Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
otr vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2016-9107
The OTR plugin for Gajim sends information in cleartext when using XHTML, which allows remote malicious users to obtain sensitive information via unspecified vectors.
Otr Gajim-otr -
NA
CVE-2012-2369
Format string vulnerability in the log_message_cb function in otr-plugin.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin prior to 3.2.1 for Pidgin might allow remote malicious users to execute arbitrary code via format string specifiers in data that generates a log mess...
Cypherpunks Pidgin-otr
9.8
CVSSv3
CVE-2015-8833
Use-after-free vulnerability in the create_smp_dialog function in gtk-dialog.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin prior to 4.0.2 for Pidgin allows remote malicious users to execute arbitrary code via vectors related to the "Authenticate buddy" menu ...
Cypherpunks Pidgin-otr
5.5
CVSSv3
CVE-2012-1257
Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local users to obtain sensitive information via a dbus session monitor.
Pidgin Pidgin 2.10.0
1 EDB exploit
9.8
CVSSv3
CVE-2016-2851
Integer overflow in proto.c in libotr prior to 4.1.1 on 64-bit platforms allows remote malicious users to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow.
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Opensuse Opensuse 13.2
Opensuse Leap 42.1
Cypherpunks Libotr
1 EDB exploit
4.5
CVSSv3
CVE-2016-10376
Gajim up to and including 0.16.7 unconditionally implements the "XEP-0146: Remote Controlling Clients" extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions.
Gajim Gajim
NA
CVE-2012-3461
The (1) otrl_base64_otr_decode function in src/b64.c; (2) otrl_proto_data_read_flags and (3) otrl_proto_accept_data functions in src/proto.c; and (4) decode function in toolkit/parse.c in libotr prior to 3.2.1 allocates a zero-length buffer when decoding a base64 string, which al...
Cypherpunks Libotr 3.1.0
Cypherpunks Libotr
5.9
CVSSv3
CVE-2017-2448
An issue exists in certain Apple products. iOS prior to 10.3 is affected. macOS prior to 10.12.4 is affected. tvOS prior to 10.2 is affected. The issue involves the "Keychain" component. It allows man-in-the-middle malicious users to bypass an iCloud Keychain secret pro...
Apple Mac Os X
Apple Watchos
Apple Tvos
Apple Iphone Os
1 Article
7.8
CVSSv3
CVE-2021-29949
When loading the shared library that provides the OTR protocol implementation, Thunderbird will initially attempt to open it using a filename that isn't distributed by Thunderbird. If a computer has already been infected with a malicious library of the alternative filename, ...
Mozilla Thunderbird
7.5
CVSSv3
CVE-2019-17596
Go prior to 1.12.11 and 1.3.x prior to 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.
Golang Go
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Redhat Enterprise Linux 8.0
Redhat Developer Tools 1.0
Redhat Enterprise Linux Server 8.1
Opensuse Leap 15.0
Opensuse Leap 15.1
Arista Mos
Arista Eos
Arista Cloudvision Portal 2019.1.2
Arista Cloudvision Portal 2019.1.1
Arista Cloudvision Portal 2019.1.0
Arista Cloudvision Portal
Arista Terminattr
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »