Filtered by vendor Pidgin
Subscribe
Total
90 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-1374 | 1 Pidgin | 1 Pidgin | 2024-11-21 | 5.0 MEDIUM | N/A |
Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) before 2.5.6 allows remote attackers to cause a denial of service (application crash) via a QQ packet. | |||||
CVE-2009-1373 | 1 Pidgin | 1 Pidgin | 2024-11-21 | 7.1 HIGH | N/A |
Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-3532 | 1 Pidgin | 1 Pidgin | 2024-11-21 | 6.8 MEDIUM | N/A |
The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service. | |||||
CVE-2008-2957 | 1 Pidgin | 1 Pidgin | 2024-11-21 | 6.4 MEDIUM | N/A |
The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL. | |||||
CVE-2008-2956 | 1 Pidgin | 1 Pidgin | 2024-11-21 | 5.0 MEDIUM | N/A |
Memory leak in Pidgin 2.0.0, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via malformed XML documents. NOTE: this issue has been disputed by the upstream vendor, who states: "I was never able to identify a scenario under which a problem occurred and the original reporter wasn't able to supply any sort of reproduction details." | |||||
CVE-2008-2955 | 1 Pidgin | 1 Pidgin | 2024-11-21 | 4.3 MEDIUM | N/A |
Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplink_process_msg function. | |||||
CVE-2008-2927 | 2 Adium, Pidgin | 2 Adium, Pidgin | 2024-11-21 | 6.8 MEDIUM | N/A |
Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.4.3 and Adium before 1.3 allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, a different vulnerability than CVE-2008-2955. | |||||
CVE-2007-4999 | 1 Pidgin | 1 Pidgin | 2024-11-21 | 4.3 MEDIUM | N/A |
libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows remote attackers to cause a denial of service (NULL dereference and application crash) via a message that contains invalid HTML data, a different vector than CVE-2007-4996. | |||||
CVE-2007-4996 | 1 Pidgin | 1 Pidgin | 2024-11-21 | 4.3 MEDIUM | N/A |
libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver's buddy list, which allows remote attackers to cause a denial of service (crash) via a nudge message that triggers an access of "an invalid memory location." | |||||
CVE-2007-3841 | 1 Pidgin | 1 Pidgin | 2024-11-21 | 9.0 HIGH | N/A |
Unspecified vulnerability in Pidgin (formerly Gaim) 2.0.2 for Linux allows remote authenticated users, who are listed in a users list, to execute certain commands via unspecified vectors, aka ZD-00000035. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. |