Vulnerabilities > Torproject > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-30 | CVE-2019-13075 | Information Exposure vulnerability in Torproject TOR Browser Tor Browser through 8.5.3 has an information exposure vulnerability. | 5.0 |
| 2019-05-28 | CVE-2019-12383 | Information Exposure Through Discrepancy vulnerability in Torproject TOR Browser Tor Browser before 8.0.1 has an information exposure vulnerability. | 4.3 |
| 2019-02-21 | CVE-2019-8955 | Allocation of Resources Without Limits or Throttling vulnerability in Torproject TOR In Tor before 0.3.3.12, 0.3.4.x before 0.3.4.11, 0.3.5.x before 0.3.5.8, and 0.4.x before 0.4.0.2-alpha, remote denial of service against Tor clients and relays can occur via memory exhaustion in the KIST cell scheduler. | 5.0 |
| 2018-09-14 | CVE-2017-16639 | Information Exposure vulnerability in Torproject TOR Browser Tor Browser on Windows before 8.0 allows remote attackers to bypass the intended anonymity feature and discover a client IP address, a different vulnerability than CVE-2017-16541. | 4.3 |
| 2018-06-11 | CVE-2016-9079 | Use After Free vulnerability in multiple products A use-after-free vulnerability in SVG Animation has been discovered. | 5.0 |
| 2018-03-05 | CVE-2018-0491 | Use After Free vulnerability in Torproject TOR A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. | 5.0 |
| 2018-03-05 | CVE-2018-0490 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before 0.3.1.10, and 0.3.2.x before 0.3.2.10. | 5.0 |
| 2017-11-04 | CVE-2017-16541 | Information Exposure vulnerability in multiple products Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. | 4.3 |
| 2017-09-18 | CVE-2017-0380 | Information Exposure Through Log Files vulnerability in Torproject TOR The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive information by leveraging access to the log files of a hidden service, because uninitialized stack data is included in an error message about construction of an introduction point circuit. | 4.3 |
| 2017-07-02 | CVE-2017-0377 | Information Exposure vulnerability in Torproject TOR Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families. | 5.0 |