Total
89 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-6479 | 1 Pidgin | 1 Pidgin | 2014-03-15 | 5.0 MEDIUM | N/A |
util.c in libpurple in Pidgin before 2.10.8 does not properly allocate memory for HTTP responses that are inconsistent with the Content-Length header, which allows remote HTTP servers to cause a denial of service (application crash) via a crafted response. | |||||
CVE-2013-6478 | 1 Pidgin | 1 Pidgin | 2014-03-15 | 4.3 MEDIUM | N/A |
gtkimhtml.c in Pidgin before 2.10.8 does not properly interact with underlying library support for wide Pango layouts, which allows user-assisted remote attackers to cause a denial of service (application crash) via a long URL that is examined with a tooltip. | |||||
CVE-2013-6477 | 1 Pidgin | 1 Pidgin | 2014-03-15 | 5.0 MEDIUM | N/A |
Multiple integer signedness errors in libpurple in Pidgin before 2.10.8 allow remote attackers to cause a denial of service (application crash) via a crafted timestamp value in an XMPP message. | |||||
CVE-2013-6486 | 1 Pidgin | 1 Pidgin | 2014-03-15 | 9.3 HIGH | N/A |
gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted remote attackers to execute arbitrary programs via a message containing a file: URL that is improperly handled during construction of an explorer.exe command. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3185. | |||||
CVE-2012-6152 | 1 Pidgin | 1 Pidgin | 2014-03-15 | 5.0 MEDIUM | N/A |
The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cause a denial of service (application crash) via crafted byte sequences. | |||||
CVE-2013-6489 | 1 Pidgin | 1 Pidgin | 2014-03-07 | 5.0 MEDIUM | N/A |
Integer signedness error in the MXit functionality in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (segmentation fault) via a crafted emoticon value, which triggers an integer overflow and a buffer overflow. | |||||
CVE-2013-6490 | 1 Pidgin | 1 Pidgin | 2014-03-07 | 10.0 HIGH | N/A |
The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a negative Content-Length header, which triggers a buffer overflow. | |||||
CVE-2010-3088 | 2 Jianping Yu, Pidgin | 2 Pidgin-knotify, Pidgin | 2010-10-11 | 5.1 MEDIUM | N/A |
The notify function in pidgin-knotify.c in the pidgin-knotify plugin 0.2.1 and earlier for Pidgin allows remote attackers to execute arbitrary commands via shell metacharacters in a message. | |||||
CVE-2007-3841 | 1 Pidgin | 1 Pidgin | 2008-09-05 | 9.0 HIGH | N/A |
Unspecified vulnerability in Pidgin (formerly Gaim) 2.0.2 for Linux allows remote authenticated users, who are listed in a users list, to execute certain commands via unspecified vectors, aka ZD-00000035. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. |