{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","type":"deb","namespace":"debian","name":"tor","version":"0.4.9.8-0+deb12u1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"0.4.9.8-0+deb13u1","latest_non_vulnerable_version":"0.4.9.8-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/177360?format=json","vulnerability_id":"VCID-1137-qk2z-uygk","summary":"Multiple vulnerabilities have been found in Tor, allowing attackers\n    to cause Denial of Service or obtain sensitive information.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3519","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3519"},{"reference_url":"https://security.gentoo.org/glsa/201301-03","reference_id":"GLSA-201301-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105952?format=json","purl":"pkg:deb/debian/tor@0.2.3.20-rc-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.2.3.20-rc-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2012-3519"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1137-qk2z-uygk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/182126?format=json","vulnerability_id":"VCID-134w-nq5n-zkca","summary":"Multiple vulnerabilities were found in Tor, the most severe of\n    which may allow a remote attacker to execute arbitrary code.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0427","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0427"},{"reference_url":"https://security.gentoo.org/glsa/201110-13","reference_id":"GLSA-201110-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201110-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105945?format=json","purl":"pkg:deb/debian/tor@0.2.1.29-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.2.1.29-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2011-0427"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-134w-nq5n-zkca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/185585?format=json","vulnerability_id":"VCID-1bd9-41vy-ekfr","summary":"Multiple vulnerabilities in Tor might allow for heap corruption, Denial of\n    Service, escalation of privileges and information disclosure.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0938","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0938"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512728","reference_id":"512728","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512728"},{"reference_url":"https://security.gentoo.org/glsa/200904-11","reference_id":"GLSA-200904-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200904-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105940?format=json","purl":"pkg:deb/debian/tor@0.2.0.34-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.2.0.34-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2009-0938"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1bd9-41vy-ekfr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204770?format=json","vulnerability_id":"VCID-2vvx-2t3g-2qgh","summary":"debian/tor.init in the Debian tor_0.2.9.11-1~deb9u1 package for Tor was designed to execute aa-exec from the standard system pathname if the apparmor package is installed, but implements this incorrectly (with a wrong assumption that the specific pathname would remain the same forever), which allows attackers to bypass intended AppArmor restrictions by leveraging the silent loss of this protection mechanism. NOTE: this does not affect systems, such as default Debian stretch installations, on which Tor startup relies on a systemd unit file (instead of this tor.init script).","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11565","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11565"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869153","reference_id":"869153","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869153"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105962?format=json","purl":"pkg:deb/debian/tor@0.3.1.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.3.1.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2017-11565"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2vvx-2t3g-2qgh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/200423?format=json","vulnerability_id":"VCID-3ju5-bpmg-8fa2","summary":"Unspecified vulnerability in the directory server (dirserver) in Tor before 0.1.1.20 allows remote attackers to cause an unspecified denial of service via unknown vectors.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3408"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105933?format=json","purl":"pkg:deb/debian/tor@0.1.1.20-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.1.1.20-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2006-3408"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3ju5-bpmg-8fa2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67770?format=json","vulnerability_id":"VCID-4x3c-qh4m-xbeq","summary":"Tor before 0.4.9.7 has an out-of-bounds read by one byte via a malformed BEGIN cell, aka TROVE-2026-007.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44603","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44603"},{"reference_url":"https://gitlab.torproject.org/tpo/core/tor/-/commit/1703df3d439c83c2184e259fad1cfa19240f9c89","reference_id":"1703df3d439c83c2184e259fad1cfa19240f9c89","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T14:01:38Z/"}],"url":"https://gitlab.torproject.org/tpo/core/tor/-/commit/1703df3d439c83c2184e259fad1cfa19240f9c89"},{"reference_url":"https://forum.torproject.org/c/news/tor-release-announcement/28","reference_id":"28","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T14:01:38Z/"}],"url":"https://forum.torproject.org/c/news/tor-release-announcement/28"},{"reference_url":"https://gitlab.torproject.org/tpo/core/tor/-/work_items/41245","reference_id":"41245","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T14:01:38Z/"}],"url":"https://gitlab.torproject.org/tpo/core/tor/-/work_items/41245"},{"reference_url":"https://www.openwall.com/lists/oss-security/2026/05/06/8","reference_id":"8","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T14:01:38Z/"}],"url":"https://www.openwall.com/lists/oss-security/2026/05/06/8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2026-44603"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4x3c-qh4m-xbeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67642?format=json","vulnerability_id":"VCID-54t7-dh1e-n3f8","summary":"Tor before 0.4.9.7 can attempt or accept BEGIN_DIR via conflux legs, aka TROVE-2026-008.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44599","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44599"},{"reference_url":"https://forum.torproject.org/c/news/tor-release-announcement/28","reference_id":"28","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T12:47:28Z/"}],"url":"https://forum.torproject.org/c/news/tor-release-announcement/28"},{"reference_url":"https://gitlab.torproject.org/tpo/core/tor/-/work_items/41243","reference_id":"41243","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T12:47:28Z/"}],"url":"https://gitlab.torproject.org/tpo/core/tor/-/work_items/41243"},{"reference_url":"https://gitlab.torproject.org/tpo/core/tor/-/commit/50f90ba849088247734786922855c22661c6fa03","reference_id":"50f90ba849088247734786922855c22661c6fa03","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T12:47:28Z/"}],"url":"https://gitlab.torproject.org/tpo/core/tor/-/commit/50f90ba849088247734786922855c22661c6fa03"},{"reference_url":"https://www.openwall.com/lists/oss-security/2026/05/06/8","reference_id":"8","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T12:47:28Z/"}],"url":"https://www.openwall.com/lists/oss-security/2026/05/06/8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2026-44599"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-54t7-dh1e-n3f8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/200429?format=json","vulnerability_id":"VCID-5rmx-tb1s-wffr","summary":"The privoxy configuration file in Tor before 0.1.1.20, when run on Apple OS X, logs all data via the \"logfile\", which allows attackers to obtain potentially sensitive information.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3413","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3413"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105933?format=json","purl":"pkg:deb/debian/tor@0.1.1.20-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.1.1.20-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2006-3413"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5rmx-tb1s-wffr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/174185?format=json","vulnerability_id":"VCID-6pnb-m3aw-5qd4","summary":"security update","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0490","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0490"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105964?format=json","purl":"pkg:deb/debian/tor@0.3.2.10-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.3.2.10-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2018-0490"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6pnb-m3aw-5qd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/115425?format=json","vulnerability_id":"VCID-6t67-8z2s-hyc8","summary":"security update","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2688","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2688"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2689","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2689"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105957?format=json","purl":"pkg:deb/debian/tor@0.2.5.11-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.2.5.11-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2015-2689"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6t67-8z2s-hyc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/914?format=json","vulnerability_id":"VCID-6wrp-9fqk-b7ey","summary":"","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1254","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1254"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848847","reference_id":"848847","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848847"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105959?format=json","purl":"pkg:deb/debian/tor@0.2.9.8-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.2.9.8-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2016-1254"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6wrp-9fqk-b7ey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/200433?format=json","vulnerability_id":"VCID-78nb-j4sd-p7bf","summary":"Tor client before 0.1.1.20 prefers entry points based on is_fast or is_stable flags, which could allow remote attackers to be preferred over nodes that are identified as more trustworthy \"entry guard\" (is_guard) systems by directory authorities.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3417","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3417"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105933?format=json","purl":"pkg:deb/debian/tor@0.1.1.20-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.1.1.20-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2006-3417"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-78nb-j4sd-p7bf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/182129?format=json","vulnerability_id":"VCID-7uz5-qznu-nueg","summary":"Multiple vulnerabilities were found in Tor, the most severe of\n    which may allow a remote attacker to execute arbitrary code.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0492","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0492"},{"reference_url":"https://security.gentoo.org/glsa/201110-13","reference_id":"GLSA-201110-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201110-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105945?format=json","purl":"pkg:deb/debian/tor@0.2.1.29-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.2.1.29-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2011-0492"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7uz5-qznu-nueg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/185583?format=json","vulnerability_id":"VCID-7vb9-72y7-skd1","summary":"Multiple vulnerabilities in Tor might allow for heap corruption, Denial of\n    Service, escalation of privileges and information disclosure.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0936","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0936"},{"reference_url":"https://security.gentoo.org/glsa/200904-11","reference_id":"GLSA-200904-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200904-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105940?format=json","purl":"pkg:deb/debian/tor@0.2.0.34-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.2.0.34-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2009-0936"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7vb9-72y7-skd1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/180102?format=json","vulnerability_id":"VCID-85kq-n4wm-d7he","summary":"Tor is vulnerable to a heap-based buffer overflow that may allow arbitrary\n    code execution.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1676","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1676"},{"reference_url":"https://security.gentoo.org/glsa/201101-02","reference_id":"GLSA-201101-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201101-02"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105944?format=json","purl":"pkg:deb/debian/tor@0.2.1.26-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.2.1.26-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2010-1676"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-85kq-n4wm-d7he"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/200434?format=json","vulnerability_id":"VCID-8af7-1bhu-cyg6","summary":"Tor before 0.1.1.20 does not validate that a server descriptor's fingerprint line matches its identity key, which allows remote attackers to spoof the fingerprint line, which might be trusted by users or other applications.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3418","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3418"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105933?format=json","purl":"pkg:deb/debian/tor@0.1.1.20-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.1.1.20-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2006-3418"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8af7-1bhu-cyg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/200711?format=json","vulnerability_id":"VCID-8w3g-wkwd-2fhr","summary":"Tor before 0.1.2.14 can construct circuits in which an entry guard is in the same family as the exit node, which might compromise the anonymity of traffic sources and destinations by exposing traffic to inappropriate remote observers.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3165","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3165"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105935?format=json","purl":"pkg:deb/debian/tor@0.1.2.14-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.1.2.14-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2007-3165"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8w3g-wkwd-2fhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/201476?format=json","vulnerability_id":"VCID-9aqy-n26m-z3hm","summary":"Tor before 0.2.0.35 allows remote attackers to cause a denial of service (application crash) via a malformed router descriptor.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2425","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2425"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=537148","reference_id":"537148","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=537148"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105941?format=json","purl":"pkg:deb/debian/tor@0.2.0.35-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.2.0.35-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2009-2425"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9aqy-n26m-z3hm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/200171?format=json","vulnerability_id":"VCID-9rse-uwzv-quag","summary":"Tor 0.1.0.13 and earlier, and experimental versions 0.1.1.4-alpha and earlier, does not reject certain weak keys when using ephemeral Diffie-Hellman (DH) handshakes, which allows malicious Tor servers to obtain the keys that a client uses for other systems in the circuit.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2643","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2643"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323786","reference_id":"323786","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323786"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105931?format=json","purl":"pkg:deb/debian/tor@0.1.0.14-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.1.0.14-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2005-2643"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9rse-uwzv-quag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/182128?format=json","vulnerability_id":"VCID-adpa-kvvx-2khy","summary":"Multiple vulnerabilities were found in Tor, the most severe of\n    which may allow a remote attacker to execute arbitrary code.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0491","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0491"},{"reference_url":"https://security.gentoo.org/glsa/201110-13","reference_id":"GLSA-201110-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201110-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105945?format=json","purl":"pkg:deb/debian/tor@0.2.1.29-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.2.1.29-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2011-0491"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-adpa-kvvx-2khy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/201667?format=json","vulnerability_id":"VCID-aecs-evx9-zuhq","summary":"Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, uses deprecated identity keys for certain directory authorities, which makes it easier for man-in-the-middle attackers to compromise the anonymity of traffic sources and destinations.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0383"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105942?format=json","purl":"pkg:deb/debian/tor@0.2.1.22-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.2.1.22-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2010-0383"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aecs-evx9-zuhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/200435?format=json","vulnerability_id":"VCID-auvm-67g2-7uc9","summary":"Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes (RAND_pseudo_bytes) instead of cryptographically strong RAND_bytes, and seeds the entropy value at start-up with 160-bit chunks without reseeding, which makes it easier for attackers to conduct brute force guessing attacks.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3419","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3419"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105933?format=json","purl":"pkg:deb/debian/tor@0.1.1.20-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.1.1.20-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2006-3419"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-auvm-67g2-7uc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/177359?format=json","vulnerability_id":"VCID-bf5b-7fpw-xyg9","summary":"Multiple vulnerabilities have been found in Tor, allowing attackers\n    to cause Denial of Service or obtain sensitive information.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3518","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3518"},{"reference_url":"https://security.gentoo.org/glsa/201301-03","reference_id":"GLSA-201301-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105952?format=json","purl":"pkg:deb/debian/tor@0.2.3.20-rc-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.2.3.20-rc-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2012-3518"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bf5b-7fpw-xyg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/200430?format=json","vulnerability_id":"VCID-brs1-va37-4fc9","summary":"Tor before 0.1.1.20 supports server descriptors that contain hostnames instead of IP addresses, which allows remote attackers to arbitrarily group users by providing preferential address resolution.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3414","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3414"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105933?format=json","purl":"pkg:deb/debian/tor@0.1.1.20-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.1.1.20-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2006-3414"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-brs1-va37-4fc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/177358?format=json","vulnerability_id":"VCID-c275-yyn1-6yew","summary":"Multiple vulnerabilities have been found in Tor, allowing attackers\n    to cause Denial of Service or obtain sensitive information.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3517","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3517"},{"reference_url":"https://security.gentoo.org/glsa/201301-03","reference_id":"GLSA-201301-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105952?format=json","purl":"pkg:deb/debian/tor@0.2.3.20-rc-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.2.3.20-rc-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2012-3517"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c275-yyn1-6yew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/115423?format=json","vulnerability_id":"VCID-cdjd-dwv7-xug5","summary":"security update","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2688","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2688"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2689","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2689"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105957?format=json","purl":"pkg:deb/debian/tor@0.2.5.11-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.2.5.11-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2015-2688"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cdjd-dwv7-xug5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/180229?format=json","vulnerability_id":"VCID-cmnj-mxs9-1qg7","summary":"Multiple vulnerabilities have been found in Tor, the worst of which\n    could result in a Denial of Service condition.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28089","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28089"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28090","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28090"},{"reference_url":"https://security.archlinux.org/AVG-1699","reference_id":"AVG-1699","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1699"},{"reference_url":"https://security.gentoo.org/glsa/202107-25","reference_id":"GLSA-202107-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-25"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105968?format=json","purl":"pkg:deb/debian/tor@0.4.5.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2021-28089"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cmnj-mxs9-1qg7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/185584?format=json","vulnerability_id":"VCID-cpdu-7zf4-z3ha","summary":"Multiple vulnerabilities in Tor might allow for heap corruption, Denial of\n    Service, escalation of privileges and information disclosure.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0937","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0937"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514580","reference_id":"514580","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514580"},{"reference_url":"https://security.gentoo.org/glsa/200904-11","reference_id":"GLSA-200904-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200904-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105940?format=json","purl":"pkg:deb/debian/tor@0.2.0.34-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.2.0.34-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2009-0937"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cpdu-7zf4-z3ha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/182127?format=json","vulnerability_id":"VCID-csx7-76m4-suhs","summary":"Multiple vulnerabilities were found in Tor, the most severe of\n    which may allow a remote attacker to execute arbitrary code.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0490","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0490"},{"reference_url":"https://security.gentoo.org/glsa/201110-13","reference_id":"GLSA-201110-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201110-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105945?format=json","purl":"pkg:deb/debian/tor@0.2.1.29-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.2.1.29-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2011-0490"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-csx7-76m4-suhs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/177363?format=json","vulnerability_id":"VCID-d11n-jhqm-kycx","summary":"Multiple vulnerabilities have been found in Tor, allowing attackers\n    to cause Denial of Service or obtain sensitive information.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5573","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5573"},{"reference_url":"https://security.gentoo.org/glsa/201301-03","reference_id":"GLSA-201301-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105954?format=json","purl":"pkg:deb/debian/tor@0.2.3.25-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.2.3.25-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2012-5573"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d11n-jhqm-kycx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/200424?format=json","vulnerability_id":"VCID-d1fr-szhy-cufj","summary":"Integer overflow in Tor before 0.1.1.20 allows remote attackers to execute arbitrary code via crafted large inputs, which result in a buffer overflow when elements are added to smartlists.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3409","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3409"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105933?format=json","purl":"pkg:deb/debian/tor@0.1.1.20-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.1.1.20-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2006-3409"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d1fr-szhy-cufj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/177180?format=json","vulnerability_id":"VCID-dad1-883j-gkh2","summary":"Multiple vulnerabilities were found in Tor, the worst of which\n    could allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10592","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10592"},{"reference_url":"https://security.gentoo.org/glsa/202003-50","reference_id":"GLSA-202003-50","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-50"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105966?format=json","purl":"pkg:deb/debian/tor@0.4.2.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.2.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2020-10592"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dad1-883j-gkh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/200432?format=json","vulnerability_id":"VCID-dfqx-7x8b-rkau","summary":"Tor before 0.1.1.20 kills the circuit when it receives an unrecognized relay command, which causes network circuits to be disbanded.  NOTE: while this item is listed under the \"Security fixes\" section of the developer changelog, the developer clarified on 20060707 that this is only a self-DoS.  Therefore this issue should not be included in CVE","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3416","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3416"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105933?format=json","purl":"pkg:deb/debian/tor@0.1.1.20-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.1.1.20-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2006-3416"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dfqx-7x8b-rkau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/177181?format=json","vulnerability_id":"VCID-dsyf-955h-qqfn","summary":"Multiple vulnerabilities were found in Tor, the worst of which\n    could allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10593","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10593"},{"reference_url":"https://security.gentoo.org/glsa/202003-50","reference_id":"GLSA-202003-50","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-50"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105966?format=json","purl":"pkg:deb/debian/tor@0.4.2.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.2.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2020-10593"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dsyf-955h-qqfn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/200750?format=json","vulnerability_id":"VCID-dwu7-r7e4-8yb4","summary":"Tor before 0.1.2.15 does not properly distinguish \"streamids from different exits,\" which might allow remote attackers with control over Tor routers to inject cells into arbitrary streams.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4098","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4098"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105936?format=json","purl":"pkg:deb/debian/tor@0.1.2.15-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.1.2.15-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2007-4098"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dwu7-r7e4-8yb4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/182124?format=json","vulnerability_id":"VCID-dxju-ja8p-mqgk","summary":"Multiple vulnerabilities were found in Tor, the most severe of\n    which may allow a remote attacker to execute arbitrary code.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0015","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0015"},{"reference_url":"https://security.gentoo.org/glsa/201110-13","reference_id":"GLSA-201110-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201110-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105945?format=json","purl":"pkg:deb/debian/tor@0.2.1.29-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.2.1.29-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2011-0015"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dxju-ja8p-mqgk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/200425?format=json","vulnerability_id":"VCID-ek7s-c96c-gfe7","summary":"Tor before 0.1.1.20 creates \"internal circuits\" primarily consisting of nodes with \"useful exit nodes,\" which allows remote attackers to conduct unspecified statistical attacks.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3410"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105933?format=json","purl":"pkg:deb/debian/tor@0.1.1.20-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.1.1.20-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2006-3410"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ek7s-c96c-gfe7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/180231?format=json","vulnerability_id":"VCID-er2z-ay7d-b7dv","summary":"Multiple vulnerabilities have been found in Tor, the worst of which\n    could result in a Denial of Service condition.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34548","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34548"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34549","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34549"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34550","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34550"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990000","reference_id":"990000","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990000"},{"reference_url":"https://security.archlinux.org/ASA-202106-50","reference_id":"ASA-202106-50","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-50"},{"reference_url":"https://security.archlinux.org/AVG-2075","reference_id":"AVG-2075","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2075"},{"reference_url":"https://security.gentoo.org/glsa/202107-25","reference_id":"GLSA-202107-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-25"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105969?format=json","purl":"pkg:deb/debian/tor@0.4.5.9-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.9-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2021-34548"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-er2z-ay7d-b7dv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/107662?format=json","vulnerability_id":"VCID-eym9-72k1-c7ae","summary":"A security flaw has been discovered in Tor up to 0.4.7.16/0.4.8.17. Impacted is an unknown function of the component Onion Service Descriptor Handler. Performing manipulation results in resource consumption. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is considered difficult. Upgrading to version 0.4.8.18 and 0.4.9.3-alpha is recommended to address this issue. It is recommended to upgrade the affected component.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4444","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4444"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115744","reference_id":"1115744","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115744"},{"reference_url":"https://forum.torproject.org/t/alpha-and-stable-release-0-4-8-18-and-0-4-9-3-alpha/20578","reference_id":"20578","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:N/A:P/E:ND/RL:OF/RC:C"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-18T20:41:11Z/"}],"url":"https://forum.torproject.org/t/alpha-and-stable-release-0-4-8-18-and-0-4-9-3-alpha/20578"},{"reference_url":"https://vuldb.com/?ctiid.324814","reference_id":"?ctiid.324814","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:N/A:P/E:ND/RL:OF/RC:C"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-18T20:41:11Z/"}],"url":"https://vuldb.com/?ctiid.324814"},{"reference_url":"https://vuldb.com/?id.324814","reference_id":"?id.324814","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:N/A:P/E:ND/RL:OF/RC:C"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-18T20:41:11Z/"}],"url":"https://vuldb.com/?id.324814"},{"reference_url":"https://gitlab.torproject.org/tpo/core/tor/-/raw/release-0.4.8/ReleaseNotes","reference_id":"ReleaseNotes","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:N/A:P/E:ND/RL:OF/RC:C"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-18T20:41:11Z/"}],"url":"https://gitlab.torproject.org/tpo/core/tor/-/raw/release-0.4.8/ReleaseNotes"},{"reference_url":"https://vuldb.com/?submit.640605","reference_id":"?submit.640605","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:N/A:P/E:ND/RL:OF/RC:C"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-18T20:41:11Z/"}],"url":"https://vuldb.com/?submit.640605"},{"reference_url":"https://github.com/chunmianwang/Tordos","reference_id":"Tordos","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:N/A:P/E:ND/RL:OF/RC:C"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-18T20:41:11Z/"}],"url":"https://github.com/chunmianwang/Tordos"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105975?format=json","purl":"pkg:deb/debian/tor@0.4.8.21-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.8.21-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105974?format=json","purl":"pkg:deb/debian/tor@0.4.9.6-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.6-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105976?format=json","purl":"pkg:deb/debian/tor@0.4.9.6-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.6-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2025-4444"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eym9-72k1-c7ae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203162?format=json","vulnerability_id":"VCID-fjza-s3u2-4bge","summary":"Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for (1) relay identity keys and (2) hidden-service identity keys, which might make it easier for remote attackers to bypass cryptographic protection mechanisms via unspecified vectors.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7295","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7295"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105955?format=json","purl":"pkg:deb/debian/tor@0.2.4.20-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.2.4.20-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2013-7295"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fjza-s3u2-4bge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/200751?format=json","vulnerability_id":"VCID-fnwn-fytv-b3gj","summary":"Tor before 0.1.2.15 can select a guard node beyond the first listed never-before-connected-to guard node, which allows remote attackers with control of certain guard nodes to obtain sensitive information and possibly leverage further attacks.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4099","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4099"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105936?format=json","purl":"pkg:deb/debian/tor@0.1.2.15-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.1.2.15-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2007-4099"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fnwn-fytv-b3gj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/200456?format=json","vulnerability_id":"VCID-g9uq-yuz9-h3ax","summary":"Unspecified vulnerability in (1) Tor 0.1.0.x before 0.1.0.18 and 0.1.1.x before 0.1.1.23, and (2) ScatterChat before 1.0.2, allows remote attackers operating a Tor entry node to route arbitrary Tor traffic through clients or cause a denial of service (flood) via unspecified vectors.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4508","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4508"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105934?format=json","purl":"pkg:deb/debian/tor@0.1.1.23-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.1.1.23-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2006-4508"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g9uq-yuz9-h3ax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/202282?format=json","vulnerability_id":"VCID-gefd-f5dc-tfhn","summary":"Tor before 0.2.3.23-rc allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a renegotiation attempt that occurs after the initiation of the V3 link protocol.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2249","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2249"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105950?format=json","purl":"pkg:deb/debian/tor@0.2.3.23-rc-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.2.3.23-rc-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2012-2249"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gefd-f5dc-tfhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68036?format=json","vulnerability_id":"VCID-gkr8-t5vk-1fde","summary":"Tor before 0.4.9.7 has a NULL pointer dereference when a CERT cell is received out of order, aka TROVE-2026-006.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44602","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44602"},{"reference_url":"https://forum.torproject.org/c/news/tor-release-announcement/28","reference_id":"28","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T14:54:09Z/"}],"url":"https://forum.torproject.org/c/news/tor-release-announcement/28"},{"reference_url":"https://gitlab.torproject.org/tpo/core/tor/-/work_items/41240","reference_id":"41240","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T14:54:09Z/"}],"url":"https://gitlab.torproject.org/tpo/core/tor/-/work_items/41240"},{"reference_url":"https://www.openwall.com/lists/oss-security/2026/05/06/8","reference_id":"8","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T14:54:09Z/"}],"url":"https://www.openwall.com/lists/oss-security/2026/05/06/8"},{"reference_url":"https://gitlab.torproject.org/tpo/core/tor/-/commit/df7d5174ef41814d806c8ede776e230cd30ac12b","reference_id":"df7d5174ef41814d806c8ede776e230cd30ac12b","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T14:54:09Z/"}],"url":"https://gitlab.torproject.org/tpo/core/tor/-/commit/df7d5174ef41814d806c8ede776e230cd30ac12b"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2026-44602"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gkr8-t5vk-1fde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/173860?format=json","vulnerability_id":"VCID-gqjr-y7gf-qqdw","summary":"security update","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8819","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8819"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8820","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8820"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8821","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8821"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8822","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8822"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8823","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8823"},{"reference_url":"https://security.archlinux.org/ASA-201712-10","reference_id":"ASA-201712-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201712-10"},{"reference_url":"https://security.archlinux.org/AVG-539","reference_id":"AVG-539","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-539"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105963?format=json","purl":"pkg:deb/debian/tor@0.3.1.9-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.3.1.9-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2017-8823"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gqjr-y7gf-qqdw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/177362?format=json","vulnerability_id":"VCID-guyx-mnab-yye7","summary":"Multiple vulnerabilities have been found in Tor, allowing attackers\n    to cause Denial of Service or obtain sensitive information.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4922","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4922"},{"reference_url":"https://security.gentoo.org/glsa/201301-03","reference_id":"GLSA-201301-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105953?format=json","purl":"pkg:deb/debian/tor@0.2.3.22-rc-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.2.3.22-rc-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2012-4922"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-guyx-mnab-yye7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/185750?format=json","vulnerability_id":"VCID-hczb-hduj-wqc2","summary":"Multiple vulnerabilities have been found in Tor, the most severe of\n    which may allow a remote attacker to execute arbitrary code.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2768","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2768"},{"reference_url":"https://security.gentoo.org/glsa/201201-12","reference_id":"GLSA-201201-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201201-12"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105947?format=json","purl":"pkg:deb/debian/tor@0.2.2.34-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.2.2.34-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2011-2768"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hczb-hduj-wqc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/173852?format=json","vulnerability_id":"VCID-hfhh-ms72-qyds","summary":"security update","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8819","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8819"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8820","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8820"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8821","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8821"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8822","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8822"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8823","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8823"},{"reference_url":"https://security.archlinux.org/ASA-201712-10","reference_id":"ASA-201712-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201712-10"},{"reference_url":"https://security.archlinux.org/AVG-539","reference_id":"AVG-539","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-539"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105963?format=json","purl":"pkg:deb/debian/tor@0.3.1.9-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.3.1.9-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2017-8819"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hfhh-ms72-qyds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/177361?format=json","vulnerability_id":"VCID-hqk2-4b1d-fycd","summary":"Multiple vulnerabilities have been found in Tor, allowing attackers\n    to cause Denial of Service or obtain sensitive information.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4419","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4419"},{"reference_url":"https://security.gentoo.org/glsa/201301-03","reference_id":"GLSA-201301-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105953?format=json","purl":"pkg:deb/debian/tor@0.2.3.22-rc-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.2.3.22-rc-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2012-4419"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hqk2-4b1d-fycd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/200749?format=json","vulnerability_id":"VCID-hyuu-efdh-nybt","summary":"Tor before 0.1.2.15 sends \"destroy cells\" containing the reason for tearing down a circuit, which allows remote attackers to obtain sensitive information, contrary to specifications.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4097","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4097"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105936?format=json","purl":"pkg:deb/debian/tor@0.1.2.15-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.1.2.15-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2007-4097"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hyuu-efdh-nybt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/185581?format=json","vulnerability_id":"VCID-j5st-pnnu-hqau","summary":"Multiple vulnerabilities in Tor might allow for heap corruption, Denial of\n    Service, escalation of privileges and information disclosure.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5398","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5398"},{"reference_url":"https://security.gentoo.org/glsa/200904-11","reference_id":"GLSA-200904-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200904-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105938?format=json","purl":"pkg:deb/debian/tor@0.2.0.32-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.2.0.32-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2008-5398"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j5st-pnnu-hqau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/185751?format=json","vulnerability_id":"VCID-jftz-ty14-kkh7","summary":"Multiple vulnerabilities have been found in Tor, the most severe of\n    which may allow a remote attacker to execute arbitrary code.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2769","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2769"},{"reference_url":"https://security.gentoo.org/glsa/201201-12","reference_id":"GLSA-201201-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201201-12"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105947?format=json","purl":"pkg:deb/debian/tor@0.2.2.34-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.2.2.34-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2011-2769"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jftz-ty14-kkh7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/173856?format=json","vulnerability_id":"VCID-jpwv-8yqw-mbcg","summary":"security update","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8819","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8819"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8820","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8820"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8821","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8821"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8822","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8822"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8823","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8823"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105963?format=json","purl":"pkg:deb/debian/tor@0.3.1.9-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.3.1.9-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2017-8821"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jpwv-8yqw-mbcg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/219193?format=json","vulnerability_id":"VCID-jrs6-2pfa-kkh4","summary":"Tor 0.2.2.x before 0.2.2.7-alpha, when functioning as a directory mirror, does not prevent logging of the client IP address upon detection of erroneous client behavior, which might make it easier for local users to discover the identities of clients in opportunistic circumstances by reading log files.","references":[],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105943?format=json","purl":"pkg:deb/debian/tor@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2010-0384"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jrs6-2pfa-kkh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67913?format=json","vulnerability_id":"VCID-m3pd-5xaq-pfcq","summary":"Tor before 0.4.9.7 mishandles accounting of the conflux out-of-order queue during the clearing of a queue, aka TROVE-2026-010.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44600","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44600"},{"reference_url":"https://forum.torproject.org/c/news/tor-release-announcement/28","reference_id":"28","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T12:46:45Z/"}],"url":"https://forum.torproject.org/c/news/tor-release-announcement/28"},{"reference_url":"https://gitlab.torproject.org/tpo/core/tor/-/work_items/41251","reference_id":"41251","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T12:46:45Z/"}],"url":"https://gitlab.torproject.org/tpo/core/tor/-/work_items/41251"},{"reference_url":"https://www.openwall.com/lists/oss-security/2026/05/06/8","reference_id":"8","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T12:46:45Z/"}],"url":"https://www.openwall.com/lists/oss-security/2026/05/06/8"},{"reference_url":"https://gitlab.torproject.org/tpo/core/tor/-/commit/a198185ed863677d60eec120126730628dac35bb","reference_id":"a198185ed863677d60eec120126730628dac35bb","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T12:46:45Z/"}],"url":"https://gitlab.torproject.org/tpo/core/tor/-/commit/a198185ed863677d60eec120126730628dac35bb"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2026-44600"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m3pd-5xaq-pfcq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/115657?format=json","vulnerability_id":"VCID-mbq9-2gug-zugv","summary":"security update","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2928","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2928"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2929","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2929"},{"reference_url":"https://security.gentoo.org/glsa/201507-02","reference_id":"GLSA-201507-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201507-02"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105958?format=json","purl":"pkg:deb/debian/tor@0.2.5.12-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.2.5.12-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2015-2928"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mbq9-2gug-zugv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/185582?format=json","vulnerability_id":"VCID-mj19-xue3-qfhs","summary":"Multiple vulnerabilities in Tor might allow for heap corruption, Denial of\n    Service, escalation of privileges and information disclosure.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0414","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0414"},{"reference_url":"https://security.gentoo.org/glsa/200904-11","reference_id":"GLSA-200904-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200904-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105939?format=json","purl":"pkg:deb/debian/tor@0.2.0.33-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.2.0.33-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2009-0414"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mj19-xue3-qfhs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/201668?format=json","vulnerability_id":"VCID-mpn9-8gu5-pfc3","summary":"Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, when functioning as a bridge directory authority, allows remote attackers to obtain sensitive information about bridge identities and bridge descriptors via a dbg-stability.txt directory query.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0385"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105942?format=json","purl":"pkg:deb/debian/tor@0.2.1.22-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.2.1.22-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2010-0385"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mpn9-8gu5-pfc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/205598?format=json","vulnerability_id":"VCID-n8d3-mw5r-a7g4","summary":"A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. It allows remote attackers to cause a denial of service (relay crash) because the KIST implementation allows a channel to be added more than once in the pending list.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0491","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0491"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105964?format=json","purl":"pkg:deb/debian/tor@0.3.2.10-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.3.2.10-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2018-0491"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n8d3-mw5r-a7g4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/180233?format=json","vulnerability_id":"VCID-n8en-q97d-yqht","summary":"Multiple vulnerabilities have been found in Tor, the worst of which\n    could result in a Denial of Service condition.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34548","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34548"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34549","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34549"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34550","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34550"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990000","reference_id":"990000","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990000"},{"reference_url":"https://security.archlinux.org/ASA-202106-50","reference_id":"ASA-202106-50","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-50"},{"reference_url":"https://security.archlinux.org/AVG-2075","reference_id":"AVG-2075","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2075"},{"reference_url":"https://security.gentoo.org/glsa/202107-25","reference_id":"GLSA-202107-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-25"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105969?format=json","purl":"pkg:deb/debian/tor@0.4.5.9-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.9-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2021-34550"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n8en-q97d-yqht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112447?format=json","vulnerability_id":"VCID-nv2d-kuxv-uqeq","summary":"security update","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5117","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5117"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105956?format=json","purl":"pkg:deb/debian/tor@0.2.4.23-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.2.4.23-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2014-5117"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nv2d-kuxv-uqeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2255?format=json","vulnerability_id":"VCID-nwxw-m9xx-2qdq","summary":"","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0376"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864424","reference_id":"864424","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864424"},{"reference_url":"https://security.archlinux.org/ASA-201706-13","reference_id":"ASA-201706-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-13"},{"reference_url":"https://security.archlinux.org/AVG-296","reference_id":"AVG-296","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-296"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105961?format=json","purl":"pkg:deb/debian/tor@0.2.9.11-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.2.9.11-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2017-0376"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nwxw-m9xx-2qdq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/202283?format=json","vulnerability_id":"VCID-nztv-3f9q-jybg","summary":"Tor before 0.2.3.24-rc allows remote attackers to cause a denial of service (assertion failure and daemon exit) by performing link protocol negotiation incorrectly.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2250","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2250"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105951?format=json","purl":"pkg:deb/debian/tor@0.2.3.24-rc-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.2.3.24-rc-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2012-2250"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nztv-3f9q-jybg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/200431?format=json","vulnerability_id":"VCID-p83z-ucmm-3bdf","summary":"Tor before 0.1.1.20 uses improper logic to validate the \"OR\" destination, which allows remote attackers to perform a man-in-the-middle (MITM) attack via unspecified vectors.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3415","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3415"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105933?format=json","purl":"pkg:deb/debian/tor@0.1.1.20-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.1.1.20-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2006-3415"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p83z-ucmm-3bdf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/202128?format=json","vulnerability_id":"VCID-pnnj-qjd8-wka3","summary":"Tor before 0.2.2.34, when configured as a bridge, uses direct DirPort access instead of a Tor TLS connection for a directory fetch, which makes it easier for remote attackers to enumerate bridges by observing DirPort connections.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4894","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4894"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105947?format=json","purl":"pkg:deb/debian/tor@0.2.2.34-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.2.2.34-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2011-4894"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pnnj-qjd8-wka3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/180230?format=json","vulnerability_id":"VCID-pr43-55c3-e7g1","summary":"Multiple vulnerabilities have been found in Tor, the worst of which\n    could result in a Denial of Service condition.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28089","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28089"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28090","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28090"},{"reference_url":"https://security.archlinux.org/AVG-1699","reference_id":"AVG-1699","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1699"},{"reference_url":"https://security.gentoo.org/glsa/202107-25","reference_id":"GLSA-202107-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-25"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105968?format=json","purl":"pkg:deb/debian/tor@0.4.5.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2021-28090"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pr43-55c3-e7g1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207489?format=json","vulnerability_id":"VCID-pvfu-pq1w-s3a5","summary":"In Tor before 0.3.3.12, 0.3.4.x before 0.3.4.11, 0.3.5.x before 0.3.5.8, and 0.4.x before 0.4.0.2-alpha, remote denial of service against Tor clients and relays can occur via memory exhaustion in the KIST cell scheduler.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8955","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8955"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105965?format=json","purl":"pkg:deb/debian/tor@0.3.5.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.3.5.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2019-8955"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pvfu-pq1w-s3a5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/180896?format=json","vulnerability_id":"VCID-pzh6-3k6a-nbec","summary":"A flaw in Tor may allow the disclosure of arbitrary memory portions.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2050","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2050"},{"reference_url":"https://security.gentoo.org/glsa/200506-18","reference_id":"GLSA-200506-18","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200506-18"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105927?format=json","purl":"pkg:deb/debian/tor@0.0.9.10-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.0.9.10-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2005-2050"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pzh6-3k6a-nbec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/200747?format=json","vulnerability_id":"VCID-q737-vcem-ayan","summary":"Buffer overflow in Tor before 0.1.2.15, when using BSD natd support, allows remote attackers to cause a denial of service via unspecified vectors.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4096","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4096"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105936?format=json","purl":"pkg:deb/debian/tor@0.1.2.15-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.1.2.15-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2007-4096"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q737-vcem-ayan"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2254?format=json","vulnerability_id":"VCID-qdm4-tuj6-33h5","summary":"","references":[{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.archlinux.org/ASA-201706-13","reference_id":"ASA-201706-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-13"},{"reference_url":"https://security.archlinux.org/AVG-296","reference_id":"AVG-296","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-296"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105943?format=json","purl":"pkg:deb/debian/tor@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2017-0375"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qdm4-tuj6-33h5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/182131?format=json","vulnerability_id":"VCID-qyqa-d7yp-nuay","summary":"Multiple vulnerabilities were found in Tor, the most severe of\n    which may allow a remote attacker to execute arbitrary code.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1924","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1924"},{"reference_url":"https://security.gentoo.org/glsa/201110-13","reference_id":"GLSA-201110-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201110-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105946?format=json","purl":"pkg:deb/debian/tor@0.2.1.30-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.2.1.30-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2011-1924"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qyqa-d7yp-nuay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67632?format=json","vulnerability_id":"VCID-r5m7-m7ur-x3cw","summary":"Tor before 0.4.9.7, when circuit queue memory pressure exists, can experience a client crash because of a double close of a circuit, aka TROVE-2026-009.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44601","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44601"},{"reference_url":"https://forum.torproject.org/c/news/tor-release-announcement/28","reference_id":"28","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:56:45Z/"}],"url":"https://forum.torproject.org/c/news/tor-release-announcement/28"},{"reference_url":"https://gitlab.torproject.org/tpo/core/tor/-/work_items/41237","reference_id":"41237","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:56:45Z/"}],"url":"https://gitlab.torproject.org/tpo/core/tor/-/work_items/41237"},{"reference_url":"https://www.openwall.com/lists/oss-security/2026/05/06/8","reference_id":"8","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:56:45Z/"}],"url":"https://www.openwall.com/lists/oss-security/2026/05/06/8"},{"reference_url":"https://gitlab.torproject.org/tpo/core/tor/-/commit/d4e3f6a440b58c2be661decf20c09548704907dc","reference_id":"d4e3f6a440b58c2be661decf20c09548704907dc","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:56:45Z/"}],"url":"https://gitlab.torproject.org/tpo/core/tor/-/commit/d4e3f6a440b58c2be661decf20c09548704907dc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2026-44601"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r5m7-m7ur-x3cw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/185580?format=json","vulnerability_id":"VCID-rgsf-s3ka-kygg","summary":"Multiple vulnerabilities in Tor might allow for heap corruption, Denial of\n    Service, escalation of privileges and information disclosure.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5397","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5397"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505178","reference_id":"505178","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505178"},{"reference_url":"https://security.gentoo.org/glsa/200904-11","reference_id":"GLSA-200904-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200904-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105938?format=json","purl":"pkg:deb/debian/tor@0.2.0.32-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.2.0.32-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2008-5397"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rgsf-s3ka-kygg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/200428?format=json","vulnerability_id":"VCID-saut-c9tu-gbeq","summary":"Tor before 0.1.1.20 does not sufficiently obey certain firewall options, which allows remote attackers to bypass intended access restrictions for dirservers, direct connections, or proxy servers.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3412","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3412"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105933?format=json","purl":"pkg:deb/debian/tor@0.1.1.20-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.1.1.20-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2006-3412"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-saut-c9tu-gbeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/182125?format=json","vulnerability_id":"VCID-sgdw-ua17-1ydu","summary":"Multiple vulnerabilities were found in Tor, the most severe of\n    which may allow a remote attacker to execute arbitrary code.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0016","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0016"},{"reference_url":"https://security.gentoo.org/glsa/201110-13","reference_id":"GLSA-201110-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201110-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105945?format=json","purl":"pkg:deb/debian/tor@0.2.1.29-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.2.1.29-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2011-0016"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sgdw-ua17-1ydu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/202130?format=json","vulnerability_id":"VCID-swje-vwrs-53h5","summary":"Tor before 0.2.2.34, when configured as a bridge, sets up circuits through a process different from the process used by a client, which makes it easier for remote attackers to enumerate bridges by observing circuit building.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4895","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4895"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105947?format=json","purl":"pkg:deb/debian/tor@0.2.2.34-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.2.2.34-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2011-4895"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-swje-vwrs-53h5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/175992?format=json","vulnerability_id":"VCID-trxm-6z2j-uqha","summary":"Multiple vulnerabilities were found in Tor, the worst of which\n    could allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8860","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8860"},{"reference_url":"https://security.gentoo.org/glsa/201612-45","reference_id":"GLSA-201612-45","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201612-45"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105960?format=json","purl":"pkg:deb/debian/tor@0.2.8.9-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.2.8.9-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2016-8860"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-trxm-6z2j-uqha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/182130?format=json","vulnerability_id":"VCID-twyq-nzs1-vfdm","summary":"Multiple vulnerabilities were found in Tor, the most severe of\n    which may allow a remote attacker to execute arbitrary code.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0493","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0493"},{"reference_url":"https://security.gentoo.org/glsa/201110-13","reference_id":"GLSA-201110-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201110-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105945?format=json","purl":"pkg:deb/debian/tor@0.2.1.29-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.2.1.29-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2011-0493"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-twyq-nzs1-vfdm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/130418?format=json","vulnerability_id":"VCID-u8gh-rbbr-k3h4","summary":"The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23589","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23589"},{"reference_url":"https://security.gentoo.org/glsa/202305-11","reference_id":"202305-11","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-07T18:13:18Z/"}],"url":"https://security.gentoo.org/glsa/202305-11"},{"reference_url":"https://gitlab.torproject.org/tpo/core/tor/-/issues/40730","reference_id":"40730","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-07T18:13:18Z/"}],"url":"https://gitlab.torproject.org/tpo/core/tor/-/issues/40730"},{"reference_url":"https://gitlab.torproject.org/tpo/core/tor/-/commit/a282145b3634547ab84ccd959d0537c021ff7ffc","reference_id":"a282145b3634547ab84ccd959d0537c021ff7ffc","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-07T18:13:18Z/"}],"url":"https://gitlab.torproject.org/tpo/core/tor/-/commit/a282145b3634547ab84ccd959d0537c021ff7ffc"},{"reference_url":"https://www.debian.org/security/2023/dsa-5320","reference_id":"dsa-5320","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-07T18:13:18Z/"}],"url":"https://www.debian.org/security/2023/dsa-5320"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IYOLTP6HQO2HPXUYKOR7P5YYYN7CINQQ/","reference_id":"IYOLTP6HQO2HPXUYKOR7P5YYYN7CINQQ","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-07T18:13:18Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IYOLTP6HQO2HPXUYKOR7P5YYYN7CINQQ/"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00026.html","reference_id":"msg00026.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-07T18:13:18Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00026.html"},{"reference_url":"https://gitlab.torproject.org/tpo/core/tor/-/raw/release-0.4.7/ReleaseNotes","reference_id":"ReleaseNotes","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-07T18:13:18Z/"}],"url":"https://gitlab.torproject.org/tpo/core/tor/-/raw/release-0.4.7/ReleaseNotes"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZMY4FWXYKP3MDXTZ3EJ7XJVGBCKBK2XL/","reference_id":"ZMY4FWXYKP3MDXTZ3EJ7XJVGBCKBK2XL","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-07T18:13:18Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZMY4FWXYKP3MDXTZ3EJ7XJVGBCKBK2XL/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105973?format=json","purl":"pkg:deb/debian/tor@0.4.7.13-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.7.13-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2023-23589"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u8gh-rbbr-k3h4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/184650?format=json","vulnerability_id":"VCID-ufaf-nejn-qug6","summary":"Tor is vulnerable to a possible buffer overflow, a Denial of Service,\n    information disclosure and information leak.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0414","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0414"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=349283","reference_id":"349283","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=349283"},{"reference_url":"https://security.gentoo.org/glsa/200606-04","reference_id":"GLSA-200606-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200606-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105932?format=json","purl":"pkg:deb/debian/tor@0.1.1.11-alpha-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.1.1.11-alpha-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2006-0414"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ufaf-nejn-qug6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/173858?format=json","vulnerability_id":"VCID-ug5p-646z-sbak","summary":"security update","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8819","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8819"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8820","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8820"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8821","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8821"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8822","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8822"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8823","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8823"},{"reference_url":"https://security.archlinux.org/ASA-201712-10","reference_id":"ASA-201712-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201712-10"},{"reference_url":"https://security.archlinux.org/AVG-539","reference_id":"AVG-539","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-539"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105963?format=json","purl":"pkg:deb/debian/tor@0.3.1.9-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.3.1.9-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2017-8822"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ug5p-646z-sbak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/202132?format=json","vulnerability_id":"VCID-ujwz-1c2p-93a4","summary":"Tor before 0.2.2.25-alpha, when configured as a relay without the Nickname configuration option, uses the local hostname as the Nickname value, which allows remote attackers to obtain potentially sensitive information by reading this value.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4897","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4897"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105949?format=json","purl":"pkg:deb/debian/tor@0.2.2.27-beta-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.2.2.27-beta-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2011-4897"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ujwz-1c2p-93a4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/185586?format=json","vulnerability_id":"VCID-v8b4-yw37-nbh8","summary":"Multiple vulnerabilities in Tor might allow for heap corruption, Denial of\n    Service, escalation of privileges and information disclosure.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0939","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0939"},{"reference_url":"https://security.gentoo.org/glsa/200904-11","reference_id":"GLSA-200904-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200904-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105940?format=json","purl":"pkg:deb/debian/tor@0.2.0.34-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.2.0.34-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2009-0939"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v8b4-yw37-nbh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/180232?format=json","vulnerability_id":"VCID-vgex-yk5v-mff3","summary":"Multiple vulnerabilities have been found in Tor, the worst of which\n    could result in a Denial of Service condition.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34548","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34548"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34549","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34549"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34550","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34550"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990000","reference_id":"990000","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990000"},{"reference_url":"https://security.archlinux.org/ASA-202106-50","reference_id":"ASA-202106-50","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-50"},{"reference_url":"https://security.archlinux.org/AVG-2075","reference_id":"AVG-2075","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2075"},{"reference_url":"https://security.gentoo.org/glsa/202107-25","reference_id":"GLSA-202107-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-25"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105969?format=json","purl":"pkg:deb/debian/tor@0.4.5.9-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.9-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2021-34549"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vgex-yk5v-mff3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/173854?format=json","vulnerability_id":"VCID-vmsw-av9k-huee","summary":"security update","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8819","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8819"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8820","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8820"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8821","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8821"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8822","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8822"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8823","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8823"},{"reference_url":"https://security.archlinux.org/ASA-201712-10","reference_id":"ASA-201712-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201712-10"},{"reference_url":"https://security.archlinux.org/AVG-539","reference_id":"AVG-539","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-539"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105963?format=json","purl":"pkg:deb/debian/tor@0.3.1.9-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.3.1.9-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2017-8820"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vmsw-av9k-huee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2258?format=json","vulnerability_id":"VCID-w2ef-gdsu-ffhc","summary":"","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0380","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0380"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:N"},{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876221","reference_id":"876221","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876221"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105962?format=json","purl":"pkg:deb/debian/tor@0.3.1.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.3.1.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2017-0380"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w2ef-gdsu-ffhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/185752?format=json","vulnerability_id":"VCID-w4ek-z4qw-yyf6","summary":"Multiple vulnerabilities have been found in Tor, the most severe of\n    which may allow a remote attacker to execute arbitrary code.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2778"},{"reference_url":"https://security.gentoo.org/glsa/201201-12","reference_id":"GLSA-201201-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201201-12"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105948?format=json","purl":"pkg:deb/debian/tor@0.2.2.35-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.2.2.35-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2011-2778"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w4ek-z4qw-yyf6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67898?format=json","vulnerability_id":"VCID-w8ka-vkct-a3e1","summary":"Tor before 0.4.9.7 has an out-of-bounds read when an END, a TRUNCATE, or a TRUNCATED cell lacks a reason in its payload, aka TROVE-2026-011.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44597","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44597"},{"reference_url":"https://forum.torproject.org/c/news/tor-release-announcement/28","reference_id":"28","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:11:47Z/"}],"url":"https://forum.torproject.org/c/news/tor-release-announcement/28"},{"reference_url":"https://gitlab.torproject.org/tpo/core/tor/-/work_items/41254","reference_id":"41254","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:11:47Z/"}],"url":"https://gitlab.torproject.org/tpo/core/tor/-/work_items/41254"},{"reference_url":"https://www.openwall.com/lists/oss-security/2026/05/06/8","reference_id":"8","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:11:47Z/"}],"url":"https://www.openwall.com/lists/oss-security/2026/05/06/8"},{"reference_url":"https://gitlab.torproject.org/tpo/core/tor/-/commit/8f98054b1982d00a14639864d03e9afd90b87481","reference_id":"8f98054b1982d00a14639864d03e9afd90b87481","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:11:47Z/"}],"url":"https://gitlab.torproject.org/tpo/core/tor/-/commit/8f98054b1982d00a14639864d03e9afd90b87481"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2026-44597"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w8ka-vkct-a3e1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/201478?format=json","vulnerability_id":"VCID-wgfb-hje4-zkbk","summary":"The connection_edge_process_relay_cell_not_open function in src/or/relay.c in Tor 0.2.x before 0.2.0.35 and 0.1.x before 0.1.2.8-beta allows exit relays to have an unspecified impact by causing controllers to accept DNS responses that redirect to an internal IP address via unknown vectors.  NOTE: some of these details are obtained from third party information.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2426","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2426"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=537148","reference_id":"537148","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=537148"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105941?format=json","purl":"pkg:deb/debian/tor@0.2.0.35-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.2.0.35-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2009-2426"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wgfb-hje4-zkbk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/200422?format=json","vulnerability_id":"VCID-wpjh-kkkr-r3ar","summary":"Tor before 0.1.1.20 allows remote attackers to spoof log entries or possibly execute shell code via strings with non-printable characters.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3407"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105933?format=json","purl":"pkg:deb/debian/tor@0.1.1.20-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.1.1.20-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2006-3407"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wpjh-kkkr-r3ar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/180655?format=json","vulnerability_id":"VCID-wt2a-g3j8-7ucm","summary":"Multiple vulnerabilities have been found in Tor, the worst of which could result in denial of service.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38385"},{"reference_url":"https://security.archlinux.org/AVG-2302","reference_id":"AVG-2302","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2302"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105971?format=json","purl":"pkg:deb/debian/tor@0.4.5.10-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.10-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105970?format=json","purl":"pkg:deb/debian/tor@0.4.5.10-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.10-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2021-38385"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wt2a-g3j8-7ucm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/180656?format=json","vulnerability_id":"VCID-wxj5-3578-hyct","summary":"Multiple vulnerabilities have been found in Tor, the worst of which could result in denial of service.","references":[],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105943?format=json","purl":"pkg:deb/debian/tor@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105972?format=json","purl":"pkg:deb/debian/tor@0.4.7.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.7.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2022-33903"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wxj5-3578-hyct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2256?format=json","vulnerability_id":"VCID-xbzk-7r2q-2ug9","summary":"","references":[{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:N"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.archlinux.org/ASA-201707-8","reference_id":"ASA-201707-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201707-8"},{"reference_url":"https://security.archlinux.org/AVG-336","reference_id":"AVG-336","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-336"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105943?format=json","purl":"pkg:deb/debian/tor@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2017-0377"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xbzk-7r2q-2ug9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/200426?format=json","vulnerability_id":"VCID-yahf-ju5h-1bdx","summary":"TLS handshakes in Tor before 0.1.1.20 generate public-private keys based on TLS context rather than the connection, which makes it easier for remote attackers to conduct brute force attacks on the encryption keys.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3411","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3411"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105933?format=json","purl":"pkg:deb/debian/tor@0.1.1.20-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.1.1.20-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2006-3411"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yahf-ju5h-1bdx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/202131?format=json","vulnerability_id":"VCID-ynjr-6hzj-d3hz","summary":"Tor before 0.2.2.24-alpha continues to use a reachable bridge that was previously configured but is not currently configured, which might allow remote attackers to obtain sensitive information about clients in opportunistic circumstances by monitoring network traffic to the bridge port.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4896","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4896"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105949?format=json","purl":"pkg:deb/debian/tor@0.2.2.27-beta-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.2.2.27-beta-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2011-4896"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ynjr-6hzj-d3hz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/200761?format=json","vulnerability_id":"VCID-ynty-4qge-5yaf","summary":"Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid authentication, as demonstrated by an HTML form (1) hosted on a web site or (2) injected by a Tor exit node.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4174","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4174"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105937?format=json","purl":"pkg:deb/debian/tor@0.1.2.16-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.1.2.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2007-4174"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ynty-4qge-5yaf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/115658?format=json","vulnerability_id":"VCID-z3h7-br8c-17dk","summary":"security update","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2928","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2928"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2929","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2929"},{"reference_url":"https://security.gentoo.org/glsa/201507-02","reference_id":"GLSA-201507-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201507-02"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105958?format=json","purl":"pkg:deb/debian/tor@0.2.5.12-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.2.5.12-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2015-2929"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z3h7-br8c-17dk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207753?format=json","vulnerability_id":"VCID-zdqy-838u-dqgh","summary":"Tor before 0.4.3.6 has an out-of-bounds memory access that allows a remote denial-of-service (crash) attack against Tor instances built to use Mozilla Network Security Services (NSS), aka TROVE-2020-001.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15572"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105967?format=json","purl":"pkg:deb/debian/tor@0.4.3.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.3.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105928?format=json","purl":"pkg:deb/debian/tor@0.4.5.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4x3c-qh4m-xbeq"},{"vulnerability":"VCID-54t7-dh1e-n3f8"},{"vulnerability":"VCID-eym9-72k1-c7ae"},{"vulnerability":"VCID-gkr8-t5vk-1fde"},{"vulnerability":"VCID-m3pd-5xaq-pfcq"},{"vulnerability":"VCID-r5m7-m7ur-x3cw"},{"vulnerability":"VCID-w8ka-vkct-a3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.5.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105926?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105930?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105929?format=json","purl":"pkg:deb/debian/tor@0.4.9.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-1%3Fdistro=trixie"}],"aliases":["CVE-2020-15572"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zdqy-838u-dqgh"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tor@0.4.9.8-0%252Bdeb12u1%3Fdistro=trixie"}