CVSS: 7.5EPSS: 1%CPEs: 53EXPL: 0CVE-2013-6483 – pidgin: Possible spoofing using iq replies in XMPP protocol plugin
https://notcve.org/view.php?id=CVE-2013-6483
04 Feb 2014 — The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not properly determine whether the from address in an iq reply is consistent with the to address in an iq request, which allows remote attackers to spoof iq traffic or cause a denial of service (NULL pointer dereference and application crash) via a crafted reply. El plugin del protocolo XMPP en libpurple en Pidgin anterior a 2.10.8 no determina adecuadamente si la dirección origen en una respuesta iq es consistente con la dirección destino e... • http://hg.pidgin.im/pidgin/main/rev/93d4bff19574 • CWE-20: Improper Input Validation CWE-290: Authentication Bypass by Spoofing •
CVSS: 7.5EPSS: 0%CPEs: 53EXPL: 0CVE-2013-6484 – pidgin: DoS via specially-crafted stun messages
https://notcve.org/view.php?id=CVE-2013-6484
04 Feb 2014 — The STUN protocol implementation in libpurple in Pidgin before 2.10.8 allows remote STUN servers to cause a denial of service (out-of-bounds write operation and application crash) by triggering a socket read error. La implementación del protocolo STUN en libpurple en Pidgin anterior a 2.10.8 permite a servidores STUN remotos causar una denegación de servicio (una operación de escritura fuera de rango y caída de la aplicación) mediante un error de lectura del socket. The Yahoo! protocol plugin in libpurple i... • http://hg.pidgin.im/pidgin/main/rev/932b985540e9 • CWE-20: Improper Input Validation CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 53EXPL: 0CVE-2013-6485 – pidgin: Heap-based buffer overflow when parsing chunked HTTP responses
https://notcve.org/view.php?id=CVE-2013-6485
04 Feb 2014 — Buffer overflow in util.c in libpurple in Pidgin before 2.10.8 allows remote HTTP servers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid chunk-size field in chunked transfer-coding data. Desbordamiento de buffer en util.c en libpurple en Pidgin anterior a 2.10.8 permite a servidores HTTP remotos causar una denegación de servicio (caída de la aplicación) o posiblemente tener otro impacto no especificado a través del campo de tamaño de fragmento en da... • http://hg.pidgin.im/pidgin/main/rev/c9e5aba2dafd • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.3EPSS: 1%CPEs: 53EXPL: 0CVE-2013-6486 – Mandriva Linux Security Advisory 2014-025
https://notcve.org/view.php?id=CVE-2013-6486
04 Feb 2014 — gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted remote attackers to execute arbitrary programs via a message containing a file: URL that is improperly handled during construction of an explorer.exe command. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3185. gtkutils.c en Pidgin anterior a 2.10.8 en Windows permite a atacantes remotos asistidos por usuario ejecutar programas arbitrarios a través de un mensaje que contenga un archivo: URL que no es manejada debi... • http://hg.pidgin.im/pidgin/main/rev/b2571530fa8b • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 2%CPEs: 14EXPL: 0CVE-2013-6487 – pidgin: Heap-based buffer overflow in Gadu-Gadu protocol plugin
https://notcve.org/view.php?id=CVE-2013-6487
04 Feb 2014 — Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu (gg) parser in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a large Content-Length value, which triggers a buffer overflow. Desbordamiento de entero en libpurple/protocols/gg/lib/http.c en el analizador Gadu-Gadu (gg) en Pidgin anterior a 2.10.8 permite a atacantes remotos tener un impacto no especificado a través de un valor Content-Length largo, lo que provoca un desbordamiento de buffer. The Yahoo! pr... • http://advisories.mageia.org/MGASA-2014-0074.html • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 0%CPEs: 53EXPL: 0CVE-2013-6489 – pidgin: Heap-based buffer overflow in MXit emoticon parsing
https://notcve.org/view.php?id=CVE-2013-6489
04 Feb 2014 — Integer signedness error in the MXit functionality in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (segmentation fault) via a crafted emoticon value, which triggers an integer overflow and a buffer overflow. Error de signo de enteros en la funcionalidad MXit en Pidgin anterior a 2.10.8 permite a atacantes remotos causar una denegación de servicio (fallo de segmentación) a través de un valor manipulado de emoticono, lo que provoca un desbordamiento de entero y desbordamiento de b... • http://hg.pidgin.im/pidgin/main/rev/4c897372b5a4 • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 51%CPEs: 53EXPL: 1CVE-2013-6490 – pidgin: Heap-based buffer overflow in SIMPLE protocol plugin
https://notcve.org/view.php?id=CVE-2013-6490
04 Feb 2014 — The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a negative Content-Length header, which triggers a buffer overflow. La funcionalidad del protocolo SIMPLE en Pidgin anterior a 2.10.8 permite a atacantes remotos tener un impacto no especificado a través de una cabecera Content-Length negativo, lo que provoca un desbordamiento de buffer. The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, whic... • https://github.com/Everdoh/CVE-2013-6490 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 1%CPEs: 53EXPL: 0CVE-2012-6152 – pidgin: DoS when decoding non-UTF-8 strings in Yahoo protocol plugin
https://notcve.org/view.php?id=CVE-2012-6152
04 Feb 2014 — The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cause a denial of service (application crash) via crafted byte sequences. El plugin del protocolo de Yahoo! en libpurple en Pidgin anterior a 2.10.8 no valida debidamente datos UTF-8, lo que permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) a través de secuencias de bytes manipuladas. The Yahoo! • http://hg.pidgin.im/pidgin/main/rev/b0345c25f886 • CWE-20: Improper Input Validation CWE-172: Encoding Error •
CVSS: 7.5EPSS: 3%CPEs: 53EXPL: 0CVE-2014-0020 – pidgin: DoS in IRC protocol plugin due to arguement parsing
https://notcve.org/view.php?id=CVE-2014-0020
04 Feb 2014 — The IRC protocol plugin in libpurple in Pidgin before 2.10.8 does not validate argument counts, which allows remote IRC servers to cause a denial of service (application crash) via a crafted message. El plugin del protocolo IRC en libpurple en Pidgin anterior a 2.10.8 no valida la cantidad de argumentos, lo que permite a servidores IRC remotos causar una denegación de servicio (caída de la aplicación) a través de un mensaje manipulado. The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not... • http://hg.pidgin.im/pidgin/main/rev/4d9be297d399 • CWE-20: Improper Input Validation CWE-628: Function Call with Incorrectly Specified Arguments •
CVSS: 7.5EPSS: 0%CPEs: 51EXPL: 0CVE-2013-0271 – Gentoo Linux Security Advisory 201405-22
https://notcve.org/view.php?id=CVE-2013-0271
16 Feb 2013 — The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might allow remote attackers to create or overwrite files via a crafted (1) mxit or (2) mxit/imagestrips pathname. El plugin de protocolo MXit en libpurple en Pidgin anterior a v2.10.7 puede permitir a atacantes remotos sobreescribir ficheros mediante una ruta (1) mxit o (2) mxit/imagestrips Multiple vulnerabilities in Pidgin may allow execution of arbitrary code. Versions less than 2.10.9 are affected. • http://hg.pidgin.im/pidgin/main/rev/a8aef1d340f2 •