Vulnerabilities > Torproject

DATE CVE VULNERABILITY TITLE RISK
2019-02-21 CVE-2019-8955 Allocation of Resources Without Limits or Throttling vulnerability in Torproject TOR
In Tor before 0.3.3.12, 0.3.4.x before 0.3.4.11, 0.3.5.x before 0.3.5.8, and 0.4.x before 0.4.0.2-alpha, remote denial of service against Tor clients and relays can occur via memory exhaustion in the KIST cell scheduler.
network
low complexity
torproject CWE-770
7.5
2018-09-14 CVE-2017-16639 Information Exposure vulnerability in Torproject TOR Browser
Tor Browser on Windows before 8.0 allows remote attackers to bypass the intended anonymity feature and discover a client IP address, a different vulnerability than CVE-2017-16541.
network
low complexity
torproject CWE-200
4.3
2018-09-13 CVE-2018-16983 NoScript Classic before 5.1.8.7, as used in Tor Browser 7.x and other products, allows attackers to bypass script blocking via the text/html;/json Content-Type value.
network
low complexity
noscript torproject
critical
9.8
2018-06-11 CVE-2016-9079 Use After Free vulnerability in multiple products
A use-after-free vulnerability in SVG Animation has been discovered.
network
low complexity
debian redhat mozilla torproject CWE-416
7.5
2018-03-05 CVE-2018-0491 Use After Free vulnerability in Torproject TOR
A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10.
network
low complexity
torproject CWE-416
7.5
2018-03-05 CVE-2018-0490 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before 0.3.1.10, and 0.3.2.x before 0.3.2.10.
network
low complexity
torproject debian CWE-476
7.5
2017-12-05 CVE-2016-1254 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.
7.5
2017-11-04 CVE-2017-16541 Information Exposure vulnerability in multiple products
Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil.
network
low complexity
torproject redhat debian CWE-200
6.5
2017-09-18 CVE-2017-0380 Information Exposure Through Log Files vulnerability in Torproject TOR
The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive information by leveraging access to the log files of a hidden service, because uninitialized stack data is included in an error message about construction of an introduction point circuit.
network
high complexity
torproject CWE-532
5.9
2017-07-02 CVE-2017-0377 Information Exposure vulnerability in Torproject TOR
Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families.
network
low complexity
torproject CWE-200
7.5