Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
otr vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2016-9107
The OTR plugin for Gajim sends information in cleartext when using XHTML, which allows remote malicious users to obtain sensitive information via unspecified vectors.
Otr Gajim-otr -
9.8
CVSSv3
CVE-2015-8833
Use-after-free vulnerability in the create_smp_dialog function in gtk-dialog.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin prior to 4.0.2 for Pidgin allows remote malicious users to execute arbitrary code via vectors related to the "Authenticate buddy" menu ...
Cypherpunks Pidgin-otr
NA
CVE-2012-2369
Format string vulnerability in the log_message_cb function in otr-plugin.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin prior to 3.2.1 for Pidgin might allow remote malicious users to execute arbitrary code via format string specifiers in data that generates a log mess...
Cypherpunks Pidgin-otr
5.5
CVSSv3
CVE-2012-1257
Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local users to obtain sensitive information via a dbus session monitor.
Pidgin Pidgin 2.10.0
1 EDB exploit
9.8
CVSSv3
CVE-2016-2851
Integer overflow in proto.c in libotr prior to 4.1.1 on 64-bit platforms allows remote malicious users to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow.
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Opensuse Opensuse 13.2
Opensuse Leap 42.1
Cypherpunks Libotr
1 EDB exploit
4.5
CVSSv3
CVE-2016-10376
Gajim up to and including 0.16.7 unconditionally implements the "XEP-0146: Remote Controlling Clients" extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions.
Gajim Gajim
NA
CVE-2012-3461
The (1) otrl_base64_otr_decode function in src/b64.c; (2) otrl_proto_data_read_flags and (3) otrl_proto_accept_data functions in src/proto.c; and (4) decode function in toolkit/parse.c in libotr prior to 3.2.1 allocates a zero-length buffer when decoding a base64 string, which al...
Cypherpunks Libotr 3.1.0
Cypherpunks Libotr
5.9
CVSSv3
CVE-2017-2448
An issue exists in certain Apple products. iOS prior to 10.3 is affected. macOS prior to 10.12.4 is affected. tvOS prior to 10.2 is affected. The issue involves the "Keychain" component. It allows man-in-the-middle malicious users to bypass an iCloud Keychain secret pro...
Apple Mac Os X
Apple Watchos
Apple Tvos
Apple Iphone Os
1 Article
7.8
CVSSv3
CVE-2021-29949
When loading the shared library that provides the OTR protocol implementation, Thunderbird will initially attempt to open it using a filename that isn't distributed by Thunderbird. If a computer has already been infected with a malicious library of the alternative filename, ...
Mozilla Thunderbird
9.8
CVSSv3
CVE-2016-1037
Adobe Reader and Acrobat prior to 11.0.16, Acrobat and Acrobat Reader DC Classic prior to 15.006.30172, and Acrobat and Acrobat Reader DC Continuous prior to 15.016.20039 on Windows and OS X allow malicious users to execute arbitrary code or cause a denial of service (memory corr...
Adobe Acrobat Dc
Adobe Acrobat
Adobe Acrobat Reader Dc
Adobe Reader
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »