) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- CPE Product Version: cpe:/a:pidgin:pidgin:2.6.0
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2010-0420 |
libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user chat (MUC) room is used, does not properly parse nicknames containing <br> sequences, which allows remote attackers to cause a denial of service (application crash) via a crafted nickname. Published: February 24, 2010; 1:30:00 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2010-0277 |
slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed MSNSLP INVITE request in an SLP message, a different issue than CVE-2010-0013. Published: January 09, 2010; 1:30:01 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2009-3615 |
The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client. Published: October 20, 2009; 1:30:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2009-3085 |
The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images. Published: September 08, 2009; 2:30:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2009-3084 |
The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten (aka Ink) message, related to an uninitialized variable and the incorrect "UTF16-LE" charset name. Published: September 08, 2009; 2:30:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2009-3083 |
The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an SLP invite message that lacks certain required fields, as demonstrated by a malformed message from a KMess client. Published: September 08, 2009; 2:30:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2009-2703 |
libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service (NULL pointer dereference and application crash) via a TOPIC message that lacks a topic string. Published: September 08, 2009; 2:30:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2009-3026 |
protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption and allows remote attackers to sniff sessions. Published: August 31, 2009; 4:30:01 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2009-3025 |
Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers to cause a denial of service (crash) via a link in a Yahoo IM. Published: August 31, 2009; 4:30:01 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |