CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 0CVE-2008-2957 – pidgin: unrestricted download of arbitrary files triggered via UPnP
https://notcve.org/view.php?id=CVE-2008-2957
01 Jul 2008 — The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL. La funcionalidad UPnP en Pidgin 2.0.0 y probablemente otras versiones, permite a atacantes remotos provocar la descarga de ficheros de su elección y causar una denegación de servicio (consumo de memoria o disco) a través de un paquete UDP que especifica una URL de su... • http://crisp.cs.du.edu/?q=ca2007-1 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 0CVE-2008-2956
https://notcve.org/view.php?id=CVE-2008-2956
01 Jul 2008 — Memory leak in Pidgin 2.0.0, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via malformed XML documents. NOTE: this issue has been disputed by the upstream vendor, who states: "I was never able to identify a scenario under which a problem occurred and the original reporter wasn't able to supply any sort of reproduction details." ** DISPUTED ** Fuga de memoria en Pidgin 2.0.0 y posiblemente otras versiones, permite a atacantes remotos causar una denegac... • http://crisp.cs.du.edu/?q=ca2007-1 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 6%CPEs: 3EXPL: 0CVE-2007-4999
https://notcve.org/view.php?id=CVE-2007-4999
29 Oct 2007 — libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows remote attackers to cause a denial of service (NULL dereference and application crash) via a message that contains invalid HTML data, a different vector than CVE-2007-4996. libpurple de Pidgin 2.1.0 hasta 2.2.1, cuando se utiliza la autenticación HTML, permite a atacantes remotos provocar una denegación de servicio (referencia a NULL y caída de aplicación) mediante un mensaje que contiene datos HTML inválidos, vector distinto de CVE-20... • http://osvdb.org/38695 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 0CVE-2007-4996
https://notcve.org/view.php?id=CVE-2007-4996
01 Oct 2007 — libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver's buddy list, which allows remote attackers to cause a denial of service (crash) via a nudge message that triggers an access of "an invalid memory location." libpurple de Pidgin versiones anteriores a 2.2.1 no gestiona apropiadamente los mensajes personalizados de usuarios que no están en la lista de amigos del receptor, lo cual permite a atacantes remotos provocar una denegación de servicio (... • http://fedoranews.org/updates/FEDORA-2007-236.shtml •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3841
https://notcve.org/view.php?id=CVE-2007-3841
17 Jul 2007 — Unspecified vulnerability in Pidgin (formerly Gaim) 2.0.2 for Linux allows remote authenticated users, who are listed in a users list, to execute certain commands via unspecified vectors, aka ZD-00000035. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. Vulnerabilida no especifi... • http://www.securityfocus.com/bid/24904 •