Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Tor Subscribe

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 57 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-3415 1 Tor 1 Tor 2008-09-05 6.4 MEDIUM N/A
Tor before 0.1.1.20 uses improper logic to validate the "OR" destination, which allows remote attackers to perform a man-in-the-middle (MITM) attack via unspecified vectors.
CVE-2006-3417 1 Tor 1 Tor 2008-09-05 6.4 MEDIUM N/A
Tor client before 0.1.1.20 prefers entry points based on is_fast or is_stable flags, which could allow remote attackers to be preferred over nodes that are identified as more trustworthy "entry guard" (is_guard) systems by directory authorities.
CVE-2006-3414 1 Tor 1 Tor 2008-09-05 5.0 MEDIUM N/A
Tor before 0.1.1.20 supports server descriptors that contain hostnames instead of IP addresses, which allows remote attackers to arbitrarily group users by providing preferential address resolution.
CVE-2006-3413 1 Tor 1 Tor 2008-09-05 5.0 MEDIUM N/A
The privoxy configuration file in Tor before 0.1.1.20, when run on Apple OS X, logs all data via the "logfile", which allows attackers to obtain potentially sensitive information.
CVE-2006-3412 1 Tor 1 Tor 2008-09-05 6.4 MEDIUM N/A
Tor before 0.1.1.20 does not sufficiently obey certain firewall options, which allows remote attackers to bypass intended access restrictions for dirservers, direct connections, or proxy servers.
CVE-2006-3418 1 Tor 1 Tor 2008-09-05 5.0 MEDIUM N/A
Tor before 0.1.1.20 does not validate that a server descriptor's fingerprint line matches its identity key, which allows remote attackers to spoof the fingerprint line, which might be trusted by users or other applications.
CVE-2006-3419 1 Tor 1 Tor 2008-09-05 5.0 MEDIUM N/A
Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes (RAND_pseudo_bytes) instead of cryptographically strong RAND_bytes, and seeds the entropy value at start-up with 160-bit chunks without reseeding, which makes it easier for attackers to conduct brute force guessing attacks.