tor (SUSE:Package Hub 15 SP2) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Package Hub 15 SP2 package tor, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (10)
CVE-2020-10592 — CVSS 7.5 (high): Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU…
CVE-2020-10593 — CVSS 7.5 (high): Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak)…
CVE-2020-15572 — CVSS 7.5 (high): Tor before 0.4.3.6 has an out-of-bounds memory access that allows a remote denial-of-service (crash) attack against Tor instances built to…
CVE-2021-34550 — CVSS 7.5 (high): An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The v3 onion service descriptor parsing allows out-of-bounds memory…
CVE-2021-38385 — CVSS 7.5 (high): Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature…
CVE-2021-28089 — CVSS 7.5 (high): Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001.
CVE-2021-34548 — CVSS 7.5 (high): An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-003. An attacker can forge RELAY_END or RELAY_RESOLVED to bypass the intended…
CVE-2021-34549 — CVSS 7.5 (high): An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit data…
CVE-2021-22929 — CVSS 6.1 (medium): An information disclosure exists in Brave Browser Desktop prior to version 1.28.62, where logged warning messages that included timestamps…
CVE-2021-28090 — CVSS 5.3 (medium): Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002.