CVSS: 7.5EPSS: 5%CPEs: 21EXPL: 0CVE-2009-1375 – pidgin PurpleCircBuffer corruption
https://notcve.org/view.php?id=CVE-2009-1375
26 May 2009 — The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2.5.6 does not properly maintain a certain buffer, which allows remote attackers to cause a denial of service (memory corruption and application crash) via vectors involving the (1) XMPP or (2) Sametime protocol. La implementación PurpleCircBuffer en Pidgin anteriores a v2.5.6 no mantienen de forma adecuada cierto búfer, lo que permite a atacantes remotos producir una denegación de servicio (corrupción de memoria y caída de aplicación) a t... • http://debian.org/security/2009/dsa-1805 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 25%CPEs: 9EXPL: 1CVE-2009-1376 – Multiple Vendor libpurple MSN Protocol SLP Message Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-1376
26 May 2009 — Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927. Múltiples desbordamientos de entero en las funciones msn_slplink_... • https://www.exploit-db.com/exploits/9615 • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 1CVE-2008-3532 – pidgin: NSS plugin doesn't verify SSL certificates
https://notcve.org/view.php?id=CVE-2008-3532
08 Aug 2008 — The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service. La extensión (plugin) NSS en libpurple de Pidgin 2.4.3 no verifica certificados SSL, lo cual hace más fácil a atacantes remotos engañar a usuarios a aceptar un certificado de servidor no válido para un servicio suplantado. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492434 • CWE-310: Cryptographic Issues •
CVSS: 9.8EPSS: 6%CPEs: 25EXPL: 0CVE-2008-2927 – Multiple Vendor libpurple MSN Protocol SLP Message Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-2927
07 Jul 2008 — Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.4.3 and Adium before 1.3 allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, a different vulnerability than CVE-2008-2955. Múltiples desbordamiento de enteros en las funciones msn_slplink_process_msg en el manejador de protocolo MSN en los archivos (1) libpu... • http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msn/slplink.c • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2008-2957 – pidgin: unrestricted download of arbitrary files triggered via UPnP
https://notcve.org/view.php?id=CVE-2008-2957
01 Jul 2008 — The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL. La funcionalidad UPnP en Pidgin 2.0.0 y probablemente otras versiones, permite a atacantes remotos provocar la descarga de ficheros de su elección y causar una denegación de servicio (consumo de memoria o disco) a través de un paquete UDP que especifica una URL de su... • http://crisp.cs.du.edu/?q=ca2007-1 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 16%CPEs: 1EXPL: 1CVE-2008-2955 – Pidgin 2.4.2 - 'msn_slplink_process_msg()' Denial of Service
https://notcve.org/view.php?id=CVE-2008-2955
01 Jul 2008 — Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplink_process_msg function. Pidgin 2.4.1, permite a atacantes remotos provocar una denegación de servicio (caída) a través de un nombre de fichero largo que contiene ciertos caracteres, como se ha demostrado mediante un mensaje MSN que provocaba la caída en la función msn_slplink_process_msg. • https://www.exploit-db.com/exploits/32749 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2008-2956
https://notcve.org/view.php?id=CVE-2008-2956
01 Jul 2008 — Memory leak in Pidgin 2.0.0, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via malformed XML documents. NOTE: this issue has been disputed by the upstream vendor, who states: "I was never able to identify a scenario under which a problem occurred and the original reporter wasn't able to supply any sort of reproduction details." ** DISPUTED ** Fuga de memoria en Pidgin 2.0.0 y posiblemente otras versiones, permite a atacantes remotos causar una denegac... • http://crisp.cs.du.edu/?q=ca2007-1 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2007-4999
https://notcve.org/view.php?id=CVE-2007-4999
29 Oct 2007 — libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows remote attackers to cause a denial of service (NULL dereference and application crash) via a message that contains invalid HTML data, a different vector than CVE-2007-4996. libpurple de Pidgin 2.1.0 hasta 2.2.1, cuando se utiliza la autenticación HTML, permite a atacantes remotos provocar una denegación de servicio (referencia a NULL y caída de aplicación) mediante un mensaje que contiene datos HTML inválidos, vector distinto de CVE-20... • http://osvdb.org/38695 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2007-4996
https://notcve.org/view.php?id=CVE-2007-4996
01 Oct 2007 — libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver's buddy list, which allows remote attackers to cause a denial of service (crash) via a nudge message that triggers an access of "an invalid memory location." libpurple de Pidgin versiones anteriores a 2.2.1 no gestiona apropiadamente los mensajes personalizados de usuarios que no están en la lista de amigos del receptor, lo cual permite a atacantes remotos provocar una denegación de servicio (... • http://fedoranews.org/updates/FEDORA-2007-236.shtml •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3841
https://notcve.org/view.php?id=CVE-2007-3841
17 Jul 2007 — Unspecified vulnerability in Pidgin (formerly Gaim) 2.0.2 for Linux allows remote authenticated users, who are listed in a users list, to execute certain commands via unspecified vectors, aka ZD-00000035. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. Vulnerabilida no especifi... • http://www.securityfocus.com/bid/24904 •