Lucene search

K

35 matches found

CVE
CVE
added 2018/06/11 9:29 p.m.546 views

CVE-2016-9079

A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.

7.5CVSS7.2AI score0.84964EPSS
CVE
CVE
added 2021/03/19 5:15 a.m.193 views

CVE-2021-28090

Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002.

5.3CVSS5.9AI score0.02687EPSS
CVE
CVE
added 2020/03/23 1:15 p.m.173 views

CVE-2020-10592

Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002.

7.8CVSS7.2AI score0.02EPSS
CVE
CVE
added 2021/03/19 5:15 a.m.172 views

CVE-2021-28089

Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001.

7.5CVSS7.2AI score0.01689EPSS
CVE
CVE
added 2021/06/29 11:15 a.m.172 views

CVE-2021-34548

An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-003. An attacker can forge RELAY_END or RELAY_RESOLVED to bypass the intended access control for ending a stream.

7.5CVSS7.2AI score0.00159EPSS
CVE
CVE
added 2021/06/29 12:15 p.m.172 views

CVE-2021-34550

An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The v3 onion service descriptor parsing allows out-of-bounds memory access, and a client crash, via a crafted onion service descriptor

7.5CVSS7.1AI score0.00832EPSS
CVE
CVE
added 2021/06/29 12:15 p.m.171 views

CVE-2021-34549

An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit data. Consequently. an attacker can trigger the use of an attacker-chosen circuit ID to cause algorithm inefficiency.

7.5CVSS7.2AI score0.00645EPSS
CVE
CVE
added 2020/03/23 1:15 p.m.170 views

CVE-2020-10593

Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak), aka TROVE-2020-004. This occurs in circpad_setup_machine_on_circ because a circuit-padding machine can be negotiated twice on the same circuit.

7.5CVSS7.2AI score0.01218EPSS
CVE
CVE
added 2021/08/30 5:15 a.m.145 views

CVE-2021-38385

Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-007.

7.5CVSS7.2AI score0.00468EPSS
CVE
CVE
added 2019/02/21 11:29 p.m.135 views

CVE-2019-8955

In Tor before 0.3.3.12, 0.3.4.x before 0.3.4.11, 0.3.5.x before 0.3.5.8, and 0.4.x before 0.4.0.2-alpha, remote denial of service against Tor clients and relays can occur via memory exhaustion in the KIST cell scheduler.

7.5CVSS7.2AI score0.02042EPSS
CVE
CVE
added 2017/11/04 6:29 p.m.122 views

CVE-2017-16541

Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected.

6.5CVSS5.5AI score0.01522EPSS
CVE
CVE
added 2020/07/15 5:15 p.m.113 views

CVE-2020-15572

Tor before 0.4.3.6 has an out-of-bounds memory access that allows a remote denial-of-service (crash) attack against Tor instances built to use Mozilla Network Security Services (NSS), aka TROVE-2020-001.

7.5CVSS7.4AI score0.00505EPSS
CVE
CVE
added 2022/07/17 11:15 p.m.96 views

CVE-2022-33903

Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging of RTT estimation.

7.5CVSS7.2AI score0.0023EPSS
CVE
CVE
added 2020/02/02 1:15 p.m.89 views

CVE-2020-8516

The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to discover circuit information. NOTE: The network team of Tor claims this is an intended behavior and no...

5.3CVSS5.3AI score0.00783EPSS
CVE
CVE
added 2018/03/05 3:29 p.m.87 views

CVE-2018-0490

An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before 0.3.1.10, and 0.3.2.x before 0.3.2.10. The directory-authority protocol-list subprotocol implementation allows remote attackers to cause a denial of service (NULL pointer dereference and directory-authority crash) via a misformatted rel...

7.5CVSS7.1AI score0.01035EPSS
CVE
CVE
added 2018/03/05 3:29 p.m.86 views

CVE-2018-0491

A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. It allows remote attackers to cause a denial of service (relay crash) because the KIST implementation allows a channel to be added more than once in the pending list.

7.5CVSS7.2AI score0.08038EPSS
CVE
CVE
added 2017/12/05 4:29 p.m.81 views

CVE-2016-1254

Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.

7.5CVSS7AI score0.03038EPSS
CVE
CVE
added 2017/09/18 4:29 p.m.81 views

CVE-2017-0380

The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive information by leveraging access to ...

5.9CVSS5.5AI score0.0044EPSS
CVE
CVE
added 2017/06/09 5:29 p.m.80 views

CVE-2017-0376

The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the connection_edge_process_relay_cell function via a BEGIN_DIR cell on a rendezvous circuit.

7.5CVSS7.1AI score0.00819EPSS
CVE
CVE
added 2022/02/26 3:15 a.m.78 views

CVE-2021-46702

Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to information disclosure. This could allow local attackers to bypass the intended anonymity feature and obtain information regarding the onion services visited by a local user. This can be accomplished by analyzing RAM memory even several h...

5.5CVSS5.2AI score0.00125EPSS
CVE
CVE
added 2020/01/24 6:15 p.m.69 views

CVE-2015-2928

The Hidden Service (HS) server implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors.

7.5CVSS7.1AI score0.00721EPSS
CVE
CVE
added 2020/01/24 6:15 p.m.69 views

CVE-2015-2929

The Hidden Service (HS) client implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote servers to cause a denial of service (assertion failure and application exit) via a malformed HS descriptor.

7.5CVSS7.1AI score0.00468EPSS
CVE
CVE
added 2014/07/30 4:55 p.m.68 views

CVE-2014-5117

Tor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a circuit after an inbound RELAY_EARLY cell is received by a client, which makes it easier for remote attackers to conduct traffic-confirmation attacks by using the pattern of RELAY and RELAY_EARLY cells as a means of communicating inform...

5.8CVSS7.2AI score0.006EPSS
CVE
CVE
added 2023/01/14 1:15 a.m.65 views

CVE-2023-23589

The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002.

6.5CVSS6.2AI score0.00169EPSS
CVE
CVE
added 2012/09/14 6:55 p.m.55 views

CVE-2012-4419

The compare_tor_addr_to_addr_policy function in or/policies.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a zero-valued port field that is not properly handled during policy comparison.

5CVSS6.3AI score0.01621EPSS
CVE
CVE
added 2013/01/01 12:35 p.m.54 views

CVE-2012-5573

The connection_edge_process_relay_cell function in or/relay.c in Tor before 0.2.3.25 maintains circuits even if an unexpected SENDME cell arrives, which might allow remote attackers to cause a denial of service (memory consumption or excessive cell reception rate) or bypass intended flow-control re...

5CVSS6.4AI score0.02484EPSS
CVE
CVE
added 2020/01/24 6:15 p.m.54 views

CVE-2015-2688

buf_pullup in Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle unexpected arrival times of buffers with invalid layouts, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets.

7.5CVSS7.2AI score0.00568EPSS
CVE
CVE
added 2020/01/24 6:15 p.m.54 views

CVE-2015-2689

Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle pending-connection resolve states during periods of high DNS load, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets.

7.5CVSS7.2AI score0.00648EPSS
CVE
CVE
added 2012/09/14 6:55 p.m.53 views

CVE-2012-4922

The tor_timegm function in common/util.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.22-rc, does not properly validate time values, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed directory object, a different vulnerability than CV...

5CVSS8.8AI score0.05586EPSS
CVE
CVE
added 2014/02/03 3:55 a.m.51 views

CVE-2012-2249

Tor before 0.2.3.23-rc allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a renegotiation attempt that occurs after the initiation of the V3 link protocol.

5CVSS6.7AI score0.00474EPSS
CVE
CVE
added 2017/01/04 8:59 p.m.49 views

CVE-2016-8860

Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal functions that were entitled to expect that buf_t data had NUL termination, but the implementation of or/buffers.c did not ensure that NUL termination was present, which allows remote attackers to cause a denial of service (client, hi...

7.5CVSS7.3AI score0.02682EPSS
CVE
CVE
added 2014/02/03 3:55 a.m.48 views

CVE-2012-2250

Tor before 0.2.3.24-rc allows remote attackers to cause a denial of service (assertion failure and daemon exit) by performing link protocol negotiation incorrectly.

5CVSS6.7AI score0.00474EPSS
CVE
CVE
added 2014/01/17 9:55 p.m.48 views

CVE-2013-7295

Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for (1) relay identity keys and (2) hidden-service identity keys, which might make it easier for remote attacke...

4CVSS6.6AI score0.00134EPSS
CVE
CVE
added 2017/06/09 5:29 p.m.47 views

CVE-2017-0375

The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the relay_send_end_cell_from_edge_ function via a malformed BEGIN cell.

7.5CVSS7.2AI score0.01397EPSS
CVE
CVE
added 2017/07/02 3:29 p.m.45 views

CVE-2017-0377

Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families.

7.5CVSS7.3AI score0.00476EPSS