CRITICAL9.1CVE-2026-44603Tor before 0.4.9.7 has an out-of-bounds read by one byte via a malformed BEGIN cell, aka TROVE-2026-007. from 0
CRITICAL9.1CVE-2026-44597Tor before 0.4.9.7 has an out-of-bounds read when an END, a TRUNCATE, or a TRUNCATED cell lacks a reason in its payload, aka TROVE-2026-011. from 0
HIGH8.1In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, there…
from 0, < 0.3.1.9-1
HIGH7.5Tor before 0.4.9.7 has a NULL pointer dereference when a CERT cell is received out of order, aka TROVE-2026-006.
from 0
HIGH7.5Tor before 0.4.9.7, when circuit queue memory pressure exists, can experience a client crash because of a double close of a circuit, aka TR…
from 0
HIGH7.5Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging of RTT estimation.
from 0, < 0.4.7.8-1
HIGH7.5tor - security update
from 0, < 0.3.5.16-1
HIGH7.5tor - security update
from 0, < 0.4.5.10-1~deb11u1
HIGH7.5An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006.
from 0, < 0.4.5.9-1
HIGH7.5An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005.
from 0, < 0.4.5.9-1
HIGH7.5tor - security update
from 0, < 0.4.5.9-1
HIGH7.5tor - security update
from 0, < 0.3.5.15-1
HIGH7.5tor - security update
from 0, < 0.3.5.14-1
HIGH7.5tor - security update
from 0, < 0.4.5.7-1
HIGH7.5Tor before 0.4.3.6 has an out-of-bounds memory access that allows a remote denial-of-service (crash) attack against Tor instances built to…
from 0, < 0.4.3.6-1
HIGH7.5Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak), a…
from 0, < 0.4.2.7-1
HIGH7.5tor - security update
from 0, < 0.3.5.10-1
HIGH7.5tor - security update
from 0, < 0.4.2.7-1
HIGH7.5The Hidden Service (HS) client implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote ser…
from 0, < 0.2.5.12-1
HIGH7.5tor - security update
from 0, < 0.2.4.27-1~deb6u1
HIGH7.5tor - security update
from 0, < 0.2.4.27-1
HIGH7.5tor - security update
from 0, < 0.2.5.12-1
HIGH7.5Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle pending-connection resolve states during periods of high DNS load,…
from 0, < 0.2.5.11-1
HIGH7.5tor - security update
from 0, < 0.2.5.11-1
HIGH7.5tor - security update
from 0, < 0.2.4.26-1
HIGH7.5tor - security update
from 0, < 0.2.4.26-1~deb6u1
HIGH7.5In Tor before 0.3.3.12, 0.3.4.x before 0.3.4.11, 0.3.5.x before 0.3.5.8, and 0.4.x before 0.4.0.2-alpha, remote denial of service against T…
from 0, < 0.3.5.8-1
HIGH7.5A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10.
from 0, < 0.3.2.10-1
HIGH7.5tor - security update
from 0, < 0.2.9.15-1
HIGH7.5tor - security update
from 0, < 0.3.2.10-1
HIGH7.5tor - security update
from 0, < 0.2.9.8-2
HIGH7.5tor - security update
from 0, < 0.2.4.27-3
HIGH7.5tor - security update
from 0, < 0.2.5.12-4
HIGH7.5In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, an att…
from 0, < 0.3.1.9-1
HIGH7.5In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, remote…
from 0, < 0.3.1.9-1
HIGH7.5tor - security update
from 0, < 0.3.1.9-1
HIGH7.5tor - security update
from 0, < 0.2.5.16-1
HIGH7.5debian/tor.init in the Debian tor_0.2.9.11-1~deb9u1 package for Tor was designed to execute aa-exec from the standard system pathname if th…
from 0, < 0.3.1.7-1
HIGH7.5tor - security update
from 0, < 0.2.5.14-1
HIGH7.5tor - security update
from 0, < 0.2.4.29-1
HIGH7.5tor - security update
from 0, < 0.2.9.11-1
HIGH7.5tor - security update
from 0, < 0.2.4.27-2
HIGH7.5tor - security update
from 0, < 0.2.8.9-1
HIGH7.5tor - security update
from 0, < 0.2.5.12-3
MEDIUM6.5tor - security update
from 0, < 0.4.5.16-1
MEDIUM6.5tor - security update
from 0, < 0.4.5.16-1
MEDIUM6.5tor - security update
from 0, < 0.3.5.16-1+deb10u1
MEDIUM5.9tor - security update
from 0, < 0.2.9.12-1
MEDIUM5.9tor - security update
from 0, < 0.3.1.7-1
MEDIUM5.3Tor before 0.4.9.7 mishandles accounting of the conflux out-of-order queue during the clearing of a queue, aka TROVE-2026-010.
from 0
MEDIUM5.3Tor before 0.4.9.7 can attempt or accept BEGIN_DIR via conflux legs, aka TROVE-2026-008.
from 0
MEDIUM5.3Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002.
from 0, < 0.4.5.7-1
MEDIUM5.3The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect…
from 0
LOW3.7In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, relays…
from 0, < 0.3.1.9-1
—A security flaw has been discovered in Tor up to 0.4.7.16/0.4.8.17.
from 0
—tor - security update
from 0, < 0.2.4.23-1
—tor - security update
from 0, < 0.2.4.23-1~deb7u1
—Tor before 0.2.3.24-rc allows remote attackers to cause a denial of service (assertion failure and daemon exit) by performing link protocol…
from 0, < 0.2.3.24-rc-1
—tor - new upstream version
from 0, < 0.2.4.23-1~deb6u1
—tor - new upstream version
from 0, < 0.2.3.23-rc-1
—Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge plat…
from 0, < 0.2.4.20-1
—The connection_edge_process_relay_cell function in or/relay.c in Tor before 0.2.3.25 maintains circuits even if an unexpected SENDME cell a…
from 0, < 0.2.3.25-1
—The tor_timegm function in common/util.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.22-rc, does not properly validate time values, wh…
from 0, < 0.2.3.22-rc-1
—The compare_tor_addr_to_addr_policy function in or/policies.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote attacke…
from 0, < 0.2.3.22-rc-1
—routerlist.c in Tor before 0.2.2.38 uses a different amount of time for relay-list iteration depending on which relay is chosen, which migh…
from 0, < 0.2.3.20-rc-1
—tor - several
from 0, < 0.2.3.20-rc-1
—tor - several
from 0, < 0.2.2.39-1
—Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might allow remote attackers to cause a denial of service (daemon crash) via v…
from 0, < 0.2.3.20-rc-1
—Tor before 0.2.2.25-alpha, when configured as a relay without the Nickname configuration option, uses the local hostname as the Nickname va…
from 0, < 0.2.2.27-beta-1
—Tor before 0.2.2.24-alpha continues to use a reachable bridge that was previously configured but is not currently configured, which might a…
from 0, < 0.2.2.27-beta-1
—Tor before 0.2.2.34, when configured as a bridge, sets up circuits through a process different from the process used by a client, which mak…
from 0, < 0.2.2.34-1
—Tor before 0.2.2.34, when configured as a bridge, uses direct DirPort access instead of a Tor TLS connection for a directory fetch, which m…
from 0, < 0.2.2.34-1
—tor - buffer overflow
from 0, < 0.2.2.35-1
—tor - buffer overflow
from 0, < 0.2.2.35-1~squeeze+1
—Tor before 0.2.2.34, when configured as a bridge, accepts the CREATE and CREATE_FAST values in the Command field of a cell within an OR con…
from 0, < 0.2.2.34-1
—tor - several
from 0, < 0.2.1.31-1
—tor - several
from 0, < 0.2.2.34-1
—Buffer overflow in the policy_summarize function in or/policies.c in Tor before 0.2.1.30 allows remote attackers to cause a denial of servi…
from 0, < 0.2.1.30-1
—Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha might allow remote attackers to cause a denial of service (assertion failure and daem…
from 0, < 0.2.1.29-1
—Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote attackers to cause a denial of service (assertion failure and daemon ex…
from 0, < 0.2.1.29-1
—The tor_realloc function in Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not validate a certain size value during memory allo…
from 0, < 0.2.1.29-1
—Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha makes calls to Libevent within Libevent log handlers, which might allow remote attack…
from 0, < 0.2.1.29-1
—Heap-based buffer overflow in Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote attackers to cause a denial of service (m…
from 0, < 0.2.1.29-1
—Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properly manage key data in memory, which might allow local users to obtain…
from 0, < 0.2.1.29-1
—tor - several
from 0, < 0.2.1.29-1~lenny+1
—tor - several
from 0, < 0.2.1.29-1
—tor - potential code execution
from 0, < 0.2.1.26-1~lenny+4
—tor - potential code execution
from 0, < 0.2.1.26-6
—Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, when functioning as a bridge directory authority, allows remote attackers to obtain…
from 0, < 0.2.1.22-1
—Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, uses deprecated identity keys for certain directory authorities, which makes it easi…
from 0, < 0.2.1.22-1
—The connection_edge_process_relay_cell_not_open function in src/or/relay.c in Tor 0.2.x before 0.2.0.35 and 0.1.x before 0.1.2.8-beta allow…
from 0, < 0.2.0.35-1
—Tor before 0.2.0.35 allows remote attackers to cause a denial of service (application crash) via a malformed router descriptor.
from 0, < 0.2.0.35-1
—Tor before 0.2.0.34 treats incomplete IPv4 addresses as valid, which has unknown impact and attack vectors related to "Spec conformance," a…
from 0, < 0.2.0.34-1
—Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirrors to cause a denial of service (exit node crash) via "malformed inp…
from 0, < 0.2.0.34-1
—Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirrors to cause a denial of service via unknown vectors.
from 0, < 0.2.0.34-1
—Unspecified vulnerability in Tor before 0.2.0.34 allows attackers to cause a denial of service (infinite loop) via "corrupt votes."
from 0, < 0.2.0.34-1
—Tor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote attackers, with control of an entry router and an exit router, to confirm th…
from 0
—Unspecified vulnerability in Tor before 0.2.0.33 has unspecified impact and remote attack vectors that trigger heap corruption.
from 0, < 0.2.0.33-1
—Tor before 0.2.0.32 does not properly process the ClientDNSRejectInternalAddresses configuration option in situations where an exit relay i…
from 0, < 0.2.0.32-1
—Tor before 0.2.0.32 does not properly process the (1) User and (2) Group configuration options, which might allow local users to gain privi…
from 0, < 0.2.0.32-1
—Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers…
from 0, < 0.1.2.16-1
—Tor before 0.1.2.15 does not properly distinguish "streamids from different exits," which might allow remote attackers with control over To…
from 0, < 0.1.2.15-1
—Buffer overflow in Tor before 0.1.2.15, when using BSD natd support, allows remote attackers to cause a denial of service via unspecified v…
from 0, < 0.1.2.15-1
—Tor before 0.1.2.15 can select a guard node beyond the first listed never-before-connected-to guard node, which allows remote attackers wit…
from 0, < 0.1.2.15-1
—Tor before 0.1.2.15 sends "destroy cells" containing the reason for tearing down a circuit, which allows remote attackers to obtain sensiti…
from 0, < 0.1.2.15-1
—Tor before 0.1.2.14 can construct circuits in which an entry guard is in the same family as the exit node, which might compromise the anony…
from 0, < 0.1.2.14-1
—Tor does not verify a node's uptime and bandwidth advertisements, which allows remote attackers who operate a low resource node to make fal…
from 0
—Tor allows remote attackers to discover the IP address of a hidden service by accessing this service at a high rate, thereby changing the s…
from 0
—Unspecified vulnerability in (1) Tor 0.1.0.x before 0.1.0.18 and 0.1.1.x before 0.1.1.23, and (2) ScatterChat before 1.0.2, allows remote a…
from 0, < 0.1.1.23-1
—Tor before 0.1.1.20 supports server descriptors that contain hostnames instead of IP addresses, which allows remote attackers to arbitraril…
from 0, < 0.1.1.20-1
—TLS handshakes in Tor before 0.1.1.20 generate public-private keys based on TLS context rather than the connection, which makes it easier f…
from 0, < 0.1.1.20-1
—Tor before 0.1.1.20 does not validate that a server descriptor's fingerprint line matches its identity key, which allows remote attackers t…
from 0, < 0.1.1.20-1
—Tor before 0.1.1.20 creates "internal circuits" primarily consisting of nodes with "useful exit nodes," which allows remote attackers to co…
from 0, < 0.1.1.20-1
—Integer overflow in Tor before 0.1.1.20 allows remote attackers to execute arbitrary code via crafted large inputs, which result in a buffe…
from 0, < 0.1.1.20-1
—Tor before 0.1.1.20 uses improper logic to validate the "OR" destination, which allows remote attackers to perform a man-in-the-middle (MIT…
from 0, < 0.1.1.20-1
—The privoxy configuration file in Tor before 0.1.1.20, when run on Apple OS X, logs all data via the "logfile", which allows attackers to o…
from 0, < 0.1.1.20-1
—Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes (RAND_pseudo_bytes) instead of cryptographically strong RAND_bytes, and seeds the entr…
from 0, < 0.1.1.20-1
—Unspecified vulnerability in the directory server (dirserver) in Tor before 0.1.1.20 allows remote attackers to cause an unspecified denial…
from 0, < 0.1.1.20-1
—Tor before 0.1.1.20 allows remote attackers to spoof log entries or possibly execute shell code via strings with non-printable characters.
from 0, < 0.1.1.20-1
—Tor client before 0.1.1.20 prefers entry points based on is_fast or is_stable flags, which could allow remote attackers to be preferred ove…
from 0, < 0.1.1.20-1
—Tor before 0.1.1.20 does not sufficiently obey certain firewall options, which allows remote attackers to bypass intended access restrictio…
from 0, < 0.1.1.20-1
—Tor before 0.1.1.20 kills the circuit when it receives an unrecognized relay command, which causes network circuits to be disbanded.
from 0, < 0.1.1.20-1
—Tor before 0.1.1.20 allows remote attackers to identify hidden services via a malicious Tor server that attempts a large number of accesses…
from 0, < 0.1.1.11-alpha-1
—Tor 0.1.0.13 and earlier, and experimental versions 0.1.1.4-alpha and earlier, does not reject certain weak keys when using ephemeral Diffi…
from 0, < 0.1.0.14-1
—Unknown vulnerability in Tor before 0.1.0.10 allows remote attackers to read arbitrary memory and possibly key information from the exit se…
from 0, < 0.0.9.10-1