Max CVSS | 10.0 | Min CVSS | 4.0 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2010-0013 | 5.0 |
Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) requ
|
26-01-2024 - 17:47 | 09-01-2010 - 18:30 | |
CVE-2009-1376 | 9.3 |
Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remo
|
13-02-2023 - 02:20 | 26-05-2009 - 15:30 | |
CVE-2009-1889 | 5.0 |
The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets the ICQWebMessage message type as the ICQSMS message type, which allows remote attackers to cause a denial of service (application crash) via a crafted ICQ web message that trigge
|
29-09-2017 - 01:34 | 01-07-2009 - 13:00 | |
CVE-2008-3532 | 6.8 |
The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service.
|
29-09-2017 - 01:31 | 08-08-2008 - 19:41 | |
CVE-2011-4603 | 5.0 |
The silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash)
|
19-09-2017 - 01:34 | 17-12-2011 - 03:54 | |
CVE-2011-3594 | 4.3 |
The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use o
|
19-09-2017 - 01:34 | 04-11-2011 - 21:55 | |
CVE-2010-3711 | 4.0 |
libpurple in Pidgin before 2.7.4 does not properly validate the return value of the purple_base64_decode function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a crafted mes
|
19-09-2017 - 01:31 | 28-10-2010 - 00:00 | |
CVE-2010-0423 | 5.0 |
gtkimhtml.c in Pidgin before 2.6.6 allows remote attackers to cause a denial of service (CPU consumption and application hang) by sending many smileys in a (1) IM or (2) chat.
|
19-09-2017 - 01:30 | 24-02-2010 - 18:30 | |
CVE-2009-3615 | 5.0 |
The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM I
|
19-09-2017 - 01:29 | 20-10-2009 - 17:30 | |
CVE-2009-3085 | 5.0 |
The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content
|
19-09-2017 - 01:29 | 08-09-2009 - 18:30 | |
CVE-2009-2694 | 10.0 |
The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory
|
19-09-2017 - 01:29 | 21-08-2009 - 11:02 |