Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
otr vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2016-9107
The OTR plugin for Gajim sends information in cleartext when using XHTML, which allows remote malicious users to obtain sensitive information via unspecified vectors.
Otr Gajim-otr -
NA
CVE-2012-2369
Format string vulnerability in the log_message_cb function in otr-plugin.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin prior to 3.2.1 for Pidgin might allow remote malicious users to execute arbitrary code via format string specifiers in data that generates a log mess...
Cypherpunks Pidgin-otr
9.8
CVSSv3
CVE-2015-8833
Use-after-free vulnerability in the create_smp_dialog function in gtk-dialog.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin prior to 4.0.2 for Pidgin allows remote malicious users to execute arbitrary code via vectors related to the "Authenticate buddy" menu ...
Cypherpunks Pidgin-otr
5.5
CVSSv3
CVE-2012-1257
Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local users to obtain sensitive information via a dbus session monitor.
Pidgin Pidgin 2.10.0
1 EDB exploit
9.8
CVSSv3
CVE-2016-2851
Integer overflow in proto.c in libotr prior to 4.1.1 on 64-bit platforms allows remote malicious users to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow.
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Opensuse Opensuse 13.2
Opensuse Leap 42.1
Cypherpunks Libotr
1 EDB exploit
4.5
CVSSv3
CVE-2016-10376
Gajim up to and including 0.16.7 unconditionally implements the "XEP-0146: Remote Controlling Clients" extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions.
Gajim Gajim
NA
CVE-2012-3461
The (1) otrl_base64_otr_decode function in src/b64.c; (2) otrl_proto_data_read_flags and (3) otrl_proto_accept_data functions in src/proto.c; and (4) decode function in toolkit/parse.c in libotr prior to 3.2.1 allocates a zero-length buffer when decoding a base64 string, which al...
Cypherpunks Libotr 3.1.0
Cypherpunks Libotr
5.9
CVSSv3
CVE-2017-2448
An issue exists in certain Apple products. iOS prior to 10.3 is affected. macOS prior to 10.12.4 is affected. tvOS prior to 10.2 is affected. The issue involves the "Keychain" component. It allows man-in-the-middle malicious users to bypass an iCloud Keychain secret pro...
Apple Mac Os X
Apple Watchos
Apple Tvos
Apple Iphone Os
1 Article
7.8
CVSSv3
CVE-2021-29949
When loading the shared library that provides the OTR protocol implementation, Thunderbird will initially attempt to open it using a filename that isn't distributed by Thunderbird. If a computer has already been infected with a malicious library of the alternative filename, ...
Mozilla Thunderbird
9.8
CVSSv3
CVE-2016-1037
Adobe Reader and Acrobat prior to 11.0.16, Acrobat and Acrobat Reader DC Classic prior to 15.006.30172, and Acrobat and Acrobat Reader DC Continuous prior to 15.016.20039 on Windows and OS X allow malicious users to execute arbitrary code or cause a denial of service (memory corr...
Adobe Acrobat Dc
Adobe Acrobat
Adobe Acrobat Reader Dc
Adobe Reader
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »