Known Vulnerabilities for products from Torproject
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Torproject".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-23589 json | The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the saf... | 6.5 - MEDIUM | 2023-01-14 | 2023-11-07 |
| CVE-2022-33903 json | Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging of RTT estimation. | 7.5 - HIGH | 2022-07-17 | 2023-05-03 |
| CVE-2021-46702 json | Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to information disclosure. This could allow local attackers to bypa... | 5.5 - MEDIUM | 2022-02-26 | 2022-03-10 |
| CVE-2021-39246 json | Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack that can compromise the privacy of visits to v... | 6.1 - MEDIUM | 2021-09-24 | 2021-10-01 |
| CVE-2021-38385 json | Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signat... | 7.5 - HIGH | 2021-08-30 | 2023-05-03 |
| CVE-2021-34550 json | An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The v3 onion service descriptor parsing allows out-of-boun... | 7.5 - HIGH | 2021-06-29 | 2021-09-20 |
| CVE-2021-34549 json | An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit dat... | 7.5 - HIGH | 2021-06-29 | 2022-07-12 |
| CVE-2021-34548 json | An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-003. An attacker can forge RELAY_END or RELAY_RESOLVED to bypas... | 7.5 - HIGH | 2021-06-29 | 2023-08-08 |
| CVE-2021-28090 json | Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2... | 5.3 - MEDIUM | 2021-03-19 | 2023-11-07 |
| CVE-2021-28089 json | Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-... | 7.5 - HIGH | 2021-03-19 | 2023-11-07 |
| CVE-2020-15572 json | Tor before 0.4.3.6 has an out-of-bounds memory access that allows a remote denial-of-service (crash) attack against Tor insta... | 7.5 - HIGH | 2020-07-15 | 2021-07-21 |
| CVE-2020-10593 json | Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (m... | 7.5 - HIGH | 2020-03-23 | 2023-02-03 |
| CVE-2020-10592 json | Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (C... | 7.5 - HIGH | 2020-03-23 | 2022-01-01 |
| CVE-2020-8516 json | ** DISPUTED ** The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known ... | 5.3 - MEDIUM | 2020-02-02 | 2023-11-07 |
| CVE-2019-13075 json | Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's langu... | 5.3 - MEDIUM | 2019-06-30 | 2019-07-08 |
| CVE-2019-12383 json | Tor Browser before 8.0.1 has an information exposure vulnerability. It allows remote attackers to detect the browser's UI loc... | 4.3 - MEDIUM | 2019-05-28 | 2023-03-24 |
| CVE-2019-8955 json | In Tor before 0.3.3.12, 0.3.4.x before 0.3.4.11, 0.3.5.x before 0.3.5.8, and 0.4.x before 0.4.0.2-alpha, remote denial of ser... | 7.5 - HIGH | 2019-02-21 | 2020-08-24 |
| CVE-2018-16983 json | NoScript Classic before 5.1.8.7, as used in Tor Browser 7.x and other products, allows attackers to bypass script blocking vi... | 9.8 - CRITICAL | 2018-09-13 | 2019-10-03 |
| CVE-2018-0491 json | A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. It allows remote attackers to cause a denial of service... | 7.5 - HIGH | 2018-03-05 | 2019-03-26 |
| CVE-2018-0490 json | An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before 0.3.1.10, and 0.3.2.x before 0.3.2.10. The directory-authority... | 7.5 - HIGH | 2018-03-05 | 2019-04-30 |
Known software with vulnerabilities from Torproject
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Torproject | Tor | - |
| Application | Torproject | Tor Browser | - |