Download
| Alert*
oval:org.secpod.oval:def:47531
The host is installed with Pidgin before 2.11.0 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to check the return values from the gnutls_x509_crt_init() and gnutls_x509_crt_import() functions. Successful exploitation allows attackers to ... oval:org.secpod.oval:def:6275 The host is installed with Pidgin before 2.10.4 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle canceled SOCKS5 connection attempts. Successful exploitation allows user-assisted remote authenticated users to cause application cras ... oval:org.secpod.oval:def:21527 The host is installed with Pidgin before 2.10.10 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle a crafted certificate. Successful exploitation allows attackers to spoof servers and obtain sensitive information. oval:org.secpod.oval:def:21528 The host is installed with Pidgin before 2.10.10 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a large length value in an emoticon response. Successful exploitation allows attackers to cause a denial of service (application cr ... oval:org.secpod.oval:def:21529 The host is installed with Pidgin before 2.10.10 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a crafted server message. Successful exploitation allows attackers to cause a denial of service (application crash). oval:org.secpod.oval:def:21530 The host is installed with Pidgin before 2.10.10 and is prone to an absolute path traversal vulnerability. A flaw is present in the application, which fails to properly handle a drive name in a tar archive of a smiley theme. Successful exploitation allows attackers to write to arbitrary files. oval:org.secpod.oval:def:21531 The host is installed with Pidgin before 2.10.10 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle a crafted XMPP message. Successful exploitation allows attackers to obtain sensitive information from process memory. oval:org.secpod.oval:def:16812 The host is installed with Pidgin before 2.10.8 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly allocate memory for HTTP responses that are inconsistent with the Content-Length header. Successful exploitation allows attackers to cause an ... oval:org.secpod.oval:def:16933 The host is installed with Pidgin before 2.5.6 and is prone to buffer overflow vulnerability. The flaw is present in the decrypt_out function in Pidgin, which fails to handle a QQ packet. Successful exploitation could allow remote attackers to cause a denial of service (application crash). oval:org.secpod.oval:def:2189 The host is installed with Pidgin before 2.10.0 and is prone to NULL pointer dereference vulnerability. A flaw is present in the application, which is caused by an error in the IRC protocol plugin when handling WHO responses with special characters in the nicknames. Successful exploitation allow att ... oval:org.secpod.oval:def:16811 The host is installed with Pidgin before 2.10.8 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly interact with underlying library support for wide Pango layouts. Successful exploitation allows attackers to cause an application crash. oval:org.secpod.oval:def:16810 The host is installed with Pidgin before 2.10.8 and is prone to multiple integer signedness error vulnerabilities. The flaws are present in the application, which fails to handle a crafted timestamp value in an XMPP message. Successful exploitation allows attackers to cause an application crash. oval:org.secpod.oval:def:16930 The host is installed with Pidgin before 2.7.10 and is prone to information disclosure vulnerability. The flaw is present in the cipher.c in the Cipher API in libpurple in Pidgin, which retains encryption-key data in process memory. Successful exploitation might allow local users to obtain sensitive ... oval:org.mitre.oval:def:6167 Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers to cause a denial of service (crash) via a link in a Yahoo IM. oval:org.secpod.oval:def:16809 The host is installed with Pidgin before 2.10.8 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly validate UTF-8 data. Successful exploitation allows attackers to cause an application crash. oval:org.secpod.oval:def:16928 The host is installed with Pidgin 2.4.3 and is prone to arbitrary code execution vulnerability. A flaw is present in the NSS plugin in libpurple in Pidgin, which does not verify SSL certificates. Successful exploitation could allow remote attackers to trick a user into accepting an invalid server ce ... oval:org.secpod.oval:def:16927 The host is installed with Pidgin before 2.5.8 and is prone to denial of service vulnerability. The flaw is present in the OSCAR protocol implementation in Pidgin, which fails to handle a crafted ICQ web message that triggers allocation of a large amount of memory. Successful exploitation could allo ... oval:org.secpod.oval:def:16822 The host is installed with Pidgin before 2.10.8 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle a negative Content-Length header. Successful exploitation allows attackers to have unspecified impact. oval:org.secpod.oval:def:16821 The host is installed with Pidgin before 2.10.8 and is prone to integer signedness error vulnerability. A flaw is present in the application, which fails to properly handle a crafted emoticon value. Successful exploitation allows attackers to cause denial of service (segmentation fault). oval:org.secpod.oval:def:16820 The host is installed with Pidgin before 2.10.8 and is prone to integer overflow vulnerability. A flaw is present in the application, which fails to properly handle a large Content-Length value. Successful exploitation allows attackers to have an unspecified impact. oval:org.secpod.oval:def:16816 The host is installed with Pidgin before 2.10.8 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle message containing a file: URL that is improperly handled during construction of an explorer.exe command. Successful exploitation allo ... oval:org.secpod.oval:def:40380 The host is installed with Pidgin before 2.11.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle the MXIT protocol. Successful exploitation allows attackers to cause an application crash. oval:org.secpod.oval:def:16815 The host is installed with Pidgin before 2.10.8 and is prone to buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle invalid chunk-size field in chunked transfer-coding data. Successful exploitation allows attackers to cause an application crash. oval:org.secpod.oval:def:16936 The host is installed with Pidgin 2.0.0 and is prone to denial of service vulnerability. The flaw is present in the UPnP functionality in Pidgin, which fails to handle a UDP packet that specifies an arbitrary URL. Successful exploitation could allow remote attackers to trigger the download of arbitr ... oval:org.secpod.oval:def:40381 The host is installed with Pidgin before 2.11.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle the MXIT protocol. Successful exploitation allows attackers to cause an application crash. oval:org.secpod.oval:def:16814 The host is installed with Pidgin before 2.10.8 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle sockets. Successful exploitation allows remote STUN servers to cause a denial of service (out-of-bounds write operation and applicatio ... oval:org.secpod.oval:def:2190 The host is installed with Pidgin before 2.10.0 and is prone to denial of service vulnerability. A flaw is present in the application, which is caused by an error in the MSN protocol when parsing HTTP 100 responses. Successful exploitation allows attackers to execute arbitrary code, this only affect ... oval:org.secpod.oval:def:16813 The host is installed with Pidgin before 2.10.8 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly determine whether the from address in an iq reply is consistent with the to address in an iq request. Successful exploitation allows attacker ... oval:org.secpod.oval:def:16934 The host is installed with Pidgin before 2.5.6 and is prone to denial of service vulnerability. The flaw is present in the PurpleCircBuffer implementation in Pidgin, which fails to handle vectors involving the (1) XMPP or (2) Sametime protocol. Successful exploitation could allow remote attackers to ... oval:org.secpod.oval:def:40384 The host is installed with Pidgin before 2.11.0 and is prone to a null pointer dereference vulnerability. A flaw is present in the application, which fails to properly handle the MXIT protocol. Successful exploitation allows attackers to potentially result in a denial of service. oval:org.secpod.oval:def:16819 The host is installed with Pidgin before 2.10.8 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted SOAP response, OIM XML response or Content-Length header. Successful exploitation allows attackers to cause a NULL pointer dereferenc ... oval:org.secpod.oval:def:2191 The host is installed with Pidgin before 2.10.0 and is prone to remote code execution vulnerability. A flaw is present in the application, which is caused by an error related to file:// URIs. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:40385 The host is installed with Pidgin before 2.11.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle the MXIT protocol. Successful exploitation allows attackers to send invalid data. oval:org.mitre.oval:def:12366 Pidgin (32 bit) is installed oval:org.secpod.oval:def:16818 The host is installed with Pidgin before 2.10.8 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle a Yahoo! P2P message with a crafted length field. Successful exploitation allows attackers to cause an application crash. oval:org.secpod.oval:def:40382 The host is installed with Pidgin before 2.11.0 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to properly handle the MXIT protocol. Successful exploitation allows attackers to trigger an out-of-bounds read vulnerability. oval:org.secpod.oval:def:16817 The host is installed with Pidgin before 2.10.8 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly validate argument counts. Successful exploitation allows attackers to cause an application crash. oval:org.secpod.oval:def:40383 The host is installed with Pidgin before 2.11.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle the MXIT protocol. Successful exploitation allows attackers to cause code execution or memory disclosure. oval:org.secpod.oval:def:40388 The host is installed with Pidgin before 2.11.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle the MXIT protocol. Successful exploitation allows attackers to cause out-of-bounds read. oval:org.secpod.oval:def:40389 The host is installed with Pidgin before 2.11.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle the MXIT protocol. Successful exploitation allows attackers to cause an out-of-bounds write leading to memory disclosure and code ex ... oval:org.secpod.oval:def:40386 The host is installed with Pidgin before 2.11.0 and is prone to a out-of-bounds write vulnerability. A flaw is present in the application, which fails to properly handle the MXIT protocol. Successful exploitation allows attackers to cause memory corruption resulting in code execution. oval:org.secpod.oval:def:40387 The host is installed with Pidgin before 2.11.0 and is prone to a out-of-bounds read vulnerability. A flaw is present in the application, which fails to properly handle the MXIT protocol. Successful exploitation allows attackers to cause denial of service or copy data from memory to the file. oval:org.secpod.oval:def:7299 The host is installed with Pidgin before 2.10.5 and is prone to buffer overflow vulnerability. A flaw is present in the application, which fails to handle a crafted inline image in a message. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:40391 The host is installed with Pidgin before 2.11.0 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle the MXIT data. Successful exploitation allows attackers to send an invalid size for a packet which will trigger a buffer overflow. oval:org.secpod.oval:def:40392 The host is installed with Pidgin before 2.11.0 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle the MXIT data. Successful exploitation allows attackers to send a negative content-length in response to a HTTP request triggering the ... oval:org.secpod.oval:def:40390 The host is installed with Pidgin before 2.11.0 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to properly handle the MXIT contact information. Successful exploitation allows attackers to cause an out-of-bounds read. oval:org.secpod.oval:def:40395 The host is installed with Pidgin before 2.11.0 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to properly handle a crafted MXIT data. Successful exploitation allows attackers to convince users to enter a particular string which would then get ... oval:org.secpod.oval:def:40396 The host is installed with Pidgin before 2.11.0 and is prone to a directory traversal vulnerability. A flaw is present in the application, which fails to properly handle a crafted MXIT data. Successful exploitation allows attackers to provide an invalid filename for a splash image. oval:org.secpod.oval:def:40393 The host is installed with Pidgin before 2.11.0 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle the MXIT data. Successful exploitation allows attackers to send negative length values to trigger this vulnerability. oval:org.secpod.oval:def:40394 The host is installed with Pidgin before 2.11.0 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle the password encryption. Successful exploitation allows attackers to decrypt hashed passwords by leveraging knowledge of clien ... oval:org.secpod.oval:def:40397 The host is installed with Pidgin before 2.12.0 and is prone to an out-of-bounds write vulnerability. A flaw is present in the application, which fails to properly handle a invalid xml. Successful exploitation allows attackers to have unspecified impact. oval:org.secpod.oval:def:9323 The host is installed with Pidgin before 2.10.7 and is prone to security bypass vulnerability. A flaw is present in the application, which fails to handle crafted mxit or mxit/imagestrips pathname. Successful exploitation allows attackers to create or overwrite files. oval:org.secpod.oval:def:831 The host is installed with Pidgin and is prone to denial of service vulnerability. A flaw is present in directconn.c in the MSN protocol plugin in libpurple, which fails to handle short p2pv2 packets in a DirectConnect session. Successful exploitation could allow remote attackers to execute arbitrar ... oval:org.secpod.oval:def:9320 The host is installed with Pidgin before 2.10.7 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly terminate long strings in UPnP responses. Successful exploitation allows attackers to cause an application crash by leveraging access to the ... oval:org.secpod.oval:def:9321 The host is installed with Pidgin before 2.10.7 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly terminate long user IDs. Successful exploitation allows attackers to cause an application crash via a crafted packet. oval:org.secpod.oval:def:9322 The host is installed with Pidgin before 2.10.7 and is prone to buffer overflow vulnerability. A flaw is present in the application, which fails to handle a long HTTP header. Successful exploitation allows attackers to execute arbitrary code. oval:org.secpod.oval:def:3518 The host is installed with Pidgin before 2.10.1 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle invalid UTF-8 data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:533 The host is installed with Pidgin and is prone to denial of service vulnerability. A flaw is present in libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin, which fails to handle malformed YMSG SMS messages. Successful exploitation could allow remote attackers to cause a denial of service ... oval:org.secpod.oval:def:16926 The host is installed with Pidgin before 2.4.3 and is prone to remote buffer overflow vulnerability. The flaw is present in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin, which fails to ... oval:org.secpod.oval:def:6386 The host is installed with Pidgin-otr plugin before 3.2.1-1 for Pidgin and is prone to format string vulnerability. A flaw is present in the Off-the-Record Messaging (OTR) pidgin-otr plugin, which fails to handle format string specifiers in data that generates a log message. Successful exploitation ... oval:org.secpod.oval:def:6232 The host is installed with Pidgin before 2.10.4 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle crafted characters. Successful exploitation allows remote servers to cause application crash by placing these characters in a text/pla ... oval:org.secpod.oval:def:3639 The host is installed with Pidgin before 2.10.1 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to perform the expected UTF-8 validation on message data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:3519 The host is installed with Pidgin before 2.10.1 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to ensure that the incoming message contained all required fields. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:16932 The host is installed with Pidgin before 2.5.6 and is prone to buffer overflow vulnerability. The flaw is present in the XMPP SOCKS5 bytestream server in Pidgin, which fails to handle vectors involving an outbound XMPP file transfer. Successful exploitation could allow remote authenticated users to ... oval:org.secpod.oval:def:4898 The host is installed with Pidgin before 2.10.2 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to handle pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin. Successful exploitation could allow remote attackers to cause a denial of service ... oval:org.secpod.oval:def:4899 The host is installed with Pidgin before 2.10.2 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to handle msn_oim_report_to_user function in oim.c in the MSN protocol plugin in libpurple in Pidgin. Successful exploitation could allow remote servers ... oval:org.secpod.oval:def:16931 The host is installed with Pidgin 2.4.1 and is prone to denial of service vulnerability. The flaw is present in the msn_slplink_process_msg function, which fails to handle a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplin ... oval:org.mitre.oval:def:6322 The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an SLP invite message that lacks certain required fields, as demonst ... oval:org.mitre.oval:def:6320 The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending mult ... oval:org.mitre.oval:def:5757 protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption and a ... oval:org.secpod.oval:def:16929 The host is installed with Pidgin before 2.6.3 and is prone to denial of service vulnerability. The flaw is present in the OSCAR protocol plugin in libpurple in Pidgin, which fails to properly handle crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client. Su ... oval:org.mitre.oval:def:6434 The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images. oval:org.secpod.oval:def:16935 The host is installed with Pidgin before 2.5.6 and is prone to buffer overflow vulnerability. The flaw is present in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c, which fails to handle a malform ... oval:org.mitre.oval:def:6435 libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service (NULL pointer dereference and application crash) via a TOPIC message that lacks a topic string. oval:org.secpod.oval:def:824 The host is installed with Pidgin and is prone to directory traversal vulnerability. A flaw is present in slp.c in the MSN protocol plugin in libpurple, which fails to handle .. (dot dot) sequence in an application/x-msnmsgrp2p MSN emoticon. Successful exploitation could allow remote attackers to ob ... oval:org.secpod.oval:def:826 The host is installed with Pidgin and is prone to denial of service vulnerability. A flaw is present in libpurple in Finch, which fails to handle nicknames containing br tag sequences in multi-user chat (MUC) room environment. Successful exploitation could allow remote attackers to execute arbitrary ... oval:org.secpod.oval:def:825 The host is installed with Pidgin and is prone to denial of service vulnerability. A flaw is present in slp.c in the MSN protocol plugin in libpurple, which fails to handle malformed MSNSLP INVITE request in an SLP message. Successful exploitation could allow remote attackers to corrupt memory and c ... oval:org.secpod.oval:def:828 The host is installed with Pidgin and is prone to denial of service vulnerability. A flaw is present in the msn_emoticon_msg function in slp.c in the MSN protocol plugin in libpurple, which fails to handle a custom emoticon in a malformed SLP message. Successful exploitation could allow remote attac ... oval:org.secpod.oval:def:827 The host is installed with Pidgin and is prone to denial of service vulnerability. A flaw is present in the display feature, which fails to handle overly large number of smileys into an IM or chat window. Successful exploitation could allow remote attackers to execute arbitrary code and cause a deni ... oval:org.secpod.oval:def:829 The host is installed with Pidgin and is prone to denial of service vulnerability. A flaw is present in the clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple, which fails to handle an X-Status message that lacks the expected end tag for a desc or title element. Succe ... oval:org.secpod.oval:def:830 The host is installed with Pidgin and is prone to denial of service vulnerability. A flaw is present in the purple_base64_decode function, which fails to handle Base64 encoded messages causing a NULL pointer dereference. Successful exploitation could allow remote attackers to execute arbitrary code ... oval:org.mitre.oval:def:6338 The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten (aka Ink) message, related to an uninitialized var ... |