CVSS: 7.5EPSS: 0%CPEs: 53EXPL: 0CVE-2013-6484 – pidgin: DoS via specially-crafted stun messages
https://notcve.org/view.php?id=CVE-2013-6484
04 Feb 2014 — The STUN protocol implementation in libpurple in Pidgin before 2.10.8 allows remote STUN servers to cause a denial of service (out-of-bounds write operation and application crash) by triggering a socket read error. La implementación del protocolo STUN en libpurple en Pidgin anterior a 2.10.8 permite a servidores STUN remotos causar una denegación de servicio (una operación de escritura fuera de rango y caída de la aplicación) mediante un error de lectura del socket. The Yahoo! protocol plugin in libpurple i... • http://hg.pidgin.im/pidgin/main/rev/932b985540e9 • CWE-20: Improper Input Validation CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 53EXPL: 0CVE-2013-6482 – pidgin: DoS via multiple null pointer dereferences in MSN protocol plugin
https://notcve.org/view.php?id=CVE-2013-6482
04 Feb 2014 — Pidgin before 2.10.8 allows remote MSN servers to cause a denial of service (NULL pointer dereference and crash) via a crafted (1) SOAP response, (2) OIM XML response, or (3) Content-Length header. Pidgin anterior a 2.10.8 permite a servidores MSN remotos causar una denegación de servicio (referencia a puntero nulo y caída) a través de (1) una respuesta SOAP, (2) respuesta OIM XML o (3) cabecera Content-Length manipuladas. The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly val... • http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 1%CPEs: 53EXPL: 0CVE-2013-6483 – pidgin: Possible spoofing using iq replies in XMPP protocol plugin
https://notcve.org/view.php?id=CVE-2013-6483
04 Feb 2014 — The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not properly determine whether the from address in an iq reply is consistent with the to address in an iq request, which allows remote attackers to spoof iq traffic or cause a denial of service (NULL pointer dereference and application crash) via a crafted reply. El plugin del protocolo XMPP en libpurple en Pidgin anterior a 2.10.8 no determina adecuadamente si la dirección origen en una respuesta iq es consistente con la dirección destino e... • http://hg.pidgin.im/pidgin/main/rev/93d4bff19574 • CWE-20: Improper Input Validation CWE-290: Authentication Bypass by Spoofing •
CVSS: 9.3EPSS: 1%CPEs: 53EXPL: 0CVE-2013-6486 – Mandriva Linux Security Advisory 2014-025
https://notcve.org/view.php?id=CVE-2013-6486
04 Feb 2014 — gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted remote attackers to execute arbitrary programs via a message containing a file: URL that is improperly handled during construction of an explorer.exe command. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3185. gtkutils.c en Pidgin anterior a 2.10.8 en Windows permite a atacantes remotos asistidos por usuario ejecutar programas arbitrarios a través de un mensaje que contenga un archivo: URL que no es manejada debi... • http://hg.pidgin.im/pidgin/main/rev/b2571530fa8b • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 3%CPEs: 53EXPL: 0CVE-2014-0020 – pidgin: DoS in IRC protocol plugin due to arguement parsing
https://notcve.org/view.php?id=CVE-2014-0020
04 Feb 2014 — The IRC protocol plugin in libpurple in Pidgin before 2.10.8 does not validate argument counts, which allows remote IRC servers to cause a denial of service (application crash) via a crafted message. El plugin del protocolo IRC en libpurple en Pidgin anterior a 2.10.8 no valida la cantidad de argumentos, lo que permite a servidores IRC remotos causar una denegación de servicio (caída de la aplicación) a través de un mensaje manipulado. The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not... • http://hg.pidgin.im/pidgin/main/rev/4d9be297d399 • CWE-20: Improper Input Validation CWE-628: Function Call with Incorrectly Specified Arguments •
CVSS: 10.0EPSS: 57%CPEs: 53EXPL: 1CVE-2013-6490 – pidgin: Heap-based buffer overflow in SIMPLE protocol plugin
https://notcve.org/view.php?id=CVE-2013-6490
04 Feb 2014 — The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a negative Content-Length header, which triggers a buffer overflow. La funcionalidad del protocolo SIMPLE en Pidgin anterior a 2.10.8 permite a atacantes remotos tener un impacto no especificado a través de una cabecera Content-Length negativo, lo que provoca un desbordamiento de buffer. The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, whic... • https://github.com/Everdoh/CVE-2013-6490 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 53EXPL: 0CVE-2013-6479 – pidgin: DoS when parsing certain HTTP response headers
https://notcve.org/view.php?id=CVE-2013-6479
04 Feb 2014 — util.c in libpurple in Pidgin before 2.10.8 does not properly allocate memory for HTTP responses that are inconsistent with the Content-Length header, which allows remote HTTP servers to cause a denial of service (application crash) via a crafted response. util.c en libpurple en Pidgin anterior a 2.10.8 no reserva correctamente la memoria para las respuestas HTTP que son inconsistentes con la cabecera Content-Length, lo que permite a servidores HTTP remotos causar una denegación de servicio (caída de la apl... • http://hg.pidgin.im/pidgin/main/rev/cd529e1158d3 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 53EXPL: 0CVE-2013-6477 – pidgin: DoS when handling timestamps in the XMPP plugin
https://notcve.org/view.php?id=CVE-2013-6477
04 Feb 2014 — Multiple integer signedness errors in libpurple in Pidgin before 2.10.8 allow remote attackers to cause a denial of service (application crash) via a crafted timestamp value in an XMPP message. Múltiples errores de signo de enteros en libpurple en Pidgin anterior a 2.10.8 permiten a atacantes remotos causar una denegación de servicio (caída de la aplicación) a través de un valor timestamp manipulado en un mensaje XMPP. The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validat... • http://hg.pidgin.im/pidgin/main/rev/852014ae74a0 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 2%CPEs: 51EXPL: 0CVE-2013-0273 – pidgin: Meanwhile protocol missing nul termination of long Lotus Sametime usernames
https://notcve.org/view.php?id=CVE-2013-0273
16 Feb 2013 — sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which allows remote servers to cause a denial of service (application crash) via a crafted packet. sametime.c en el plugin de protocolo Sametime en libpurple en Pidgin anterior a v2.10.7 no termina correctamente IDs de usuario de gran longitud, permitiendo a servidores remotos causar una denegación de servicio (caída de la aplicación) mediante un paquete manipulado. Multiple vulnerabili... • http://hg.pidgin.im/pidgin/main/rev/c31cf8de31cd •
CVSS: 7.5EPSS: 0%CPEs: 51EXPL: 0CVE-2013-0271 – Gentoo Linux Security Advisory 201405-22
https://notcve.org/view.php?id=CVE-2013-0271
16 Feb 2013 — The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might allow remote attackers to create or overwrite files via a crafted (1) mxit or (2) mxit/imagestrips pathname. El plugin de protocolo MXit en libpurple en Pidgin anterior a v2.10.7 puede permitir a atacantes remotos sobreescribir ficheros mediante una ruta (1) mxit o (2) mxit/imagestrips Multiple vulnerabilities in Pidgin may allow execution of arbitrary code. Versions less than 2.10.9 are affected. • http://hg.pidgin.im/pidgin/main/rev/a8aef1d340f2 •