CVE-2026-44600

Tor before 0.4.9.7 mishandles accounting of the conflux out-of-order queue during the clearing of a queue, aka TROVE-2026-010...

CVE-2026-44599

Tor before 0.4.9.7 can attempt or accept BEGINDIR via conflux legs, aka TROVE-2026-008...

Tor 安全漏洞

Tor is a virtual tunnel network created by the Tor Project organization. It allows individuals and groups to enhance their privacy and security on the Internet. Versions of Tor prior to 0.4.9.7 contained a security vulnerability, which was caused by a one-byte out-of-bounds read due to a malforme...

Tor 安全漏洞

Tor is a virtual tunnel network created by the Tor Project organization. It allows individuals and groups to enhance their privacy and security on the Internet. Versions of Tor prior to 0.4.9.7 contained a security vulnerability, which stemmed from improper handling of the conflux during queue...

TOR Virtual Network Tunneling Tool 0.4.8.22

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow...

The US Could Finally Ban Inane Forced Password Changes

Plus: The US Justice Department indicts three Iranians over Trump campaign hack, EU regulators fine Meta $100 million for a password security lapse, and the Tor Project enters a new phase...

Arti -- Security issues related to circuit construction

Tor Project reports: When building anonymizing circuits to or from an onion service with 'lite' vanguards the default enabled, the circuit manager code would build the circuits with one hop too few. When 'full' vanguards are enabled, some circuits are supposed to be built with an extra hop to...

Mullvad VPN and Tor Project Release Mullvad Browser

By Waqas Mullvad VPN and the Tor Project Join Forces to Launch Mullvad Browser, a Privacy-Focused Web Browser. This is a post from HackRead.com Read the original post: Mullvad VPN and Tor Project Release Mullvad Browser...

Mullvad VPN and Tor Project Create New Privacy-Focused Mullvad Browser

Mullvad Browser, a collaboration between the nonprofit and Mullvad VPN, offers an anti-tracking browser designed to be used with a VPN...

SUSE CVE-2015-2688

bufpullup in Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle unexpected arrival times of buffers with invalid layouts, which allows remote attackers to cause a denial of service assertion failure and daemon exit via crafted packets...

SUSE CVE-2016-8860

Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal functions that were entitled to expect that buft data had NUL termination, but the implementation of or/buffers.c did not ensure that NUL termination was present, which allows remote attackers to cause a denial of service client,...

FreeBSD : security/tor -- SOCKS4(a) inversion bug (847f16e5-9406-11ed-a925-3065ec8fd3ec)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 847f16e5-9406-11ed-a925-3065ec8fd3ec advisory. - The Tor Project reports: TROVE-2022-002: The SafeSocks option for SOCKS4a is inverted leading to SOCK...

security/tor -- SOCKS4(a) inversion bug

The Tor Project reports: TROVE-2022-002: The SafeSocks option for SOCKS4a is inverted leading to SOCKS4 going through This is a report from hackerone: We have classified this as medium considering that tor was not defending in-depth for dangerous SOCKS request and so any user relying on SafeSocks...

A multidimensional approach to journalism security

The security community is continuously changing, growing, and learning from each other to better position the world against cyberthreats. In the latest post of our Community Voices blog series, Microsoft Security Senior Product Marketing Manager Brooke Lynn Weenig talks with Runa Sandvik, Former...

Nipe - An Engine To Make Tor Network Your Default Gateway

The Tor project allows users to surf the Internet, chat and send instant messages anonymously through its own mechanism. It is used by a wide variety of people, companies and organizations, both for lawful activities and for other illicit purposes. Tor has been largely used by intelligence...

Was threat actor KAX17 de-anonymizing the Tor network?

A mysterious threat actor has run thousands of malicious servers in entry, middle, and exit positions of the Tor network. Tracked as KAX17, the threat actor ran at its peak more than 900 malicious servers part of the Tor network, which typically tends to hover around a daily total of up to...

A week in security (Oct 25 – Oct 31)

Last week on Malwarebytes Labs Beyond the VPN: Ultimate online privacy with the Tor Project’s Isabela Bagueros: Lock and Code S02E20 Patch now to bypass Firefox add-ons that abuse the proxy API to deny updates How social media mistakes can impact cybersecurity Update now! Apple patches bugs in iO...

Beyond the VPN: Ultimate online privacy, with The Tor Project’s Isabela Bagueros: Lock and Code S02E20

"What does online privacy mean to you?" This beguilingly simply question can produce dozens of overlapping and distinct answers, all depending on who you ask. A VPN service might tell you that online privacy means obscuring your IP address and hiding your Internet activity from your Internet...

Tor Project Inc Tor 资源管理错误漏洞

Tor Project Inc Tor is an open source application from Tor Project Inc. It provides a browser with hidden functionality. A security vulnerability exists in Tor, which can be exploited by an attacker to trigger a denial of service via a reload of Tor's old cache descriptor file...

UBUNTU-CVE-2020-10593

Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service memory leak, aka TROVE-2020-004. This occurs in circpadsetupmachineoncirc because a circuit-padding machine can be negotiated twice on the same circuit...