Known Vulnerabilities for products from Torproject
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Torproject".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-39246 | Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack that can compromise the privacy of visits to v... | 6.1 - MEDIUM | 2021-09-24 | 2021-10-01 |
| CVE-2021-38385 | Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signat... | 7.5 - HIGH | 2021-08-30 | 2023-05-03 |
| CVE-2021-34550 | An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The v3 onion service descriptor parsing allows out-of-boun... | 7.5 - HIGH | 2021-06-29 | 2021-09-20 |
| CVE-2021-34549 | An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit dat... | 7.5 - HIGH | 2021-06-29 | 2022-07-12 |
| CVE-2021-34548 | An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-003. An attacker can forge RELAY_END or RELAY_RESOLVED to bypas... | 7.5 - HIGH | 2021-06-29 | 2023-08-08 |
| CVE-2021-28090 | Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2... | 5.3 - MEDIUM | 2021-03-19 | 2023-11-07 |
| CVE-2021-28089 | Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-... | 7.5 - HIGH | 2021-03-19 | 2023-11-07 |
| CVE-2020-15572 | Tor before 0.4.3.6 has an out-of-bounds memory access that allows a remote denial-of-service (crash) attack against Tor insta... | 7.5 - HIGH | 2020-07-15 | 2021-07-21 |
| CVE-2020-10593 | Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (m... | 7.5 - HIGH | 2020-03-23 | 2023-02-03 |
| CVE-2020-10592 | Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (C... | 7.5 - HIGH | 2020-03-23 | 2022-01-01 |
| CVE-2020-8516 | ** DISPUTED ** The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known ... | 5.3 - MEDIUM | 2020-02-02 | 2023-11-07 |
| CVE-2019-13075 | Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's langu... | 5.3 - MEDIUM | 2019-06-30 | 2019-07-08 |
| CVE-2019-12383 | Tor Browser before 8.0.1 has an information exposure vulnerability. It allows remote attackers to detect the browser's UI loc... | 4.3 - MEDIUM | 2019-05-28 | 2023-03-24 |
| CVE-2019-8955 | In Tor before 0.3.3.12, 0.3.4.x before 0.3.4.11, 0.3.5.x before 0.3.5.8, and 0.4.x before 0.4.0.2-alpha, remote denial of ser... | 7.5 - HIGH | 2019-02-21 | 2020-08-24 |
| CVE-2018-16983 | NoScript Classic before 5.1.8.7, as used in Tor Browser 7.x and other products, allows attackers to bypass script blocking vi... | 9.8 - CRITICAL | 2018-09-13 | 2019-10-03 |
| CVE-2018-0491 | A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. It allows remote attackers to cause a denial of service... | 7.5 - HIGH | 2018-03-05 | 2019-03-26 |
| CVE-2018-0490 | An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before 0.3.1.10, and 0.3.2.x before 0.3.2.10. The directory-authority... | 7.5 - HIGH | 2018-03-05 | 2019-04-30 |
| CVE-2017-16639 | Tor Browser on Windows before 8.0 allows remote attackers to bypass the intended anonymity feature and discover a client IP a... | 4.3 - MEDIUM | 2018-09-14 | 2018-11-26 |
| CVE-2017-16541 | Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a c... | 6.5 - MEDIUM | 2017-11-04 | 2022-04-18 |
| CVE-2017-0380 | The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x befo... | 5.9 - MEDIUM | 2017-09-18 | 2017-11-06 |
Known software with vulnerabilities from Torproject
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Torproject | Tor | - |
| Application | Torproject | Tor Browser | - |