CVSS: 5.8EPSS: 3%CPEs: 5EXPL: 1CVE-2016-4323 – Gentoo Linux Security Advisory 201701-38
https://notcve.org/view.php?id=CVE-2016-4323
12 Jul 2016 — A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or someone with access to the network traffic can provide an invalid filename for a splash image triggering the vulnerability. Exste un salto de directorio en el manejo del protocolo MXIT en Pidgin. Datos MXIT especialmente manipulados enviados desde el servidor podrían resultar potencialmente en una sobreescritura... • http://www.debian.org/security/2016/dsa-3620 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.4EPSS: 1%CPEs: 17EXPL: 0CVE-2014-3694 – pidgin: SSL/TLS plug-ins failed to check Basic Constraints
https://notcve.org/view.php?id=CVE-2014-3694
24 Oct 2014 — The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. (1) El plugin bundled GnuTLS SSL/TLS y (2) el plugin bundled OpenSSL SSL/TLS en libpurple en Pidgin anterior a 2.10.10 no consideran debidamente la extensión ... • http://hg.pidgin.im/pidgin/main/rev/2e4475087f04 • CWE-295: Improper Certificate Validation CWE-310: Cryptographic Issues •
CVSS: 5.0EPSS: 2%CPEs: 10EXPL: 0CVE-2014-3695 – pidgin: crash in Mxit protocol plug-in
https://notcve.org/view.php?id=CVE-2014-3695
24 Oct 2014 — markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a large length value in an emoticon response. markup.c en el plugin de protocolo MXit en libpurple en Pidgin anterior a 2.10.10 permite a servidores remotos causar una denegación de servicio (caída de aplicación) a través de un valor grande de longitud en una respuesta emoticon. A denial of service flaw was found in the way Pidgin's Mxit plug-in handled emotic... • http://hg.pidgin.im/pidgin/main/rev/6436e14bdb9d • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 2%CPEs: 10EXPL: 0CVE-2014-3696 – pidgin: denial of service parsing Groupwise server message
https://notcve.org/view.php?id=CVE-2014-3696
24 Oct 2014 — nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a crafted server message that triggers a large memory allocation. nmevent.c en el plugin del protocolo Novell GroupWise en libpurple en Pidgin anterior a 2.10.10 permite a servidores remotos causar una denegación de servicio (caída de aplicación) a través de un mensaje del servidor manipulado que provoca una reserva grande de memoria. A denial of ... • http://hg.pidgin.im/pidgin/main/rev/44fd89158777 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2014-3697 – Slackware Security Advisory - pidgin Updates
https://notcve.org/view.php?id=CVE-2014-3697
24 Oct 2014 — Absolute path traversal vulnerability in the untar_block function in win32/untar.c in Pidgin before 2.10.10 on Windows allows remote attackers to write to arbitrary files via a drive name in a tar archive of a smiley theme. Vulnerabilidad de salto de ruta absoluta en la función untar_block en win32/untar.c en Pidgin anterior a 2.10.10 en Windows permite a atacantes remotos escribir a ficheros arbitrarios a través de un nombre drive en un archivo tar de un tema smiley. New pidgin packages are available for S... • http://hg.pidgin.im/pidgin/main/rev/68b8eb10977f • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.0EPSS: 1%CPEs: 10EXPL: 0CVE-2014-3698 – pidgin: remote information leak via crafted XMPP message
https://notcve.org/view.php?id=CVE-2014-3698
24 Oct 2014 — The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows remote attackers to obtain sensitive information from process memory via a crafted XMPP message. La función jabber_idn_validate en jutil.c en el plugin de protocolo Jabber en libpurple en Pidgin anterior a 2.10.10 permite a atacantes remotos obtener información sensible de la memoria de procesos a través de un mensaje XMPP manipulado. An information disclosure flaw was discovered in the way... • http://hg.pidgin.im/pidgin/main/rev/ea46ab68f0dc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 7.5EPSS: 1%CPEs: 53EXPL: 0CVE-2013-6477 – pidgin: DoS when handling timestamps in the XMPP plugin
https://notcve.org/view.php?id=CVE-2013-6477
04 Feb 2014 — Multiple integer signedness errors in libpurple in Pidgin before 2.10.8 allow remote attackers to cause a denial of service (application crash) via a crafted timestamp value in an XMPP message. Múltiples errores de signo de enteros en libpurple en Pidgin anterior a 2.10.8 permiten a atacantes remotos causar una denegación de servicio (caída de la aplicación) a través de un valor timestamp manipulado en un mensaje XMPP. The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validat... • http://hg.pidgin.im/pidgin/main/rev/852014ae74a0 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 3%CPEs: 53EXPL: 0CVE-2013-6478 – pidgin: DoS when rendering long URLs
https://notcve.org/view.php?id=CVE-2013-6478
04 Feb 2014 — gtkimhtml.c in Pidgin before 2.10.8 does not properly interact with underlying library support for wide Pango layouts, which allows user-assisted remote attackers to cause a denial of service (application crash) via a long URL that is examined with a tooltip. gtkimhtml.c en Pidgin anterior a 2.10.8 no interactua debidamente con la librería subyacente de soporte para un amplio número de diseños de Pango, lo que permite a atacantes remotos asistidos por usuario causar una denegación de servicio (caída de la a... • http://hg.pidgin.im/pidgin/main/rev/2bb66ef1475e • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 53EXPL: 0CVE-2013-6479 – pidgin: DoS when parsing certain HTTP response headers
https://notcve.org/view.php?id=CVE-2013-6479
04 Feb 2014 — util.c in libpurple in Pidgin before 2.10.8 does not properly allocate memory for HTTP responses that are inconsistent with the Content-Length header, which allows remote HTTP servers to cause a denial of service (application crash) via a crafted response. util.c en libpurple en Pidgin anterior a 2.10.8 no reserva correctamente la memoria para las respuestas HTTP que son inconsistentes con la cabecera Content-Length, lo que permite a servidores HTTP remotos causar una denegación de servicio (caída de la apl... • http://hg.pidgin.im/pidgin/main/rev/cd529e1158d3 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 53EXPL: 0CVE-2013-6481 – pidgin: DoS caused due to OOB read in Yahoo protocol plugin
https://notcve.org/view.php?id=CVE-2013-6481
04 Feb 2014 — libpurple/protocols/yahoo/libymsg.c in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (crash) via a Yahoo! P2P message with a crafted length field, which triggers a buffer over-read. libpurple/protocols/yahoo/libymsg.c en Pidgin anterior a 2.10.8 permite a atacantes remotos causar una denegación de servicio (caída) a través de un mensaje Yahoo! P2P con un campo "length" manipulado, lo que provoca una sobre-lectura del buffer. The Yahoo! protocol plugin in libpurple in Pidgin befor... • http://hg.pidgin.im/pidgin/main/rev/4d139ce8f7ec • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •