Page 15 of 85 results (0.008 seconds)

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2009-3026 – pidgin: ignores SSL/TLS requirements with old jabber servers

https://notcve.org/view.php?id=CVE-2009-3026

protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption and allows remote attackers to sniff sessions. protocols/jabber/auth.c en libpurple en Pidgin v2.6.0, y posiblemente otras versiones, no siguen las preferencias "requeridas en TSL/SSL" cuando se conectan a un servidor Jabber viejo, que no siguen las especificaciones XMPP, lo que provoca que libpurple se conecte al servidor sin el cifrado esperado y permita a atacantes remotos poder espíar la sesión. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542891 http://developer.pidgin.im/ticket/8131 http://developer.pidgin.im/viewmtn/revision/diff/312e056d702d29379ea61aea9d27765f127bc888/with/55897c4ce0787edc1e7721b7f4a9b5cbc8357279 http://secunia.com/advisories/37071 http://www.openwall.com/lists/oss-security/2009/08/24/2 http://www.securityfocus.com/bid/36368 https://exchange.xforce.ibmcloud.com/vulnerabilities/53000 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11070 https • CWE-310: Cryptographic Issues •

CVSS: 10.0EPSS: 12%CPEs: 29EXPL: 3

CVE-2009-2694 – Pidgin MSN 2.5.8 - Remote Code Execution

https://notcve.org/view.php?id=CVE-2009-2694

The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376. La función msn_slplink_process_msg en libpurple/protocols/msn/slplink.c en libpurple, tal como se usa en Pidgin (anteriormente Gaim) en versiones anteriores a la 2.5.9 y Adium 1.3.5 y versiones anteriores, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) mediante el envío de múltiples mensajes SLP (alias MSNSLP) manipulados para disparar una sobreescritura de una zona de memoria de su elección. NOTA: esta vulnerabilidad reportada está causada por una reparación incompleta de CVE-2009-1376. • https://www.exploit-db.com/exploits/9615 http://developer.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0e http://developer.pidgin.im/wiki/ChangeLog http://secunia.com/advisories/36384 http://secunia.com/advisories/36392 http://secunia.com/advisories/36401 http://secunia.com/advisories/36402 http://secunia.com/advisories/36708 http://secunia.com/advisories/37071 http://sunsolve.sun.com/search/document.do?assetkey=1-66-266908-1 http://www.coresecurity.com/content/lib • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 5%CPEs: 26EXPL: 0

CVE-2009-1889 – pidgin: DoS via specially-crafted ICQWebMessage

https://notcve.org/view.php?id=CVE-2009-1889

The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets the ICQWebMessage message type as the ICQSMS message type, which allows remote attackers to cause a denial of service (application crash) via a crafted ICQ web message that triggers allocation of a large amount of memory. La implementación del protocolo OSCAR en Pidgin anterior a v2.5.8 no interpreta el tipo de mensaje ICQWebMessage como tipo ICQSMS, lo que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un mensaje web ICQ manipulado que lanza una asignación de una gran cantidad de memoria. • http://developer.pidgin.im/ticket/9483 http://pidgin.im/pipermail/devel/2009-May/008227.html http://secunia.com/advisories/35693 http://secunia.com/advisories/35697 http://secunia.com/advisories/35706 http://secunia.com/advisories/37071 http://www.redhat.com/support/errata/RHSA-2009-1139.html http://www.securityfocus.com/bid/35530 http://www.ubuntu.com/usn/USN-796-1 http://www.vupen.com/english/advisories/2009/1749 https://bugzilla.redhat.com/show_bug.cgi?id=5 • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 11%CPEs: 21EXPL: 0

CVE-2009-1374 – pidgin DoS when decrypting qq packets

https://notcve.org/view.php?id=CVE-2009-1374

Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) before 2.5.6 allows remote attackers to cause a denial of service (application crash) via a QQ packet. Desbordamiento de búfer en la función decrypt_out en Pidgin anteriores a v2.5.6 permite a atacantes remotos producir una denegación de servicio (caída de aplicación)a través de un paquete QQ. • http://secunia.com/advisories/35188 http://secunia.com/advisories/35194 http://secunia.com/advisories/35202 http://secunia.com/advisories/35294 http://secunia.com/advisories/35329 http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:173 http://www.pidgin.im/news/security/?id=30 http://www.redhat.com/support/errata/RHSA-2009-1060.html http://www.securityfocus.com/bid/35067 http://www.ubuntu.com/usn • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.1EPSS: 4%CPEs: 21EXPL: 0

CVE-2009-1373 – pidgin file transfer buffer overflow

https://notcve.org/view.php?id=CVE-2009-1373

Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information. Desbordamiento de búfer en XMPP SOCKS5 bytestream server en Pidgin anteriores a v2.5.6 permite a usuarios remotos autenticados ejecutar código de forma arbitraria a través de vectores que incluyen una transferencia de fichero saliente XMPP. NOTA: Algunos de los detalles fueron obtenidos de información de terceros. • http://debian.org/security/2009/dsa-1805 http://secunia.com/advisories/35188 http://secunia.com/advisories/35194 http://secunia.com/advisories/35202 http://secunia.com/advisories/35215 http://secunia.com/advisories/35294 http://secunia.com/advisories/35329 http://secunia.com/advisories/35330 http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:140 http://www.mandriva.com/security/advisories?name=MDVSA-2009:17 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •