CVSS: 7.5EPSS: 3%CPEs: 29EXPL: 0CVE-2010-0420 – pidgin: Finch XMPP MUC Crash
https://notcve.org/view.php?id=CVE-2010-0420
24 Feb 2010 — libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user chat (MUC) room is used, does not properly parse nicknames containing
sequences, which allows remote attackers to cause a denial of service (application crash) via a crafted nickname. libpurple en Finch en Pidgin anterior a v2.6.6, cuando se usa un chat XMPP multi-usuario, no valida adecuadamente los alias (nicknames) que contienen la secuencia
, lo que permite a atacantes remotos provocar una denegación de servicio (caída de aplica... • http://developer.pidgin.im/wiki/ChangeLog • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 8%CPEs: 30EXPL: 0CVE-2010-0277 – pidgin MSN protocol plugin memory corruption
https://notcve.org/view.php?id=CVE-2010-0277
09 Jan 2010 — slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed MSNSLP INVITE request in an SLP message, a different issue than CVE-2010-0013. El archivo slp.c en el plugin del protocolo MSN en la biblioteca libpurple en Pidgin anterior a versión 2.6.6, incluyendo la versión 2.6.4, y Adium versión 1.3.8, permite a los ... • http://blogs.sun.com/security/entry/cve_2010_0277_malformed_msn • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 12%CPEs: 10EXPL: 1CVE-2010-0013 – Pidgin MSN 2.6.4 - File Download
https://notcve.org/view.php?id=CVE-2010-0013
09 Jan 2010 — Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon. Vulne... • https://www.exploit-db.com/exploits/11203 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 7%CPEs: 46EXPL: 0CVE-2009-3615 – Pidgin: Invalid pointer dereference (crash) after receiving contacts from SIM IM client
https://notcve.org/view.php?id=CVE-2009-3615
20 Oct 2009 — The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client. El conponente OSCAR protocol en libpurple en Pidgin v2.6.3 y Adium anterior v1.3.7, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de datos de una lista de contactos manipulada para (1) ICQ y probablemete... • http://developer.pidgin.im/ticket/10481 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 37EXPL: 0CVE-2009-3083 – Pidgin: NULL pointer dereference by processing incomplete MSN SLP invite (DoS)
https://notcve.org/view.php?id=CVE-2009-3083
08 Sep 2009 — The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an SLP invite message that lacks certain required fields, as demonstrated by a malformed message from a KMess client. La función msn_slp_sip_recv de libpurple/protocols/msn/slp.c en el "plugin" (complemento) del protocolo MSN de libpurple de Pidgin en sus versiones anteriores a l... • http://developer.pidgin.im/ticket/10159 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 37EXPL: 0CVE-2009-3085 – Pidgin: NULL pointer dereference by processing a custom smiley (DoS)
https://notcve.org/view.php?id=CVE-2009-3085
08 Sep 2009 — The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images. El plugin para el protocolo XMPP en libpurple en Pidgin anterior a v2.6.2 no maneja adecuadamente un error en la trama IQ (petición de información) durante un intento de traer un smiley personalizado, permitiendo a atacantes remotos provocar u... • http://developer.pidgin.im/viewmtn/revision/info/fd5955618eddcd84d522b30ff11102f9601f38c8 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 1%CPEs: 38EXPL: 0CVE-2009-3084
https://notcve.org/view.php?id=CVE-2009-3084
08 Sep 2009 — The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten (aka Ink) message, related to an uninitialized variable and the incorrect "UTF16-LE" charset name. La función msn_slp_process_msg de libpurple/protocols/msn/slpcall.c en el conector de protocolo MSN de libpurple v2.6.0 y v2.6.1, como se ha utilizado en Pidgin an... • http://developer.pidgin.im/viewmtn/revision/diff/92ce3e48744b40fb0fea89e3de5e44bedb100c07/with/567e16cbc46168f52482e5ec27626c48e7a5ba95/libpurple/protocols/msn/slpcall.c • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 37EXPL: 0CVE-2009-2703 – Pidgin: NULL pointer dereference by handling IRC topic(s) (DoS)
https://notcve.org/view.php?id=CVE-2009-2703
08 Sep 2009 — libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service (NULL pointer dereference and application crash) via a TOPIC message that lacks a topic string. libpurple/protocols/irc/msgs.c en el complemento (plugin) de protocolo IRC de libpurple en Pidgin v2.6.2 permite causar a servidores IRC remotos para una denegación de servicio (mediante una desreferencia a puntero NULL y caida de la aplicación) a través de un mensaj... • http://developer.pidgin.im/viewmtn/revision/info/ad2c6ee53ec9122b25aeb1f918db53be69bdeac3 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2009-3026 – pidgin: ignores SSL/TLS requirements with old jabber servers
https://notcve.org/view.php?id=CVE-2009-3026
31 Aug 2009 — protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption and allows remote attackers to sniff sessions. protocols/jabber/auth.c en libpurple en Pidgin v2.6.0, y posiblemente otras versiones, no siguen las preferencias "requeridas en TSL/SSL" cuando se conectan a un servidor... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542891 • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2009-3025
https://notcve.org/view.php?id=CVE-2009-3025
31 Aug 2009 — Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers to cause a denial of service (crash) via a link in a Yahoo IM. Vulnerabilidad no específica en Pidgin v2.6.0 permite a atacantes remotos provocar una denegación de servicio (caída) a través de un enlace en Yahoo IM. • http://developer.pidgin.im/wiki/ChangeLog •