Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
otr vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2016-9107
The OTR plugin for Gajim sends information in cleartext when using XHTML, which allows remote malicious users to obtain sensitive information via unspecified vectors.
Otr Gajim-otr -
668
VMScore
CVE-2012-2369
Format string vulnerability in the log_message_cb function in otr-plugin.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin prior to 3.2.1 for Pidgin might allow remote malicious users to execute arbitrary code via format string specifiers in data that generates a log mess...
Cypherpunks Pidgin-otr
890
VMScore
CVE-2015-8833
Use-after-free vulnerability in the create_smp_dialog function in gtk-dialog.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin prior to 4.0.2 for Pidgin allows remote malicious users to execute arbitrary code via vectors related to the "Authenticate buddy" menu ...
Cypherpunks Pidgin-otr
215
VMScore
CVE-2012-1257
Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local users to obtain sensitive information via a dbus session monitor.
Pidgin Pidgin 2.10.0
1 EDB exploit
755
VMScore
CVE-2016-2851
Integer overflow in proto.c in libotr prior to 4.1.1 on 64-bit platforms allows remote malicious users to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow.
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Opensuse Opensuse 13.2
Opensuse Leap 42.1
Cypherpunks Libotr
1 EDB exploit
312
VMScore
CVE-2016-10376
Gajim up to and including 0.16.7 unconditionally implements the "XEP-0146: Remote Controlling Clients" extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions.
Gajim Gajim
383
VMScore
CVE-2012-3461
The (1) otrl_base64_otr_decode function in src/b64.c; (2) otrl_proto_data_read_flags and (3) otrl_proto_accept_data functions in src/proto.c; and (4) decode function in toolkit/parse.c in libotr prior to 3.2.1 allocates a zero-length buffer when decoding a base64 string, which al...
Cypherpunks Libotr 3.1.0
Cypherpunks Libotr
383
VMScore
CVE-2017-2448
An issue exists in certain Apple products. iOS prior to 10.3 is affected. macOS prior to 10.12.4 is affected. tvOS prior to 10.2 is affected. The issue involves the "Keychain" component. It allows man-in-the-middle malicious users to bypass an iCloud Keychain secret pro...
Apple Mac Os X
Apple Watchos
Apple Tvos
Apple Iphone Os
1 Article
392
VMScore
CVE-2021-29949
When loading the shared library that provides the OTR protocol implementation, Thunderbird will initially attempt to open it using a filename that isn't distributed by Thunderbird. If a computer has already been infected with a malicious library of the alternative filename, ...
Mozilla Thunderbird
890
VMScore
CVE-2016-1037
Adobe Reader and Acrobat prior to 11.0.16, Acrobat and Acrobat Reader DC Classic prior to 15.006.30172, and Acrobat and Acrobat Reader DC Continuous prior to 15.016.20039 on Windows and OS X allow malicious users to execute arbitrary code or cause a denial of service (memory corr...
Adobe Acrobat Dc
Adobe Acrobat
Adobe Acrobat Reader Dc
Adobe Reader
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »