CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2009-3026 – pidgin: ignores SSL/TLS requirements with old jabber servers
https://notcve.org/view.php?id=CVE-2009-3026
31 Aug 2009 — protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption and allows remote attackers to sniff sessions. protocols/jabber/auth.c en libpurple en Pidgin v2.6.0, y posiblemente otras versiones, no siguen las preferencias "requeridas en TSL/SSL" cuando se conectan a un servidor... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542891 • CWE-310: Cryptographic Issues •
CVSS: 10.0EPSS: 28%CPEs: 29EXPL: 3CVE-2009-2694 – Pidgin MSN 2.5.8 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2009-2694
20 Aug 2009 — The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376. La función msn_slplink_process_ms... • https://www.exploit-db.com/exploits/9615 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 3%CPEs: 26EXPL: 0CVE-2009-1889 – pidgin: DoS via specially-crafted ICQWebMessage
https://notcve.org/view.php?id=CVE-2009-1889
01 Jul 2009 — The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets the ICQWebMessage message type as the ICQSMS message type, which allows remote attackers to cause a denial of service (application crash) via a crafted ICQ web message that triggers allocation of a large amount of memory. La implementación del protocolo OSCAR en Pidgin anterior a v2.5.8 no interpreta el tipo de mensaje ICQWebMessage como tipo ICQSMS, lo que permite a atacantes remotos provocar una denegación de servicio (caída de aplicac... • http://developer.pidgin.im/ticket/9483 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 5%CPEs: 21EXPL: 0CVE-2009-1373 – pidgin file transfer buffer overflow
https://notcve.org/view.php?id=CVE-2009-1373
26 May 2009 — Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information. Desbordamiento de búfer en XMPP SOCKS5 bytestream server en Pidgin anteriores a v2.5.6 permite a usuarios remotos autenticados ejecutar código de forma arbitraria a través de vectores que incluyen una transferencia de fichero saliente ... • http://debian.org/security/2009/dsa-1805 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 4%CPEs: 21EXPL: 0CVE-2009-1374 – pidgin DoS when decrypting qq packets
https://notcve.org/view.php?id=CVE-2009-1374
26 May 2009 — Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) before 2.5.6 allows remote attackers to cause a denial of service (application crash) via a QQ packet. Desbordamiento de búfer en la función decrypt_out en Pidgin anteriores a v2.5.6 permite a atacantes remotos producir una denegación de servicio (caída de aplicación)a través de un paquete QQ. • http://secunia.com/advisories/35188 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 5%CPEs: 21EXPL: 0CVE-2009-1375 – pidgin PurpleCircBuffer corruption
https://notcve.org/view.php?id=CVE-2009-1375
26 May 2009 — The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2.5.6 does not properly maintain a certain buffer, which allows remote attackers to cause a denial of service (memory corruption and application crash) via vectors involving the (1) XMPP or (2) Sametime protocol. La implementación PurpleCircBuffer en Pidgin anteriores a v2.5.6 no mantienen de forma adecuada cierto búfer, lo que permite a atacantes remotos producir una denegación de servicio (corrupción de memoria y caída de aplicación) a t... • http://debian.org/security/2009/dsa-1805 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 24%CPEs: 9EXPL: 1CVE-2009-1376 – Multiple Vendor libpurple MSN Protocol SLP Message Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-1376
26 May 2009 — Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927. Múltiples desbordamientos de entero en las funciones msn_slplink_... • https://www.exploit-db.com/exploits/9615 • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 1CVE-2008-3532 – pidgin: NSS plugin doesn't verify SSL certificates
https://notcve.org/view.php?id=CVE-2008-3532
08 Aug 2008 — The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service. La extensión (plugin) NSS en libpurple de Pidgin 2.4.3 no verifica certificados SSL, lo cual hace más fácil a atacantes remotos engañar a usuarios a aceptar un certificado de servidor no válido para un servicio suplantado. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492434 • CWE-310: Cryptographic Issues •
CVSS: 9.8EPSS: 6%CPEs: 25EXPL: 0CVE-2008-2927 – Multiple Vendor libpurple MSN Protocol SLP Message Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-2927
07 Jul 2008 — Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.4.3 and Adium before 1.3 allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, a different vulnerability than CVE-2008-2955. Múltiples desbordamiento de enteros en las funciones msn_slplink_process_msg en el manejador de protocolo MSN en los archivos (1) libpu... • http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msn/slplink.c • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 16%CPEs: 1EXPL: 1CVE-2008-2955 – Pidgin 2.4.2 - 'msn_slplink_process_msg()' Denial of Service
https://notcve.org/view.php?id=CVE-2008-2955
01 Jul 2008 — Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplink_process_msg function. Pidgin 2.4.1, permite a atacantes remotos provocar una denegación de servicio (caída) a través de un nombre de fichero largo que contiene ciertos caracteres, como se ha demostrado mediante un mensaje MSN que provocaba la caída en la función msn_slplink_process_msg. • https://www.exploit-db.com/exploits/32749 • CWE-20: Improper Input Validation •