Pidgin

Pidgin

86 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2009-3026

  • EPSS 0.53%
  • Veröffentlicht 31.08.2009 20:30:01
  • Zuletzt bearbeitet 09.04.2025 00:30:58

protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect t...

4.3

CVE-2009-3025

  • EPSS 0.69%
  • Veröffentlicht 31.08.2009 20:30:01
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers to cause a denial of service (crash) via a link in a Yahoo IM.

10

CVE-2009-2694

Exploit
  • EPSS 34.58%
  • Veröffentlicht 21.08.2009 11:02:41
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory...

5

CVE-2009-1889

  • EPSS 3.24%
  • Veröffentlicht 01.07.2009 13:00:01
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets the ICQWebMessage message type as the ICQSMS message type, which allows remote attackers to cause a denial of service (application crash) via a crafted ICQ web message that trigge...

9.3

CVE-2009-1376

  • EPSS 25.89%
  • Veröffentlicht 26.05.2009 15:30:05
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remo...

7.1

CVE-2009-1373

  • EPSS 5.77%
  • Veröffentlicht 26.05.2009 15:30:05
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained fr...

5

CVE-2009-1374

  • EPSS 4.46%
  • Veröffentlicht 26.05.2009 15:30:05
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) before 2.5.6 allows remote attackers to cause a denial of service (application crash) via a QQ packet.

5

CVE-2009-1375

  • EPSS 5.28%
  • Veröffentlicht 26.05.2009 15:30:05
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2.5.6 does not properly maintain a certain buffer, which allows remote attackers to cause a denial of service (memory corruption and application crash) via vectors involving the (1)...

6.8

CVE-2008-3532

Exploit
  • EPSS 3.45%
  • Veröffentlicht 08.08.2008 19:41:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service.

6.8

CVE-2008-2927

  • EPSS 6.33%
  • Veröffentlicht 07.07.2008 23:41:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.4.3 and Adium before 1.3 allow remote attackers to...