Filtered by vendor Tor
Subscribe
Total
57 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-4508 | 2 Scatterchat, Tor | 2 Scatterchat, Tor | 2024-11-21 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in (1) Tor 0.1.0.x before 0.1.0.18 and 0.1.1.x before 0.1.1.23, and (2) ScatterChat before 1.0.2, allows remote attackers operating a Tor entry node to route arbitrary Tor traffic through clients or cause a denial of service (flood) via unspecified vectors. | |||||
| CVE-2006-3419 | 1 Tor | 1 Tor | 2024-11-21 | 5.0 MEDIUM | N/A |
| Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes (RAND_pseudo_bytes) instead of cryptographically strong RAND_bytes, and seeds the entropy value at start-up with 160-bit chunks without reseeding, which makes it easier for attackers to conduct brute force guessing attacks. | |||||
| CVE-2006-3418 | 1 Tor | 1 Tor | 2024-11-21 | 5.0 MEDIUM | N/A |
| Tor before 0.1.1.20 does not validate that a server descriptor's fingerprint line matches its identity key, which allows remote attackers to spoof the fingerprint line, which might be trusted by users or other applications. | |||||
| CVE-2006-3417 | 1 Tor | 1 Tor | 2024-11-21 | 6.4 MEDIUM | N/A |
| Tor client before 0.1.1.20 prefers entry points based on is_fast or is_stable flags, which could allow remote attackers to be preferred over nodes that are identified as more trustworthy "entry guard" (is_guard) systems by directory authorities. | |||||
| CVE-2006-3416 | 1 Tor | 1 Tor | 2024-11-21 | 5.0 MEDIUM | N/A |
| Tor before 0.1.1.20 kills the circuit when it receives an unrecognized relay command, which causes network circuits to be disbanded. NOTE: while this item is listed under the "Security fixes" section of the developer changelog, the developer clarified on 20060707 that this is only a self-DoS. Therefore this issue should not be included in CVE | |||||
| CVE-2006-3415 | 1 Tor | 1 Tor | 2024-11-21 | 6.4 MEDIUM | N/A |
| Tor before 0.1.1.20 uses improper logic to validate the "OR" destination, which allows remote attackers to perform a man-in-the-middle (MITM) attack via unspecified vectors. | |||||
| CVE-2006-3414 | 1 Tor | 1 Tor | 2024-11-21 | 5.0 MEDIUM | N/A |
| Tor before 0.1.1.20 supports server descriptors that contain hostnames instead of IP addresses, which allows remote attackers to arbitrarily group users by providing preferential address resolution. | |||||
| CVE-2006-3413 | 1 Tor | 1 Tor | 2024-11-21 | 5.0 MEDIUM | N/A |
| The privoxy configuration file in Tor before 0.1.1.20, when run on Apple OS X, logs all data via the "logfile", which allows attackers to obtain potentially sensitive information. | |||||
| CVE-2006-3412 | 1 Tor | 1 Tor | 2024-11-21 | 6.4 MEDIUM | N/A |
| Tor before 0.1.1.20 does not sufficiently obey certain firewall options, which allows remote attackers to bypass intended access restrictions for dirservers, direct connections, or proxy servers. | |||||
| CVE-2006-3411 | 1 Tor | 1 Tor | 2024-11-21 | 6.4 MEDIUM | N/A |
| TLS handshakes in Tor before 0.1.1.20 generate public-private keys based on TLS context rather than the connection, which makes it easier for remote attackers to conduct brute force attacks on the encryption keys. | |||||
| CVE-2006-3410 | 1 Tor | 1 Tor | 2024-11-21 | 5.0 MEDIUM | N/A |
| Tor before 0.1.1.20 creates "internal circuits" primarily consisting of nodes with "useful exit nodes," which allows remote attackers to conduct unspecified statistical attacks. | |||||
| CVE-2006-3409 | 1 Tor | 1 Tor | 2024-11-21 | 7.5 HIGH | N/A |
| Integer overflow in Tor before 0.1.1.20 allows remote attackers to execute arbitrary code via crafted large inputs, which result in a buffer overflow when elements are added to smartlists. | |||||
| CVE-2006-3408 | 1 Tor | 1 Tor | 2024-11-21 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the directory server (dirserver) in Tor before 0.1.1.20 allows remote attackers to cause an unspecified denial of service via unknown vectors. | |||||
| CVE-2006-3407 | 1 Tor | 1 Tor | 2024-11-21 | 6.4 MEDIUM | N/A |
| Tor before 0.1.1.20 allows remote attackers to spoof log entries or possibly execute shell code via strings with non-printable characters. | |||||
| CVE-2006-0414 | 1 Tor | 1 Tor | 2024-11-21 | 5.0 MEDIUM | N/A |
| Tor before 0.1.1.20 allows remote attackers to identify hidden services via a malicious Tor server that attempts a large number of accesses of the hidden service, which eventually causes a circuit to be built through the malicious server. | |||||
| CVE-2005-2643 | 1 Tor | 1 Tor | 2024-11-21 | 5.0 MEDIUM | N/A |
| Tor 0.1.0.13 and earlier, and experimental versions 0.1.1.4-alpha and earlier, does not reject certain weak keys when using ephemeral Diffie-Hellman (DH) handshakes, which allows malicious Tor servers to obtain the keys that a client uses for other systems in the circuit. | |||||
| CVE-2005-2050 | 1 Tor | 1 Tor | 2024-11-20 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Tor before 0.1.0.10 allows remote attackers to read arbitrary memory and possibly key information from the exit server's process space. | |||||