TorCVEs & Vulnerabilities

57 CVEs affecting Tor products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

tor 5,068
CVE-2006-3414MEDIUM

Tor before 0.1.1.20 supports server descriptors that contain hostnames instead of IP addresses, which allows remote attackers to arbitrarily group users by providing preferential address resolution.

7 Jul 2006
5.0
CVSS
CVE-2006-3415MEDIUM

Tor before 0.1.1.20 uses improper logic to validate the "OR" destination, which allows remote attackers to perform a man-in-the-middle (MITM) attack via unspecified vectors.

7 Jul 2006
6.4
CVSS
CVE-2006-3416MEDIUM

Tor before 0.1.1.20 kills the circuit when it receives an unrecognized relay command, which causes network circuits to be disbanded. NOTE: while this item is listed under the "Security fixes" section of the developer changelog, the developer clarified on 20060707 that this is only a self-DoS. Therefore this issue should not be included in CVE

7 Jul 2006
5.0
CVSS
CVE-2006-3417MEDIUM

Tor client before 0.1.1.20 prefers entry points based on is_fast or is_stable flags, which could allow remote attackers to be preferred over nodes that are identified as more trustworthy "entry guard" (is_guard) systems by directory authorities.

7 Jul 2006
6.4
CVSS
CVE-2006-3418MEDIUM

Tor before 0.1.1.20 does not validate that a server descriptor's fingerprint line matches its identity key, which allows remote attackers to spoof the fingerprint line, which might be trusted by users or other applications.

7 Jul 2006
5.0
CVSS
CVE-2006-3419MEDIUM

Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes (RAND_pseudo_bytes) instead of cryptographically strong RAND_bytes, and seeds the entropy value at start-up with 160-bit chunks without reseeding, which makes it easier for attackers to conduct brute force guessing attacks.

7 Jul 2006
5.0
CVSS
CVE-2006-0414MEDIUM

Tor before 0.1.1.20 allows remote attackers to identify hidden services via a malicious Tor server that attempts a large number of accesses of the hidden service, which eventually causes a circuit to be built through the malicious server.

25 Jan 2006
5.0
CVSS
CVE-2005-2643MEDIUM

Tor 0.1.0.13 and earlier, and experimental versions 0.1.1.4-alpha and earlier, does not reject certain weak keys when using ephemeral Diffie-Hellman (DH) handshakes, which allows malicious Tor servers to obtain the keys that a client uses for other systems in the circuit.

23 Aug 2005
5.0
CVSS
CVE-2005-2050MEDIUM

Unknown vulnerability in Tor before 0.1.0.10 allows remote attackers to read arbitrary memory and possibly key information from the exit server's process space.

28 Jun 2005
5.0
CVSS
← PrevPage 2 / 2Next →