Vulnerabilities > TOR > TOR > 0.2.2.32
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-12-23 | CVE-2011-4895 | Information Exposure vulnerability in TOR Tor before 0.2.2.34, when configured as a bridge, sets up circuits through a process different from the process used by a client, which makes it easier for remote attackers to enumerate bridges by observing circuit building. | 4.3 |
| 2011-12-23 | CVE-2011-4894 | Information Exposure vulnerability in TOR Tor before 0.2.2.34, when configured as a bridge, uses direct DirPort access instead of a Tor TLS connection for a directory fetch, which makes it easier for remote attackers to enumerate bridges by observing DirPort connections. | 4.3 |
| 2011-12-23 | CVE-2011-2778 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in TOR Multiple heap-based buffer overflows in Tor before 0.2.2.35 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by (1) establishing a SOCKS connection to SocksPort or (2) leveraging a SOCKS proxy configuration. | 7.6 |
| 2011-12-23 | CVE-2011-2769 | Information Exposure vulnerability in TOR Tor before 0.2.2.34, when configured as a bridge, accepts the CREATE and CREATE_FAST values in the Command field of a cell within an OR connection that it initiated, which allows remote relays to enumerate bridges by using these values. | 4.3 |
| 2011-12-23 | CVE-2011-2768 | Permissions, Privileges, and Access Controls vulnerability in TOR Tor before 0.2.2.34, when configured as a client or bridge, sends a TLS certificate chain as part of an outgoing OR connection, which allows remote relays to bypass intended anonymity properties by reading this chain and then determining the set of entry guards that the client or bridge had selected. | 5.8 |