Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Tor
(Torproject)| Repositories | https://github.com/torproject/tor |
| #Vulnerabilities | 35 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-06-11 | CVE-2016-9079 | A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1. | Debian_linux, Firefox, Firefox_esr, Thunderbird, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_workstation, Tor | 7.5 | ||
| 2020-02-02 | CVE-2020-8516 | The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to discover circuit information. NOTE: The network team of Tor claims this is an intended behavior and not a vulnerability | Tor | 5.3 | ||
| 2020-07-15 | CVE-2020-15572 | Tor before 0.4.3.6 has an out-of-bounds memory access that allows a remote denial-of-service (crash) attack against Tor instances built to use Mozilla Network Security Services (NSS), aka TROVE-2020-001. | Tor | 7.5 | ||
| 2021-03-19 | CVE-2021-28089 | Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001. | Fedora, Tor | 7.5 | ||
| 2021-03-19 | CVE-2021-28090 | Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002. | Fedora, Tor | 5.3 |