Page 14 of 84 results (0.011 seconds)

CVSS: 5.0EPSS: 2%CPEs: 37EXPL: 0

The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images. El plugin para el protocolo XMPP en libpurple en Pidgin anterior a v2.6.2 no maneja adecuadamente un error en la trama IQ (petición de información) durante un intento de traer un smiley personalizado, permitiendo a atacantes remotos provocar una denegación de servicio (fin de la aplicación) mediante contenido XHTML-IM con imagenes "cid:". • http://developer.pidgin.im/viewmtn/revision/info/fd5955618eddcd84d522b30ff11102f9601f38c8 http://secunia.com/advisories/36601 http://www.pidgin.im/news/security/index.php?id=37 http://www.securityfocus.com/bid/36277 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11223 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6434 https://access.redhat.com/security/cve/CVE-2009-3085 https://bugzilla.redhat.com/show_bug.cgi?id=521853 • CWE-476: NULL Pointer Dereference •

CVSS: 5.0EPSS: 4%CPEs: 37EXPL: 0

The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an SLP invite message that lacks certain required fields, as demonstrated by a malformed message from a KMess client. La función msn_slp_sip_recv de libpurple/protocols/msn/slp.c en el "plugin" (complemento) del protocolo MSN de libpurple de Pidgin en sus versiones anteriores a la v2.6.2 permite a atacantes remotos provocar una denegación de servicio (resolución de una referencia a puntero NULL y caída de la aplicación) a través de un mensaje SLP invite que carece de determinados campos obligatorios, tal como se ha demostrado con un mensaje mal formado desde un cliente KMess. • http://developer.pidgin.im/ticket/10159 http://developer.pidgin.im/viewmtn/revision/diff/6d3fc30a0a0a379281efc5a6872a9c1d7c24c650/with/b4a95ea62b81a06ffc1993912471c511b786efdd/libpurple/protocols/msn/slp.c http://developer.pidgin.im/viewmtn/revision/info/b4a95ea62b81a06ffc1993912471c511b786efdd http://secunia.com/advisories/36601 http://www.pidgin.im/news/security/index.php?id=39 http://www.securityfocus.com/bid/36277 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11852 https://oval.cisec • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •

CVSS: 5.0EPSS: 0%CPEs: 37EXPL: 0

libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service (NULL pointer dereference and application crash) via a TOPIC message that lacks a topic string. libpurple/protocols/irc/msgs.c en el complemento (plugin) de protocolo IRC de libpurple en Pidgin v2.6.2 permite causar a servidores IRC remotos para una denegación de servicio (mediante una desreferencia a puntero NULL y caida de la aplicación) a través de un mensaje TOPIC que carece de una cadena de asunto. • http://developer.pidgin.im/viewmtn/revision/info/ad2c6ee53ec9122b25aeb1f918db53be69bdeac3 http://secunia.com/advisories/36601 http://www.pidgin.im/news/security/index.php?id=40 http://www.securityfocus.com/bid/36277 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11379 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6435 https://access.redhat.com/security/cve/CVE-2009-2703 https://bugzilla.redhat.com/show_bug.cgi?id=521823 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption and allows remote attackers to sniff sessions. protocols/jabber/auth.c en libpurple en Pidgin v2.6.0, y posiblemente otras versiones, no siguen las preferencias "requeridas en TSL/SSL" cuando se conectan a un servidor Jabber viejo, que no siguen las especificaciones XMPP, lo que provoca que libpurple se conecte al servidor sin el cifrado esperado y permita a atacantes remotos poder espíar la sesión. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542891 http://developer.pidgin.im/ticket/8131 http://developer.pidgin.im/viewmtn/revision/diff/312e056d702d29379ea61aea9d27765f127bc888/with/55897c4ce0787edc1e7721b7f4a9b5cbc8357279 http://secunia.com/advisories/37071 http://www.openwall.com/lists/oss-security/2009/08/24/2 http://www.securityfocus.com/bid/36368 https://exchange.xforce.ibmcloud.com/vulnerabilities/53000 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11070 https • CWE-310: Cryptographic Issues •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers to cause a denial of service (crash) via a link in a Yahoo IM. Vulnerabilidad no específica en Pidgin v2.6.0 permite a atacantes remotos provocar una denegación de servicio (caída) a través de un enlace en Yahoo IM. • http://developer.pidgin.im/wiki/ChangeLog http://www.openwall.com/lists/oss-security/2009/08/19/2 https://exchange.xforce.ibmcloud.com/vulnerabilities/52994 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6167 •