Filtered by vendor Tor Subscriptions
Total 57 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2006-4508 2 Scatterchat, Tor 2 Scatterchat, Tor 2024-11-21 N/A
Unspecified vulnerability in (1) Tor 0.1.0.x before 0.1.0.18 and 0.1.1.x before 0.1.1.23, and (2) ScatterChat before 1.0.2, allows remote attackers operating a Tor entry node to route arbitrary Tor traffic through clients or cause a denial of service (flood) via unspecified vectors.
CVE-2006-3419 1 Tor 1 Tor 2024-11-21 N/A
Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes (RAND_pseudo_bytes) instead of cryptographically strong RAND_bytes, and seeds the entropy value at start-up with 160-bit chunks without reseeding, which makes it easier for attackers to conduct brute force guessing attacks.
CVE-2006-3418 1 Tor 1 Tor 2024-11-21 N/A
Tor before 0.1.1.20 does not validate that a server descriptor's fingerprint line matches its identity key, which allows remote attackers to spoof the fingerprint line, which might be trusted by users or other applications.
CVE-2006-3417 1 Tor 1 Tor 2024-11-21 N/A
Tor client before 0.1.1.20 prefers entry points based on is_fast or is_stable flags, which could allow remote attackers to be preferred over nodes that are identified as more trustworthy "entry guard" (is_guard) systems by directory authorities.
CVE-2006-3416 1 Tor 1 Tor 2024-11-21 N/A
Tor before 0.1.1.20 kills the circuit when it receives an unrecognized relay command, which causes network circuits to be disbanded. NOTE: while this item is listed under the "Security fixes" section of the developer changelog, the developer clarified on 20060707 that this is only a self-DoS. Therefore this issue should not be included in CVE
CVE-2006-3415 1 Tor 1 Tor 2024-11-21 N/A
Tor before 0.1.1.20 uses improper logic to validate the "OR" destination, which allows remote attackers to perform a man-in-the-middle (MITM) attack via unspecified vectors.
CVE-2006-3414 1 Tor 1 Tor 2024-11-21 N/A
Tor before 0.1.1.20 supports server descriptors that contain hostnames instead of IP addresses, which allows remote attackers to arbitrarily group users by providing preferential address resolution.
CVE-2006-3413 1 Tor 1 Tor 2024-11-21 N/A
The privoxy configuration file in Tor before 0.1.1.20, when run on Apple OS X, logs all data via the "logfile", which allows attackers to obtain potentially sensitive information.
CVE-2006-3412 1 Tor 1 Tor 2024-11-21 N/A
Tor before 0.1.1.20 does not sufficiently obey certain firewall options, which allows remote attackers to bypass intended access restrictions for dirservers, direct connections, or proxy servers.
CVE-2006-3411 1 Tor 1 Tor 2024-11-21 N/A
TLS handshakes in Tor before 0.1.1.20 generate public-private keys based on TLS context rather than the connection, which makes it easier for remote attackers to conduct brute force attacks on the encryption keys.
CVE-2006-3410 1 Tor 1 Tor 2024-11-21 N/A
Tor before 0.1.1.20 creates "internal circuits" primarily consisting of nodes with "useful exit nodes," which allows remote attackers to conduct unspecified statistical attacks.
CVE-2006-3409 1 Tor 1 Tor 2024-11-21 N/A
Integer overflow in Tor before 0.1.1.20 allows remote attackers to execute arbitrary code via crafted large inputs, which result in a buffer overflow when elements are added to smartlists.
CVE-2006-3408 1 Tor 1 Tor 2024-11-21 N/A
Unspecified vulnerability in the directory server (dirserver) in Tor before 0.1.1.20 allows remote attackers to cause an unspecified denial of service via unknown vectors.
CVE-2006-3407 1 Tor 1 Tor 2024-11-21 N/A
Tor before 0.1.1.20 allows remote attackers to spoof log entries or possibly execute shell code via strings with non-printable characters.
CVE-2006-0414 1 Tor 1 Tor 2024-11-21 N/A
Tor before 0.1.1.20 allows remote attackers to identify hidden services via a malicious Tor server that attempts a large number of accesses of the hidden service, which eventually causes a circuit to be built through the malicious server.
CVE-2005-2643 1 Tor 1 Tor 2024-11-21 N/A
Tor 0.1.0.13 and earlier, and experimental versions 0.1.1.4-alpha and earlier, does not reject certain weak keys when using ephemeral Diffie-Hellman (DH) handshakes, which allows malicious Tor servers to obtain the keys that a client uses for other systems in the circuit.
CVE-2005-2050 1 Tor 1 Tor 2024-11-20 N/A
Unknown vulnerability in Tor before 0.1.0.10 allows remote attackers to read arbitrary memory and possibly key information from the exit server's process space.