Page 15 of 74 results (0.006 seconds)

CVSS: 7.1EPSS: 4%CPEs: 21EXPL: 0

CVE-2009-1373 – pidgin file transfer buffer overflow

https://notcve.org/view.php?id=CVE-2009-1373

Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information. Desbordamiento de búfer en XMPP SOCKS5 bytestream server en Pidgin anteriores a v2.5.6 permite a usuarios remotos autenticados ejecutar código de forma arbitraria a través de vectores que incluyen una transferencia de fichero saliente XMPP. NOTA: Algunos de los detalles fueron obtenidos de información de terceros. • http://debian.org/security/2009/dsa-1805 http://secunia.com/advisories/35188 http://secunia.com/advisories/35194 http://secunia.com/advisories/35202 http://secunia.com/advisories/35215 http://secunia.com/advisories/35294 http://secunia.com/advisories/35329 http://secunia.com/advisories/35330 http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:140 http://www.mandriva.com/security/advisories?name=MDVSA-2009:17 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 12%CPEs: 21EXPL: 0

CVE-2009-1375 – pidgin PurpleCircBuffer corruption

https://notcve.org/view.php?id=CVE-2009-1375

The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2.5.6 does not properly maintain a certain buffer, which allows remote attackers to cause a denial of service (memory corruption and application crash) via vectors involving the (1) XMPP or (2) Sametime protocol. La implementación PurpleCircBuffer en Pidgin anteriores a v2.5.6 no mantienen de forma adecuada cierto búfer, lo que permite a atacantes remotos producir una denegación de servicio (corrupción de memoria y caída de aplicación) a través de vectores que incluyen los protocolos (1) XMPP o (2) Sametime. • http://debian.org/security/2009/dsa-1805 http://osvdb.org/54649 http://secunia.com/advisories/35188 http://secunia.com/advisories/35194 http://secunia.com/advisories/35202 http://secunia.com/advisories/35215 http://secunia.com/advisories/35294 http://secunia.com/advisories/35329 http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:173 http://www.pidgin.im/news/security/?id=31 http://www.redhat&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 26%CPEs: 9EXPL: 1

CVE-2009-1376 – Multiple Vendor libpurple MSN Protocol SLP Message Heap Overflow Vulnerability

https://notcve.org/view.php?id=CVE-2009-1376

Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927. Múltiples desbordamientos de entero en las funciones msn_slplink_process_msg en el manejador del protocolo de MSN en (1) libpurple/protocols/msn/slplink.c y (2) libpurple/protocols/msnp9/slplink.c en Pidgin anterior a v2.5.6 en plataformas de 32 bits permite a atacantes remotos ejecutar código arbitrario a través de un mensaje mal formado con un valor de offset manipulado, que produce un desbordamiento de búfer. NOTA: Este hecho se produce por un arreglo incompleto de CVE-2008-2927. This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of messaging applications that make use of the libpurple library. • https://www.exploit-db.com/exploits/9615 http://debian.org/security/2009/dsa-1805 http://secunia.com/advisories/35188 http://secunia.com/advisories/35194 http://secunia.com/advisories/35202 http://secunia.com/advisories/35215 http://secunia.com/advisories/35294 http://secunia.com/advisories/35329 http://secunia.com/advisories/35330 http://secunia.com/advisories/37071 http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml http://www.mandriva.com/security/advisories&# • CWE-189: Numeric Errors •

CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 1

CVE-2008-3532 – pidgin: NSS plugin doesn't verify SSL certificates

https://notcve.org/view.php?id=CVE-2008-3532

The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service. La extensión (plugin) NSS en libpurple de Pidgin 2.4.3 no verifica certificados SSL, lo cual hace más fácil a atacantes remotos engañar a usuarios a aceptar un certificado de servidor no válido para un servicio suplantado. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492434 http://developer.pidgin.im/attachment/ticket/6500/nss-cert-verify.patch http://developer.pidgin.im/attachment/ticket/6500/nss_add_rev.patch http://developer.pidgin.im/ticket/6500 http://secunia.com/advisories/31390 http://secunia.com/advisories/32859 http://secunia.com/advisories/33102 http://support.avaya.com/elmodocs2/security/ASA-2008-493.htm http://www.mandriva.com/security/advisories?name=MDVSA-2009:025 http://www • CWE-310: Cryptographic Issues •