Vulnerabilities > Torproject
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-21 | CVE-2019-8955 | Allocation of Resources Without Limits or Throttling vulnerability in Torproject TOR In Tor before 0.3.3.12, 0.3.4.x before 0.3.4.11, 0.3.5.x before 0.3.5.8, and 0.4.x before 0.4.0.2-alpha, remote denial of service against Tor clients and relays can occur via memory exhaustion in the KIST cell scheduler. | 5.0 |
| 2018-09-14 | CVE-2017-16639 | Information Exposure vulnerability in Torproject TOR Browser Tor Browser on Windows before 8.0 allows remote attackers to bypass the intended anonymity feature and discover a client IP address, a different vulnerability than CVE-2017-16541. | 4.3 |
| 2018-09-13 | CVE-2018-16983 | NoScript Classic before 5.1.8.7, as used in Tor Browser 7.x and other products, allows attackers to bypass script blocking via the text/html;/json Content-Type value. | 7.5 |
| 2018-06-11 | CVE-2016-9079 | Use After Free vulnerability in multiple products A use-after-free vulnerability in SVG Animation has been discovered. | 5.0 |
| 2018-03-05 | CVE-2018-0491 | Use After Free vulnerability in Torproject TOR A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. | 5.0 |
| 2018-03-05 | CVE-2018-0490 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before 0.3.1.10, and 0.3.2.x before 0.3.2.10. | 5.0 |
| 2017-12-05 | CVE-2016-1254 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor. | 7.5 |
| 2017-11-04 | CVE-2017-16541 | Information Exposure vulnerability in multiple products Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. | 4.3 |
| 2017-09-18 | CVE-2017-0380 | Information Exposure Through Log Files vulnerability in Torproject TOR The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive information by leveraging access to the log files of a hidden service, because uninitialized stack data is included in an error message about construction of an introduction point circuit. | 4.3 |
| 2017-07-02 | CVE-2017-0377 | Information Exposure vulnerability in Torproject TOR Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families. | 5.0 |