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre21:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.10:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.9:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.4:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.17:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.3:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.5:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.18:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:39:04", "description": "Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote attackers to cause a denial of service (assertion failure and daemon exit) via blobs that trigger a certain file size, as demonstrated by the cached-descriptors.new file.", "edition": 5, "cvss3": {}, "published": "2011-01-19T12:00:00", "title": "CVE-2011-0492", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0492"], "modified": "2017-08-17T01:33:00", "cpe": ["cpe:/a:tor:tor:0.2.0.9", "cpe:/a:tor:tor:0.1.0.3", "cpe:/a:tor:tor:0.2.2.1", "cpe:/a:tor:tor:0.1.2.30", "cpe:/a:tor:tor:0.2.0.6", "cpe:/a:tor:tor:0.2.1.23", "cpe:/a:tor:tor:0.1.1.14", "cpe:/a:tor:tor:0.1.0.9", "cpe:/a:tor:tor:0.0.9.6", "cpe:/a:tor:tor:0.1.0.10", "cpe:/a:tor:tor:0.0.2_pre20", "cpe:/a:tor:tor:0.1.2.17", "cpe:/a:tor:tor:0.2.0.1", "cpe:/a:tor:tor:0.0.2_pre19", "cpe:/a:tor:tor:0.2.1.13", "cpe:/a:tor:tor:0.0.9.8", "cpe:/a:tor:tor:0.2.0.22", "cpe:/a:tor:tor:0.1.0.14", "cpe:/a:tor:tor:0.2.0.35", "cpe:/a:tor:tor:0.2.0.19", "cpe:/a:tor:tor:0.2.2.7", "cpe:/a:tor:tor:0.2.1.2", "cpe:/a:tor:tor:0.2.2.9", "cpe:/a:tor:tor:0.2.1.8", "cpe:/a:tor:tor:0.1.0.15", "cpe:/a:tor:tor:0.1.1.6", "cpe:/a:tor:tor:0.0.2_pre26", "cpe:/a:tor:tor:0.0.9.2", "cpe:/a:tor:tor:0.0.9", "cpe:/a:tor:tor:0.2.2.13", "cpe:/a:tor:tor:0.2.1.4", "cpe:/a:tor:tor:0.2.0.27", "cpe:/a:tor:tor:0.0.7.1", "cpe:/a:tor:tor:0.1.0.2", "cpe:/a:tor:tor:0.2.2.2", "cpe:/a:tor:tor:0.0.9.1", "cpe:/a:tor:tor:0.2.2.11", "cpe:/a:tor:tor:0.0.9.7", "cpe:/a:tor:tor:0.2.1.12", "cpe:/a:tor:tor:0.2.1.25", "cpe:/a:tor:tor:0.1.1.9", "cpe:/a:tor:tor:0.2.1.14", "cpe:/a:tor:tor:0.2.0.16", "cpe:/a:tor:tor:0.2.2.17", "cpe:/a:tor:tor:0.2.0.8", "cpe:/a:tor:tor:0.0.2_pre21", "cpe:/a:tor:tor:0.1.1.1", "cpe:/a:tor:tor:0.2.2.10", "cpe:/a:tor:tor:0.1.1.25", "cpe:/a:tor:tor:0.2.2.8", "cpe:/a:tor:tor:0.1.2.7", "cpe:/a:tor:tor:0.1.1.26", "cpe:/a:tor:tor:0.0.2_pre14", "cpe:/a:tor:tor:0.0.3", "cpe:/a:tor:tor:0.0.2_pre15", "cpe:/a:tor:tor:0.0.9.4", "cpe:/a:tor:tor:0.1.2.6", "cpe:/a:tor:tor:0.2.1.7", "cpe:/a:tor:tor:0.0.8.1", "cpe:/a:tor:tor:0.0.6.1", "cpe:/a:tor:tor:0.1.2.15", "cpe:/a:tor:tor:0.1.1.13", "cpe:/a:tor:tor:0.1.1.3", "cpe:/a:tor:tor:0.2.0.34", "cpe:/a:tor:tor:0.1.1.19", "cpe:/a:tor:tor:0.2.0.13", "cpe:/a:tor:tor:0.0.9.5", "cpe:/a:tor:tor:0.2.2.14", "cpe:/a:tor:tor:0.2.0.21", "cpe:/a:tor:tor:0.2.0.12", "cpe:/a:tor:tor:0.1.1.16", "cpe:/a:tor:tor:0.1.2.3", "cpe:/a:tor:tor:0.2.2.20", "cpe:/a:tor:tor:0.0.2", "cpe:/a:tor:tor:0.0.9.10", "cpe:/a:tor:tor:0.2.1.5", "cpe:/a:tor:tor:0.2.0.3", "cpe:/a:tor:tor:0.1.1.12", "cpe:/a:tor:tor:0.2.1.20", "cpe:/a:tor:tor:0.0.9.9", "cpe:/a:tor:tor:0.1.0.7", "cpe:/a:tor:tor:0.1.1.20", "cpe:/a:tor:tor:0.0.2_pre16", "cpe:/a:tor:tor:0.2.0.33", "cpe:/a:tor:tor:0.2.2.19", "cpe:/a:tor:tor:0.2.1.15", "cpe:/a:tor:tor:0.1.1.8", "cpe:/a:tor:tor:0.1.1.5", "cpe:/a:tor:tor:0.2.0.24", "cpe:/a:tor:tor:0.1.0.5", "cpe:/a:tor:tor:0.1.0.8", "cpe:/a:tor:tor:0.2.1.16", "cpe:/a:tor:tor:0.1.0.16", "cpe:/a:tor:tor:0.1.1.23", "cpe:/a:tor:tor:0.2.0.18", "cpe:/a:tor:tor:0.1.0.13", "cpe:/a:tor:tor:0.1.1.7", "cpe:/a:tor:tor:0.2.2.16", "cpe:/a:tor:tor:0.2.1.17", "cpe:/a:tor:tor:0.0.2_pre13", "cpe:/a:tor:tor:0.2.0.4", "cpe:/a:tor:tor:0.2.1.6", "cpe:/a:tor:tor:0.0.8", "cpe:/a:tor:tor:0.1.0.4", "cpe:/a:tor:tor:0.2.0.32", "cpe:/a:tor:tor:0.0.2_pre23", "cpe:/a:tor:tor:0.1.2.14", "cpe:/a:tor:tor:0.1.2.18", "cpe:/a:tor:tor:0.0.6.2", "cpe:/a:tor:tor:0.2.2.15", "cpe:/a:tor:tor:0.2.0.30", "cpe:/a:tor:tor:0.0.7.3", "cpe:/a:tor:tor:0.2.1.27", "cpe:/a:tor:tor:0.1.1.15", "cpe:/a:tor:tor:0.2.2.12", "cpe:/a:tor:tor:0.1.1.11", "cpe:/a:tor:tor:0.1.0.17", "cpe:/a:tor:tor:0.1.1.21", "cpe:/a:tor:tor:0.2.0.2", "cpe:/a:tor:tor:0.1.2.10", "cpe:/a:tor:tor:0.2.2.5", "cpe:/a:tor:tor:0.1.1.10", "cpe:/a:tor:tor:0.1.2.16", "cpe:/a:tor:tor:0.2.1.26", "cpe:/a:tor:tor:0.1.1.2", "cpe:/a:tor:tor:0.0.2_pre27", "cpe:/a:tor:tor:0.1.1", "cpe:/a:tor:tor:0.1.1.22", "cpe:/a:tor:tor:0.2.1.10", "cpe:/a:tor:tor:0.2.1.1", "cpe:/a:tor:tor:0.0.2_pre18", "cpe:/a:tor:tor:0.2.0.20", "cpe:/a:tor:tor:0.2.0.7", "cpe:/a:tor:tor:0.1.2.4", "cpe:/a:tor:tor:0.2.1.11", "cpe:/a:tor:tor:0.1.2.11", "cpe:/a:tor:tor:0.1.2.1", "cpe:/a:tor:tor:0.2.1.9", "cpe:/a:tor:tor:0.0.7", "cpe:/a:tor:tor:0.1.2.9", "cpe:/a:tor:tor:0.0.2_pre22", "cpe:/a:tor:tor:0.0.9.3", "cpe:/a:tor:tor:0.2.0.14", "cpe:/a:tor:tor:0.2.2.18", "cpe:/a:tor:tor:0.2.2.3", "cpe:/a:tor:tor:0.2.1.21", "cpe:/a:tor:tor:0.2.0.31", "cpe:/a:tor:tor:0.0.2_pre25", "cpe:/a:tor:tor:0.2.1.18", "cpe:/a:tor:tor:0.0.2_pre17", "cpe:/a:tor:tor:0.1.0.12", "cpe:/a:tor:tor:0.2.1.22", "cpe:/a:tor:tor:0.1.2.31", "cpe:/a:tor:tor:0.0.4", "cpe:/a:tor:tor:0.1.0.11", "cpe:/a:tor:tor:0.2.0.10", "cpe:/a:tor:tor:0.1.1.4", "cpe:/a:tor:tor:0.2.2.4", "cpe:/a:tor:tor:0.2.0.29", "cpe:/a:tor:tor:0.2.1.3", "cpe:/a:tor:tor:0.1.2.8", "cpe:/a:tor:tor:0.1.2.5", "cpe:/a:tor:tor:0.2.2.6", "cpe:/a:tor:tor:0.0.6", "cpe:/a:tor:tor:0.2.0.23", "cpe:/a:tor:tor:0.2.1.19", "cpe:/a:tor:tor:0.1.2.19", "cpe:/a:tor:tor:0.2.0.11", "cpe:/a:tor:tor:0.2.0.5", "cpe:/a:tor:tor:0.2.0.26", "cpe:/a:tor:tor:0.1.0.6", "cpe:/a:tor:tor:0.2.1.24", "cpe:/a:tor:tor:0.2.0.17", "cpe:/a:tor:tor:0.0.2_pre24", "cpe:/a:tor:tor:0.1.2.13", "cpe:/a:tor:tor:0.1.1.18", "cpe:/a:tor:tor:0.1.0.1", "cpe:/a:tor:tor:0.2.0.28", "cpe:/a:tor:tor:0.2.0.15", "cpe:/a:tor:tor:0.1.1.17", "cpe:/a:tor:tor:0.2.1.28", "cpe:/a:tor:tor:0.2.0.25", "cpe:/a:tor:tor:0.0.7.2", "cpe:/a:tor:tor:0.0.5", "cpe:/a:tor:tor:0.1.2.12", "cpe:/a:tor:tor:0.1.2.2"], "id": "CVE-2011-0492", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0492", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:tor:tor:0.0.2_pre26:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.20:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre23:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.13:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.13:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.12:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.5:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.6:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre15:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.22:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.20:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.21:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.8:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre19:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.10:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.4:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.6:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre27:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.9:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.19:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.17:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.5:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.28:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.31:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.22:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.23:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.30:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.18:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.25:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.21:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.4:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.8:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre24:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.11:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.5:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.29:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.12:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.4:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre22:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.18:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.19:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.23:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.22:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.34:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.27:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.31:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.14:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.10:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.10:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.20:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.14:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.19:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.26:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.28:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.3:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.21:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.16:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre20:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.6:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.24:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.24:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.18:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.9:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.14:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.12:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre13:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.8:beta:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre14:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.27:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.20:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre25:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.8:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.13:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.26:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.15:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.25:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.17:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre18:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.8:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.25:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.26:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.7:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.10:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.4:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.23:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.15:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre17:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.11:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.16:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.1:alpha-cvs:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.3:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.5:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.11:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.9:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.15:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre16:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.30:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.8:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.6:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.9:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.6:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.6:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.32:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.16:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.3:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.5:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.3:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre21:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.10:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.9:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.4:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.17:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.3:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.5:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.18:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:39:03", "description": "Heap-based buffer overflow in Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.", "edition": 5, "cvss3": {}, "published": "2011-01-19T12:00:00", "title": "CVE-2011-0427", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0427"], "modified": "2017-08-17T01:33:00", "cpe": ["cpe:/a:tor:tor:0.2.0.9", "cpe:/a:tor:tor:0.1.0.3", "cpe:/a:tor:tor:0.2.2.1", "cpe:/a:tor:tor:0.1.2.30", "cpe:/a:tor:tor:0.2.0.6", "cpe:/a:tor:tor:0.2.1.23", "cpe:/a:tor:tor:0.1.1.14", "cpe:/a:tor:tor:0.1.0.9", "cpe:/a:tor:tor:0.0.9.6", "cpe:/a:tor:tor:0.1.0.10", "cpe:/a:tor:tor:0.0.2_pre20", "cpe:/a:tor:tor:0.1.2.17", "cpe:/a:tor:tor:0.2.0.1", "cpe:/a:tor:tor:0.0.2_pre19", "cpe:/a:tor:tor:0.2.1.13", "cpe:/a:tor:tor:0.0.9.8", "cpe:/a:tor:tor:0.2.0.22", "cpe:/a:tor:tor:0.1.0.14", "cpe:/a:tor:tor:0.2.0.35", "cpe:/a:tor:tor:0.2.0.19", "cpe:/a:tor:tor:0.2.2.7", "cpe:/a:tor:tor:0.2.1.2", "cpe:/a:tor:tor:0.2.2.9", "cpe:/a:tor:tor:0.2.1.8", "cpe:/a:tor:tor:0.1.0.15", "cpe:/a:tor:tor:0.1.1.6", "cpe:/a:tor:tor:0.0.2_pre26", "cpe:/a:tor:tor:0.0.9.2", "cpe:/a:tor:tor:0.0.9", "cpe:/a:tor:tor:0.2.2.13", "cpe:/a:tor:tor:0.2.1.4", "cpe:/a:tor:tor:0.2.0.27", "cpe:/a:tor:tor:0.0.7.1", "cpe:/a:tor:tor:0.1.0.2", "cpe:/a:tor:tor:0.2.2.2", "cpe:/a:tor:tor:0.0.9.1", "cpe:/a:tor:tor:0.2.2.11", "cpe:/a:tor:tor:0.0.9.7", "cpe:/a:tor:tor:0.2.1.12", "cpe:/a:tor:tor:0.2.1.25", "cpe:/a:tor:tor:0.1.1.9", "cpe:/a:tor:tor:0.2.1.14", "cpe:/a:tor:tor:0.2.0.16", "cpe:/a:tor:tor:0.2.2.17", "cpe:/a:tor:tor:0.2.0.8", "cpe:/a:tor:tor:0.0.2_pre21", "cpe:/a:tor:tor:0.1.1.1", "cpe:/a:tor:tor:0.2.2.10", "cpe:/a:tor:tor:0.1.1.25", "cpe:/a:tor:tor:0.2.2.8", "cpe:/a:tor:tor:0.1.2.7", "cpe:/a:tor:tor:0.1.1.26", "cpe:/a:tor:tor:0.0.2_pre14", "cpe:/a:tor:tor:0.0.3", "cpe:/a:tor:tor:0.0.2_pre15", "cpe:/a:tor:tor:0.0.9.4", "cpe:/a:tor:tor:0.1.2.6", "cpe:/a:tor:tor:0.2.1.7", "cpe:/a:tor:tor:0.0.8.1", "cpe:/a:tor:tor:0.0.6.1", "cpe:/a:tor:tor:0.1.2.15", "cpe:/a:tor:tor:0.1.1.13", "cpe:/a:tor:tor:0.1.1.3", "cpe:/a:tor:tor:0.2.0.34", "cpe:/a:tor:tor:0.1.1.19", "cpe:/a:tor:tor:0.2.0.13", "cpe:/a:tor:tor:0.0.9.5", "cpe:/a:tor:tor:0.2.2.14", "cpe:/a:tor:tor:0.2.0.21", "cpe:/a:tor:tor:0.2.0.12", "cpe:/a:tor:tor:0.1.1.16", "cpe:/a:tor:tor:0.1.2.3", "cpe:/a:tor:tor:0.2.2.20", "cpe:/a:tor:tor:0.0.2", "cpe:/a:tor:tor:0.0.9.10", "cpe:/a:tor:tor:0.2.1.5", "cpe:/a:tor:tor:0.2.0.3", "cpe:/a:tor:tor:0.1.1.12", "cpe:/a:tor:tor:0.2.1.20", "cpe:/a:tor:tor:0.0.9.9", "cpe:/a:tor:tor:0.1.0.7", "cpe:/a:tor:tor:0.1.1.20", "cpe:/a:tor:tor:0.0.2_pre16", "cpe:/a:tor:tor:0.2.0.33", "cpe:/a:tor:tor:0.2.2.19", "cpe:/a:tor:tor:0.2.1.15", "cpe:/a:tor:tor:0.1.1.8", "cpe:/a:tor:tor:0.1.1.5", "cpe:/a:tor:tor:0.2.0.24", "cpe:/a:tor:tor:0.1.0.5", "cpe:/a:tor:tor:0.1.0.8", "cpe:/a:tor:tor:0.2.1.16", "cpe:/a:tor:tor:0.1.0.16", "cpe:/a:tor:tor:0.1.1.23", "cpe:/a:tor:tor:0.2.0.18", "cpe:/a:tor:tor:0.1.0.13", "cpe:/a:tor:tor:0.1.1.7", "cpe:/a:tor:tor:0.2.2.16", "cpe:/a:tor:tor:0.2.1.17", "cpe:/a:tor:tor:0.0.2_pre13", "cpe:/a:tor:tor:0.2.0.4", "cpe:/a:tor:tor:0.2.1.6", "cpe:/a:tor:tor:0.0.8", "cpe:/a:tor:tor:0.1.0.4", "cpe:/a:tor:tor:0.2.0.32", "cpe:/a:tor:tor:0.0.2_pre23", "cpe:/a:tor:tor:0.1.2.14", "cpe:/a:tor:tor:0.1.2.18", "cpe:/a:tor:tor:0.0.6.2", "cpe:/a:tor:tor:0.2.2.15", "cpe:/a:tor:tor:0.2.0.30", "cpe:/a:tor:tor:0.0.7.3", "cpe:/a:tor:tor:0.2.1.27", "cpe:/a:tor:tor:0.1.1.15", "cpe:/a:tor:tor:0.2.2.12", "cpe:/a:tor:tor:0.1.1.11", "cpe:/a:tor:tor:0.1.0.17", "cpe:/a:tor:tor:0.1.1.21", "cpe:/a:tor:tor:0.2.0.2", "cpe:/a:tor:tor:0.1.2.10", "cpe:/a:tor:tor:0.2.2.5", "cpe:/a:tor:tor:0.1.1.10", "cpe:/a:tor:tor:0.1.2.16", "cpe:/a:tor:tor:0.2.1.26", "cpe:/a:tor:tor:0.1.1.2", "cpe:/a:tor:tor:0.0.2_pre27", "cpe:/a:tor:tor:0.1.1", "cpe:/a:tor:tor:0.1.1.22", "cpe:/a:tor:tor:0.2.1.10", "cpe:/a:tor:tor:0.2.1.1", "cpe:/a:tor:tor:0.0.2_pre18", "cpe:/a:tor:tor:0.2.0.20", "cpe:/a:tor:tor:0.2.0.7", "cpe:/a:tor:tor:0.1.2.4", "cpe:/a:tor:tor:0.2.1.11", "cpe:/a:tor:tor:0.1.2.11", "cpe:/a:tor:tor:0.1.2.1", "cpe:/a:tor:tor:0.2.1.9", "cpe:/a:tor:tor:0.0.7", "cpe:/a:tor:tor:0.1.2.9", "cpe:/a:tor:tor:0.0.2_pre22", "cpe:/a:tor:tor:0.0.9.3", "cpe:/a:tor:tor:0.2.0.14", "cpe:/a:tor:tor:0.2.2.18", "cpe:/a:tor:tor:0.2.2.3", "cpe:/a:tor:tor:0.2.1.21", "cpe:/a:tor:tor:0.2.0.31", "cpe:/a:tor:tor:0.0.2_pre25", "cpe:/a:tor:tor:0.2.1.18", "cpe:/a:tor:tor:0.0.2_pre17", "cpe:/a:tor:tor:0.1.0.12", "cpe:/a:tor:tor:0.2.1.22", "cpe:/a:tor:tor:0.1.2.31", "cpe:/a:tor:tor:0.0.4", "cpe:/a:tor:tor:0.1.0.11", "cpe:/a:tor:tor:0.2.0.10", "cpe:/a:tor:tor:0.1.1.4", "cpe:/a:tor:tor:0.2.2.4", "cpe:/a:tor:tor:0.2.0.29", "cpe:/a:tor:tor:0.2.1.3", "cpe:/a:tor:tor:0.1.2.8", "cpe:/a:tor:tor:0.1.2.5", "cpe:/a:tor:tor:0.2.2.6", "cpe:/a:tor:tor:0.0.6", "cpe:/a:tor:tor:0.2.0.23", "cpe:/a:tor:tor:0.2.1.19", "cpe:/a:tor:tor:0.1.2.19", "cpe:/a:tor:tor:0.2.0.11", "cpe:/a:tor:tor:0.2.0.5", "cpe:/a:tor:tor:0.2.0.26", "cpe:/a:tor:tor:0.1.0.6", "cpe:/a:tor:tor:0.2.1.24", "cpe:/a:tor:tor:0.2.0.17", "cpe:/a:tor:tor:0.0.2_pre24", "cpe:/a:tor:tor:0.1.2.13", "cpe:/a:tor:tor:0.1.1.18", "cpe:/a:tor:tor:0.1.0.1", "cpe:/a:tor:tor:0.2.0.28", "cpe:/a:tor:tor:0.2.0.15", "cpe:/a:tor:tor:0.1.1.17", "cpe:/a:tor:tor:0.2.1.28", "cpe:/a:tor:tor:0.2.0.25", "cpe:/a:tor:tor:0.0.7.2", "cpe:/a:tor:tor:0.0.5", "cpe:/a:tor:tor:0.1.2.12", "cpe:/a:tor:tor:0.1.2.2"], "id": "CVE-2011-0427", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0427", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:tor:tor:0.0.2_pre26:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.20:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre23:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.13:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.13:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.12:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.5:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.6:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre15:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.22:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.20:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.21:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.8:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre19:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.10:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.4:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.6:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre27:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.9:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.19:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.17:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.5:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.28:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.31:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.22:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.23:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.30:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.18:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.25:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.21:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.4:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.8:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre24:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.11:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.5:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.29:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.12:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.4:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre22:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.18:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.19:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.23:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.22:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.34:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.27:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.31:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.14:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.10:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.10:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.20:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.14:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.19:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.26:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.28:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.3:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.21:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.16:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre20:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.6:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.24:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.24:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.18:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.9:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.14:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.12:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre13:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.8:beta:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre14:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.27:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.20:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre25:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.8:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.13:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.26:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.15:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.25:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.17:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre18:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.8:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.25:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.26:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.7:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.10:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.4:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.23:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.15:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre17:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.11:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.16:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.1:alpha-cvs:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.3:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.5:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.11:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.9:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.15:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre16:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.30:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.8:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.6:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.9:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.6:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.6:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.32:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.16:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.3:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.5:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.3:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre21:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.10:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.9:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.4:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.17:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.3:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.5:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.18:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:39:02", "description": "Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properly manage key data in memory, which might allow local users to obtain sensitive information by leveraging the ability to read memory that was previously used by a different process.", "edition": 5, "cvss3": {}, "published": "2011-01-19T12:00:00", "title": "CVE-2011-0016", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0016"], "modified": "2011-01-22T05:00:00", "cpe": ["cpe:/a:tor:tor:0.2.0.9", "cpe:/a:tor:tor:0.1.0.3", "cpe:/a:tor:tor:0.2.2.1", "cpe:/a:tor:tor:0.1.2.30", "cpe:/a:tor:tor:0.2.0.6", "cpe:/a:tor:tor:0.2.1.23", "cpe:/a:tor:tor:0.1.1.14", "cpe:/a:tor:tor:0.1.0.9", "cpe:/a:tor:tor:0.0.9.6", "cpe:/a:tor:tor:0.1.0.10", "cpe:/a:tor:tor:0.0.2_pre20", "cpe:/a:tor:tor:0.1.2.17", "cpe:/a:tor:tor:0.2.0.1", "cpe:/a:tor:tor:0.0.2_pre19", "cpe:/a:tor:tor:0.2.1.13", "cpe:/a:tor:tor:0.0.9.8", "cpe:/a:tor:tor:0.2.0.22", "cpe:/a:tor:tor:0.1.0.14", "cpe:/a:tor:tor:0.2.0.35", "cpe:/a:tor:tor:0.2.0.19", "cpe:/a:tor:tor:0.2.2.7", "cpe:/a:tor:tor:0.2.1.2", "cpe:/a:tor:tor:0.2.2.9", "cpe:/a:tor:tor:0.2.1.8", "cpe:/a:tor:tor:0.1.0.15", "cpe:/a:tor:tor:0.1.1.6", "cpe:/a:tor:tor:0.0.2_pre26", "cpe:/a:tor:tor:0.0.9.2", "cpe:/a:tor:tor:0.0.9", "cpe:/a:tor:tor:0.2.2.13", "cpe:/a:tor:tor:0.2.1.4", "cpe:/a:tor:tor:0.2.0.27", "cpe:/a:tor:tor:0.0.7.1", "cpe:/a:tor:tor:0.1.0.2", "cpe:/a:tor:tor:0.2.2.2", "cpe:/a:tor:tor:0.0.9.1", "cpe:/a:tor:tor:0.2.2.11", "cpe:/a:tor:tor:0.0.9.7", "cpe:/a:tor:tor:0.2.1.12", "cpe:/a:tor:tor:0.2.1.25", "cpe:/a:tor:tor:0.1.1.9", "cpe:/a:tor:tor:0.2.1.14", "cpe:/a:tor:tor:0.2.0.16", "cpe:/a:tor:tor:0.2.2.17", "cpe:/a:tor:tor:0.2.0.8", "cpe:/a:tor:tor:0.0.2_pre21", "cpe:/a:tor:tor:0.1.1.1", "cpe:/a:tor:tor:0.2.2.10", "cpe:/a:tor:tor:0.1.1.25", "cpe:/a:tor:tor:0.2.2.8", "cpe:/a:tor:tor:0.1.2.7", "cpe:/a:tor:tor:0.1.1.26", "cpe:/a:tor:tor:0.0.2_pre14", "cpe:/a:tor:tor:0.0.3", "cpe:/a:tor:tor:0.0.2_pre15", "cpe:/a:tor:tor:0.0.9.4", "cpe:/a:tor:tor:0.1.2.6", "cpe:/a:tor:tor:0.2.1.7", "cpe:/a:tor:tor:0.0.8.1", "cpe:/a:tor:tor:0.0.6.1", "cpe:/a:tor:tor:0.1.2.15", "cpe:/a:tor:tor:0.1.1.13", "cpe:/a:tor:tor:0.1.1.3", "cpe:/a:tor:tor:0.2.0.34", "cpe:/a:tor:tor:0.1.1.19", "cpe:/a:tor:tor:0.2.0.13", "cpe:/a:tor:tor:0.0.9.5", "cpe:/a:tor:tor:0.2.2.14", "cpe:/a:tor:tor:0.2.0.21", "cpe:/a:tor:tor:0.2.0.12", "cpe:/a:tor:tor:0.1.1.16", "cpe:/a:tor:tor:0.1.2.3", "cpe:/a:tor:tor:0.2.2.20", "cpe:/a:tor:tor:0.0.2", "cpe:/a:tor:tor:0.0.9.10", "cpe:/a:tor:tor:0.2.1.5", "cpe:/a:tor:tor:0.2.0.3", "cpe:/a:tor:tor:0.1.1.12", "cpe:/a:tor:tor:0.2.1.20", "cpe:/a:tor:tor:0.0.9.9", "cpe:/a:tor:tor:0.1.0.7", "cpe:/a:tor:tor:0.1.1.20", "cpe:/a:tor:tor:0.0.2_pre16", "cpe:/a:tor:tor:0.2.0.33", "cpe:/a:tor:tor:0.2.2.19", "cpe:/a:tor:tor:0.2.1.15", "cpe:/a:tor:tor:0.1.1.8", "cpe:/a:tor:tor:0.1.1.5", "cpe:/a:tor:tor:0.2.0.24", "cpe:/a:tor:tor:0.1.0.5", "cpe:/a:tor:tor:0.1.0.8", "cpe:/a:tor:tor:0.2.1.16", "cpe:/a:tor:tor:0.1.0.16", "cpe:/a:tor:tor:0.1.1.23", "cpe:/a:tor:tor:0.2.0.18", "cpe:/a:tor:tor:0.1.0.13", "cpe:/a:tor:tor:0.1.1.7", "cpe:/a:tor:tor:0.2.2.16", "cpe:/a:tor:tor:0.2.1.17", "cpe:/a:tor:tor:0.0.2_pre13", "cpe:/a:tor:tor:0.2.0.4", "cpe:/a:tor:tor:0.2.1.6", "cpe:/a:tor:tor:0.0.8", "cpe:/a:tor:tor:0.1.0.4", "cpe:/a:tor:tor:0.2.0.32", "cpe:/a:tor:tor:0.0.2_pre23", "cpe:/a:tor:tor:0.1.2.14", "cpe:/a:tor:tor:0.1.2.18", "cpe:/a:tor:tor:0.0.6.2", "cpe:/a:tor:tor:0.2.2.15", "cpe:/a:tor:tor:0.2.0.30", "cpe:/a:tor:tor:0.0.7.3", "cpe:/a:tor:tor:0.2.1.27", "cpe:/a:tor:tor:0.1.1.15", "cpe:/a:tor:tor:0.2.2.12", "cpe:/a:tor:tor:0.1.1.11", "cpe:/a:tor:tor:0.1.0.17", "cpe:/a:tor:tor:0.1.1.21", "cpe:/a:tor:tor:0.2.0.2", "cpe:/a:tor:tor:0.1.2.10", "cpe:/a:tor:tor:0.2.2.5", "cpe:/a:tor:tor:0.1.1.10", "cpe:/a:tor:tor:0.1.2.16", "cpe:/a:tor:tor:0.2.1.26", "cpe:/a:tor:tor:0.1.1.2", "cpe:/a:tor:tor:0.0.2_pre27", "cpe:/a:tor:tor:0.1.1", "cpe:/a:tor:tor:0.1.1.22", "cpe:/a:tor:tor:0.2.1.10", "cpe:/a:tor:tor:0.2.1.1", "cpe:/a:tor:tor:0.0.2_pre18", "cpe:/a:tor:tor:0.2.0.20", "cpe:/a:tor:tor:0.2.0.7", "cpe:/a:tor:tor:0.1.2.4", "cpe:/a:tor:tor:0.2.1.11", "cpe:/a:tor:tor:0.1.2.11", "cpe:/a:tor:tor:0.1.2.1", "cpe:/a:tor:tor:0.2.1.9", "cpe:/a:tor:tor:0.0.7", "cpe:/a:tor:tor:0.1.2.9", "cpe:/a:tor:tor:0.0.2_pre22", "cpe:/a:tor:tor:0.0.9.3", "cpe:/a:tor:tor:0.2.0.14", "cpe:/a:tor:tor:0.2.2.18", "cpe:/a:tor:tor:0.2.2.3", "cpe:/a:tor:tor:0.2.1.21", "cpe:/a:tor:tor:0.2.0.31", "cpe:/a:tor:tor:0.0.2_pre25", "cpe:/a:tor:tor:0.2.1.18", "cpe:/a:tor:tor:0.0.2_pre17", "cpe:/a:tor:tor:0.1.0.12", "cpe:/a:tor:tor:0.2.1.22", "cpe:/a:tor:tor:0.1.2.31", "cpe:/a:tor:tor:0.0.4", "cpe:/a:tor:tor:0.1.0.11", "cpe:/a:tor:tor:0.2.0.10", "cpe:/a:tor:tor:0.1.1.4", "cpe:/a:tor:tor:0.2.2.4", "cpe:/a:tor:tor:0.2.0.29", "cpe:/a:tor:tor:0.2.1.3", "cpe:/a:tor:tor:0.1.2.8", "cpe:/a:tor:tor:0.1.2.5", "cpe:/a:tor:tor:0.2.2.6", "cpe:/a:tor:tor:0.0.6", "cpe:/a:tor:tor:0.2.0.23", "cpe:/a:tor:tor:0.2.1.19", "cpe:/a:tor:tor:0.1.2.19", "cpe:/a:tor:tor:0.2.0.11", "cpe:/a:tor:tor:0.2.0.5", "cpe:/a:tor:tor:0.2.0.26", "cpe:/a:tor:tor:0.1.0.6", "cpe:/a:tor:tor:0.2.1.24", "cpe:/a:tor:tor:0.2.0.17", "cpe:/a:tor:tor:0.0.2_pre24", "cpe:/a:tor:tor:0.1.2.13", "cpe:/a:tor:tor:0.1.1.18", "cpe:/a:tor:tor:0.1.0.1", "cpe:/a:tor:tor:0.2.0.28", "cpe:/a:tor:tor:0.2.0.15", "cpe:/a:tor:tor:0.1.1.17", "cpe:/a:tor:tor:0.2.1.28", "cpe:/a:tor:tor:0.2.0.25", "cpe:/a:tor:tor:0.0.7.2", "cpe:/a:tor:tor:0.0.5", "cpe:/a:tor:tor:0.1.2.12", "cpe:/a:tor:tor:0.1.2.2"], "id": "CVE-2011-0016", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0016", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:tor:tor:0.0.2_pre26:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.20:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre23:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.13:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.13:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.12:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.5:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.6:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre15:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.22:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.20:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.21:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.8:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre19:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.10:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.4:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.6:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre27:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.9:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.19:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.17:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.5:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.28:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.31:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.22:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.23:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.30:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.18:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.25:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.21:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.4:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.8:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre24:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.11:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.5:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.29:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.12:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.4:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre22:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.18:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.19:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.23:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.22:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.34:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.27:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.31:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.14:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.10:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.10:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.20:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.14:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.19:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.26:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.28:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.3:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.21:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.16:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre20:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.6:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.24:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.24:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.18:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.9:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.14:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.12:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre13:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.8:beta:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre14:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.27:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.20:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre25:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.8:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.13:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.26:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.15:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.25:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.17:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre18:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.8:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.25:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.26:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.7:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.10:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.4:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.23:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.15:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre17:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.11:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.16:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.1:alpha-cvs:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.3:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.5:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.11:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.9:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.15:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre16:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.30:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.8:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.6:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.9:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.6:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.6:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.32:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.16:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.3:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.5:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.3:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre21:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.10:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.9:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.4:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.17:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.3:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.5:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.18:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:39:02", "description": "Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properly check the amount of compression in zlib-compressed data, which allows remote attackers to cause a denial of service via a large compression factor.", "edition": 5, "cvss3": {}, "published": "2011-01-19T12:00:00", "title": "CVE-2011-0015", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0015"], "modified": "2011-07-19T04:00:00", "cpe": ["cpe:/a:tor:tor:0.2.0.9", "cpe:/a:tor:tor:0.1.0.3", "cpe:/a:tor:tor:0.2.2.1", "cpe:/a:tor:tor:0.1.2.30", "cpe:/a:tor:tor:0.2.0.6", "cpe:/a:tor:tor:0.2.1.23", "cpe:/a:tor:tor:0.1.1.14", "cpe:/a:tor:tor:0.1.0.9", "cpe:/a:tor:tor:0.0.9.6", "cpe:/a:tor:tor:0.1.0.10", "cpe:/a:tor:tor:0.0.2_pre20", "cpe:/a:tor:tor:0.1.2.17", "cpe:/a:tor:tor:0.2.0.1", "cpe:/a:tor:tor:0.0.2_pre19", "cpe:/a:tor:tor:0.2.1.13", "cpe:/a:tor:tor:0.0.9.8", "cpe:/a:tor:tor:0.2.0.22", "cpe:/a:tor:tor:0.1.0.14", "cpe:/a:tor:tor:0.2.0.35", "cpe:/a:tor:tor:0.2.0.19", "cpe:/a:tor:tor:0.2.2.7", "cpe:/a:tor:tor:0.2.1.2", "cpe:/a:tor:tor:0.2.2.9", "cpe:/a:tor:tor:0.2.1.8", "cpe:/a:tor:tor:0.1.0.15", "cpe:/a:tor:tor:0.1.1.6", "cpe:/a:tor:tor:0.0.2_pre26", "cpe:/a:tor:tor:0.0.9.2", "cpe:/a:tor:tor:0.0.9", "cpe:/a:tor:tor:0.2.2.13", "cpe:/a:tor:tor:0.2.1.4", "cpe:/a:tor:tor:0.2.0.27", "cpe:/a:tor:tor:0.0.7.1", "cpe:/a:tor:tor:0.1.0.2", "cpe:/a:tor:tor:0.2.2.2", "cpe:/a:tor:tor:0.0.9.1", "cpe:/a:tor:tor:0.2.2.11", "cpe:/a:tor:tor:0.0.9.7", "cpe:/a:tor:tor:0.2.1.12", "cpe:/a:tor:tor:0.2.1.25", "cpe:/a:tor:tor:0.1.1.9", "cpe:/a:tor:tor:0.2.1.14", "cpe:/a:tor:tor:0.2.0.16", "cpe:/a:tor:tor:0.2.2.17", "cpe:/a:tor:tor:0.2.0.8", "cpe:/a:tor:tor:0.0.2_pre21", "cpe:/a:tor:tor:0.1.1.1", "cpe:/a:tor:tor:0.2.2.10", "cpe:/a:tor:tor:0.1.1.25", "cpe:/a:tor:tor:0.2.2.8", "cpe:/a:tor:tor:0.1.2.7", "cpe:/a:tor:tor:0.1.1.26", "cpe:/a:tor:tor:0.0.2_pre14", "cpe:/a:tor:tor:0.0.3", "cpe:/a:tor:tor:0.0.2_pre15", "cpe:/a:tor:tor:0.0.9.4", "cpe:/a:tor:tor:0.1.2.6", "cpe:/a:tor:tor:0.2.1.7", "cpe:/a:tor:tor:0.0.8.1", "cpe:/a:tor:tor:0.0.6.1", "cpe:/a:tor:tor:0.1.2.15", "cpe:/a:tor:tor:0.1.1.13", "cpe:/a:tor:tor:0.1.1.3", "cpe:/a:tor:tor:0.2.0.34", "cpe:/a:tor:tor:0.1.1.19", "cpe:/a:tor:tor:0.2.0.13", "cpe:/a:tor:tor:0.0.9.5", "cpe:/a:tor:tor:0.2.2.14", "cpe:/a:tor:tor:0.2.0.21", "cpe:/a:tor:tor:0.2.0.12", "cpe:/a:tor:tor:0.1.1.16", "cpe:/a:tor:tor:0.1.2.3", "cpe:/a:tor:tor:0.2.2.20", "cpe:/a:tor:tor:0.0.2", "cpe:/a:tor:tor:0.0.9.10", "cpe:/a:tor:tor:0.2.1.5", "cpe:/a:tor:tor:0.2.0.3", "cpe:/a:tor:tor:0.1.1.12", "cpe:/a:tor:tor:0.2.1.20", "cpe:/a:tor:tor:0.0.9.9", "cpe:/a:tor:tor:0.1.0.7", "cpe:/a:tor:tor:0.1.1.20", "cpe:/a:tor:tor:0.0.2_pre16", "cpe:/a:tor:tor:0.2.0.33", "cpe:/a:tor:tor:0.2.2.19", "cpe:/a:tor:tor:0.2.1.15", "cpe:/a:tor:tor:0.1.1.8", "cpe:/a:tor:tor:0.1.1.5", "cpe:/a:tor:tor:0.2.0.24", "cpe:/a:tor:tor:0.1.0.5", "cpe:/a:tor:tor:0.1.0.8", "cpe:/a:tor:tor:0.2.1.16", "cpe:/a:tor:tor:0.1.0.16", "cpe:/a:tor:tor:0.1.1.23", "cpe:/a:tor:tor:0.2.0.18", "cpe:/a:tor:tor:0.1.0.13", "cpe:/a:tor:tor:0.1.1.7", "cpe:/a:tor:tor:0.2.2.16", "cpe:/a:tor:tor:0.2.1.17", "cpe:/a:tor:tor:0.0.2_pre13", "cpe:/a:tor:tor:0.2.0.4", "cpe:/a:tor:tor:0.2.1.6", "cpe:/a:tor:tor:0.0.8", "cpe:/a:tor:tor:0.1.0.4", "cpe:/a:tor:tor:0.2.0.32", "cpe:/a:tor:tor:0.0.2_pre23", "cpe:/a:tor:tor:0.1.2.14", "cpe:/a:tor:tor:0.1.2.18", "cpe:/a:tor:tor:0.0.6.2", "cpe:/a:tor:tor:0.2.2.15", "cpe:/a:tor:tor:0.2.0.30", "cpe:/a:tor:tor:0.0.7.3", "cpe:/a:tor:tor:0.2.1.27", "cpe:/a:tor:tor:0.1.1.15", "cpe:/a:tor:tor:0.2.2.12", "cpe:/a:tor:tor:0.1.1.11", "cpe:/a:tor:tor:0.1.0.17", "cpe:/a:tor:tor:0.1.1.21", "cpe:/a:tor:tor:0.2.0.2", "cpe:/a:tor:tor:0.1.2.10", "cpe:/a:tor:tor:0.2.2.5", "cpe:/a:tor:tor:0.1.1.10", "cpe:/a:tor:tor:0.1.2.16", "cpe:/a:tor:tor:0.2.1.26", "cpe:/a:tor:tor:0.1.1.2", "cpe:/a:tor:tor:0.0.2_pre27", "cpe:/a:tor:tor:0.1.1", "cpe:/a:tor:tor:0.1.1.22", "cpe:/a:tor:tor:0.2.1.10", "cpe:/a:tor:tor:0.2.1.1", "cpe:/a:tor:tor:0.0.2_pre18", "cpe:/a:tor:tor:0.2.0.20", "cpe:/a:tor:tor:0.2.0.7", "cpe:/a:tor:tor:0.1.2.4", "cpe:/a:tor:tor:0.2.1.11", "cpe:/a:tor:tor:0.1.2.11", "cpe:/a:tor:tor:0.1.2.1", "cpe:/a:tor:tor:0.2.1.9", "cpe:/a:tor:tor:0.0.7", "cpe:/a:tor:tor:0.1.2.9", "cpe:/a:tor:tor:0.0.2_pre22", "cpe:/a:tor:tor:0.0.9.3", "cpe:/a:tor:tor:0.2.0.14", "cpe:/a:tor:tor:0.2.2.18", "cpe:/a:tor:tor:0.2.2.3", "cpe:/a:tor:tor:0.2.1.21", "cpe:/a:tor:tor:0.2.0.31", "cpe:/a:tor:tor:0.0.2_pre25", "cpe:/a:tor:tor:0.2.1.18", "cpe:/a:tor:tor:0.0.2_pre17", "cpe:/a:tor:tor:0.1.0.12", "cpe:/a:tor:tor:0.2.1.22", "cpe:/a:tor:tor:0.1.2.31", "cpe:/a:tor:tor:0.0.4", "cpe:/a:tor:tor:0.1.0.11", "cpe:/a:tor:tor:0.2.0.10", "cpe:/a:tor:tor:0.1.1.4", "cpe:/a:tor:tor:0.2.2.4", "cpe:/a:tor:tor:0.2.0.29", "cpe:/a:tor:tor:0.2.1.3", "cpe:/a:tor:tor:0.1.2.8", "cpe:/a:tor:tor:0.1.2.5", "cpe:/a:tor:tor:0.2.2.6", "cpe:/a:tor:tor:0.0.6", "cpe:/a:tor:tor:0.2.0.23", "cpe:/a:tor:tor:0.2.1.19", "cpe:/a:tor:tor:0.1.2.19", "cpe:/a:tor:tor:0.2.0.11", "cpe:/a:tor:tor:0.2.0.5", "cpe:/a:tor:tor:0.2.0.26", "cpe:/a:tor:tor:0.1.0.6", "cpe:/a:tor:tor:0.2.1.24", "cpe:/a:tor:tor:0.2.0.17", "cpe:/a:tor:tor:0.0.2_pre24", "cpe:/a:tor:tor:0.1.2.13", "cpe:/a:tor:tor:0.1.1.18", "cpe:/a:tor:tor:0.1.0.1", "cpe:/a:tor:tor:0.2.0.28", "cpe:/a:tor:tor:0.2.0.15", "cpe:/a:tor:tor:0.1.1.17", "cpe:/a:tor:tor:0.2.1.28", "cpe:/a:tor:tor:0.2.0.25", "cpe:/a:tor:tor:0.0.7.2", "cpe:/a:tor:tor:0.0.5", "cpe:/a:tor:tor:0.1.2.12", "cpe:/a:tor:tor:0.1.2.2"], "id": "CVE-2011-0015", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0015", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:tor:tor:0.0.2_pre26:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.20:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre23:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.13:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.13:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.12:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.5:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.6:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre15:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.22:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.20:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.21:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.8:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre19:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.10:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.4:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.6:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre27:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.9:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.19:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.17:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.5:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.28:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.31:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.22:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.23:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.30:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.18:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.25:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.21:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.4:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.8:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre24:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.11:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.5:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.29:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.12:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.4:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre22:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.18:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.19:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.23:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.22:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.34:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.27:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.31:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.14:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.10:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.10:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.20:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.14:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.19:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.26:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.28:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.3:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.21:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.16:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre20:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.6:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.24:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.24:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.18:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.9:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.14:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.12:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre13:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.8:beta:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre14:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.27:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.20:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre25:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.8:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.13:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.26:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.15:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.25:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.17:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre18:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.8:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.25:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.26:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.7:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.10:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.4:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.23:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.15:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre17:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.11:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.16:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.1:alpha-cvs:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.3:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.5:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.11:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.9:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.15:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre16:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.30:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.8:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.6:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.9:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.6:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.6:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.32:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.16:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.3:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.5:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.3:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.2_pre21:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.2.0.10:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.9:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.4:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.2.17:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.3:alpha:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.0.9.5:*:*:*:*:*:*:*", "cpe:2.3:a:tor:tor:0.1.1.18:*:*:*:*:*:*:*"]}], "debian": [{"lastseen": "2020-11-11T13:22:11", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0427"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2148-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJanuary 17, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : tor\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-0427\n\nThe developers of Tor, an anonymizing overlay network for TCP, found \nthree security issues during a security audit. A heap overflow allowed\nthe execution of arbitrary code (CVE-2011-0427), a denial of service\nvulnerability was found in the zlib compression handling and some key\nmemory was incorrectly zeroed out before being freed. The latter two \nissues do not yet have CVE identifiers assigned. The Debian Security\nTracker will be updated once they're available:\nhttp://security-tracker.debian.org/tracker/source-package/tor\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 0.2.1.29-1~lenny+1.\n\nFor the testing distribution (squeeze) and the unstable distribution (sid),\nthis problem has been fixed in version 0.2.1.29-1.\n\nFor the experimental distribution, this problem has been fixed in\nversion 0.2.2.21-alpha-1.\n\nWe recommend that you upgrade your tor packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 7, "modified": "2011-01-17T18:43:09", "published": "2011-01-17T18:43:09", "id": "DEBIAN:DSA-2148-1:EB706", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00012.html", "title": "[SECURITY] [DSA 2148-1] Security update for tor", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:02", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0427"], "description": "\nThe Tor Project reports:\n\nA remote heap overflow vulnerability that can allow remote\n\t code execution. Other fixes address a variety of assert and crash\n\t bugs, most of which we think are hard to exploit remotely.\n\t All Tor users should upgrade.\n\n", "edition": 4, "modified": "2011-01-15T00:00:00", "published": "2011-01-15T00:00:00", "id": "38BDF10E-2293-11E0-BFA4-001676740879", "href": "https://vuxml.freebsd.org/freebsd/38bdf10e-2293-11e0-bfa4-001676740879.html", "title": "tor -- remote code execution and crash", "type": "freebsd", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}