CVE-2021-39246

MEDIUM Year: 2021
CVSS v3 Score
6.1
Medium
CVSS v2 Score
3.6
Low
Weakness Type
CWE-532
View all →

Vulnerability Description

Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack that can compromise the privacy of visits to v2 onion addresses. Exact timestamps of these onion-service visits are logged locally, and an attacker might be able to compare them to timestamp data collected by the destination server (or collected by a rogue site within the Tor network).

Related Vulnerabilities

CVE-2019-11271

MEDIUM
CVSS:6.0(Medium)

Cloud Foundry BOSH 270.x versions prior to v270.1.1, contain a BOSH Director that does not properly redact credentials when configured to use a MySQL database. A local authenticated malicious user may...

CWE-5322019

CVE-2019-19756

MEDIUM
CVSS:6.0(Medium)

An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered Windows OS credentials, used to perform driver updates of managed systems, being written to a log file in clear te...

CWE-5322019

CVE-2025-2002

MEDIUM
CVSS:6.0(Medium)

CWE-532: Insertion of Sensitive Information into Log Files vulnerability exists that could cause the disclosure of FTP server credentials when the FTP server is deployed, and the device is placed in d...

CWE-5322025

CVE-2017-5137

MEDIUM
CVSS:6.2(Medium)

An issue was discovered on SendQuick Entera and Avera devices before 2HF16. An attacker could request and download the SMS logs from an unauthenticated perspective.

CWE-5322017

CVE-2021-20536

MEDIUM
CVSS:6.2(Medium)

IBM Spectrum Protect Plus File Systems Agent 10.1.6 and 10.1.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 198836.

CWE-5322021

CVE-2023-40694

MEDIUM
CVSS:6.2(Medium)

IBM Watson CP4D Data Stores 4.0.0 through 4.8.4 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 264838.

CWE-5322023