Total
41 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1254 | 5 Debian, Fedoraproject, Opensuse and 2 more | 6 Debian Linux, Fedora, Leap and 3 more | 2026-05-13 | 5.0 MEDIUM | 7.5 HIGH |
| Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor. | |||||
| CVE-2017-16541 | 5 Apple, Debian, Linux and 2 more | 10 Macos, Debian Linux, Linux Kernel and 7 more | 2026-05-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected. | |||||
| CVE-2017-0377 | 1 Torproject | 1 Tor | 2026-05-13 | 5.0 MEDIUM | 7.5 HIGH |
| Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families. | |||||
| CVE-2017-0380 | 1 Torproject | 1 Tor | 2026-05-13 | 4.3 MEDIUM | 5.9 MEDIUM |
| The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive information by leveraging access to the log files of a hidden service, because uninitialized stack data is included in an error message about construction of an introduction point circuit. | |||||
| CVE-2017-0376 | 2 Debian, Torproject | 2 Debian Linux, Tor | 2026-05-13 | 5.0 MEDIUM | 7.5 HIGH |
| The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the connection_edge_process_relay_cell function via a BEGIN_DIR cell on a rendezvous circuit. | |||||
| CVE-2017-0375 | 1 Torproject | 1 Tor | 2026-05-13 | 5.0 MEDIUM | 7.5 HIGH |
| The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the relay_send_end_cell_from_edge_ function via a malformed BEGIN cell. | |||||
| CVE-2026-44601 | 1 Torproject | 1 Tor | 2026-05-08 | N/A | 3.7 LOW |
| Tor before 0.4.9.7, when circuit queue memory pressure exists, can experience a client crash because of a double close of a circuit, aka TROVE-2026-009. | |||||
| CVE-2026-44602 | 1 Torproject | 1 Tor | 2026-05-08 | N/A | 3.7 LOW |
| Tor before 0.4.9.7 has a NULL pointer dereference when a CERT cell is received out of order, aka TROVE-2026-006. | |||||
| CVE-2026-44597 | 1 Torproject | 1 Tor | 2026-05-07 | N/A | 3.7 LOW |
| Tor before 0.4.9.7 has an out-of-bounds read when an END, a TRUNCATE, or a TRUNCATED cell lacks a reason in its payload, aka TROVE-2026-011. | |||||
| CVE-2026-44599 | 1 Torproject | 1 Tor | 2026-05-07 | N/A | 3.7 LOW |
| Tor before 0.4.9.7 can attempt or accept BEGIN_DIR via conflux legs, aka TROVE-2026-008. | |||||
| CVE-2026-44600 | 1 Torproject | 1 Tor | 2026-05-07 | N/A | 3.7 LOW |
| Tor before 0.4.9.7 mishandles accounting of the conflux out-of-order queue during the clearing of a queue, aka TROVE-2026-010. | |||||
| CVE-2026-44603 | 1 Torproject | 1 Tor | 2026-05-07 | N/A | 3.7 LOW |
| Tor before 0.4.9.7 has an out-of-bounds read by one byte via a malformed BEGIN cell, aka TROVE-2026-007. | |||||
| CVE-2016-8860 | 1 Torproject | 1 Tor | 2026-05-06 | 5.0 MEDIUM | 7.5 HIGH |
| Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal functions that were entitled to expect that buf_t data had NUL termination, but the implementation of or/buffers.c did not ensure that NUL termination was present, which allows remote attackers to cause a denial of service (client, hidden service, relay, or authority crash) via crafted data. | |||||
| CVE-2014-5117 | 1 Torproject | 1 Tor | 2026-05-06 | 5.8 MEDIUM | N/A |
| Tor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a circuit after an inbound RELAY_EARLY cell is received by a client, which makes it easier for remote attackers to conduct traffic-confirmation attacks by using the pattern of RELAY and RELAY_EARLY cells as a means of communicating information about hidden service names. | |||||
| CVE-2013-7295 | 1 Torproject | 1 Tor | 2026-04-29 | 4.0 MEDIUM | N/A |
| Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for (1) relay identity keys and (2) hidden-service identity keys, which might make it easier for remote attackers to bypass cryptographic protection mechanisms via unspecified vectors. | |||||
| CVE-2012-4419 | 1 Torproject | 1 Tor | 2026-04-29 | 5.0 MEDIUM | N/A |
| The compare_tor_addr_to_addr_policy function in or/policies.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a zero-valued port field that is not properly handled during policy comparison. | |||||
| CVE-2012-5573 | 1 Torproject | 1 Tor | 2026-04-29 | 5.0 MEDIUM | N/A |
| The connection_edge_process_relay_cell function in or/relay.c in Tor before 0.2.3.25 maintains circuits even if an unexpected SENDME cell arrives, which might allow remote attackers to cause a denial of service (memory consumption or excessive cell reception rate) or bypass intended flow-control restrictions via a RELAY_COMMAND_SENDME command. | |||||
| CVE-2012-2249 | 1 Torproject | 1 Tor | 2026-04-29 | 5.0 MEDIUM | N/A |
| Tor before 0.2.3.23-rc allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a renegotiation attempt that occurs after the initiation of the V3 link protocol. | |||||
| CVE-2012-4922 | 1 Torproject | 1 Tor | 2026-04-29 | 5.0 MEDIUM | N/A |
| The tor_timegm function in common/util.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.22-rc, does not properly validate time values, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed directory object, a different vulnerability than CVE-2012-4419. | |||||
| CVE-2012-2250 | 1 Torproject | 1 Tor | 2026-04-29 | 5.0 MEDIUM | N/A |
| Tor before 0.2.3.24-rc allows remote attackers to cause a denial of service (assertion failure and daemon exit) by performing link protocol negotiation incorrectly. | |||||