Search Results (Refine Search)
- CPE Product Version: cpe:/a:pidgin:pidgin:2.10.3
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2013-0272 |
Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.7 allows remote servers to execute arbitrary code via a long HTTP header. Published: February 16, 2013; 4:55:02 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2013-0271 |
The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might allow remote attackers to create or overwrite files via a crafted (1) mxit or (2) mxit/imagestrips pathname. Published: February 16, 2013; 4:55:02 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2011-4922 |
cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or other representation of memory contents. Published: August 08, 2012; 6:26:18 AM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2012-3374 |
Buffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5 allows remote attackers to execute arbitrary code via a crafted inline image in a message. Published: July 07, 2012; 6:21:14 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2012-2318 |
msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not properly handle crafted characters, which allows remote servers to cause a denial of service (application crash) by placing these characters in a text/plain message. Published: July 03, 2012; 3:55:03 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2012-2214 |
proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection attempts, which allows user-assisted remote authenticated users to cause a denial of service (application crash) via a sequence of XMPP file-transfer requests. Published: July 03, 2012; 3:55:02 PM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |