Download
| Alert*
oval:org.secpod.oval:def:201571
Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way the AOL Open System for Communication in Realtime protocol plug-in in Pidgin, used by the AOL ICQ and AIM instant messa ... oval:org.secpod.oval:def:201610 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way the AOL Open System for Communication in Realtime protocol plug-in in Pidgin, used by the AOL ICQ and AIM instant messa ... oval:org.secpod.oval:def:6275 The host is installed with Pidgin before 2.10.4 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle canceled SOCKS5 connection attempts. Successful exploitation allows user-assisted remote authenticated users to cause application cras ... oval:org.secpod.oval:def:700930 pidgin: graphical multi-protocol instant messaging client for X Several security issues were fixed in Pidgin. oval:org.secpod.oval:def:106335 Pidgin allows you to talk to anyone using a variety of messaging protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu, ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add ... oval:org.secpod.oval:def:106405 Pidgin allows you to talk to anyone using a variety of messaging protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu, ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add ... oval:org.secpod.oval:def:502115 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. The following packages have been upgraded to a later upstream version: pidgin . Security Fix: * A denial of service flaw was found in the way Pidgin"s Mxit plug-in han ... oval:org.secpod.oval:def:1502005 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:21527 The host is installed with Pidgin before 2.10.10 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle a crafted certificate. Successful exploitation allows attackers to spoof servers and obtain sensitive information. oval:org.secpod.oval:def:21528 The host is installed with Pidgin before 2.10.10 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a large length value in an emoticon response. Successful exploitation allows attackers to cause a denial of service (application cr ... oval:org.secpod.oval:def:21529 The host is installed with Pidgin before 2.10.10 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a crafted server message. Successful exploitation allows attackers to cause a denial of service (application crash). oval:org.secpod.oval:def:21530 The host is installed with Pidgin before 2.10.10 and is prone to an absolute path traversal vulnerability. A flaw is present in the application, which fails to properly handle a drive name in a tar archive of a smiley theme. Successful exploitation allows attackers to write to arbitrary files. oval:org.secpod.oval:def:21531 The host is installed with Pidgin before 2.10.10 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle a crafted XMPP message. Successful exploitation allows attackers to obtain sensitive information from process memory. oval:org.secpod.oval:def:52331 pidgin: graphical multi-protocol instant messaging client for X Several security issues were fixed in Pidgin. oval:org.secpod.oval:def:107885 Pidgin allows you to talk to anyone using a variety of messaging protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu, ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add ... oval:org.secpod.oval:def:16812 The host is installed with Pidgin before 2.10.8 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly allocate memory for HTTP responses that are inconsistent with the Content-Length header. Successful exploitation allows attackers to cause an ... oval:org.secpod.oval:def:16811 The host is installed with Pidgin before 2.10.8 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly interact with underlying library support for wide Pango layouts. Successful exploitation allows attackers to cause an application crash. oval:org.secpod.oval:def:16810 The host is installed with Pidgin before 2.10.8 and is prone to multiple integer signedness error vulnerabilities. The flaws are present in the application, which fails to handle a crafted timestamp value in an XMPP message. Successful exploitation allows attackers to cause an application crash. oval:org.secpod.oval:def:16930 The host is installed with Pidgin before 2.7.10 and is prone to information disclosure vulnerability. The flaw is present in the cipher.c in the Cipher API in libpurple in Pidgin, which retains encryption-key data in process memory. Successful exploitation might allow local users to obtain sensitive ... oval:org.secpod.oval:def:16809 The host is installed with Pidgin before 2.10.8 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly validate UTF-8 data. Successful exploitation allows attackers to cause an application crash. oval:org.secpod.oval:def:601239 Multiple vulnerabilities have been discovered in pidgin, a multi-protocol instant messaging client. In addition to fixing the vulnerabilities, this revision specific to the oldstable distribution , reduces the supported protocols to: IRC, Jabber/XMPP, Sametime, and SIMPLE. Users of other protocols a ... oval:org.secpod.oval:def:16822 The host is installed with Pidgin before 2.10.8 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle a negative Content-Length header. Successful exploitation allows attackers to have unspecified impact. oval:org.secpod.oval:def:16821 The host is installed with Pidgin before 2.10.8 and is prone to integer signedness error vulnerability. A flaw is present in the application, which fails to properly handle a crafted emoticon value. Successful exploitation allows attackers to cause denial of service (segmentation fault). oval:org.secpod.oval:def:16820 The host is installed with Pidgin before 2.10.8 and is prone to integer overflow vulnerability. A flaw is present in the application, which fails to properly handle a large Content-Length value. Successful exploitation allows attackers to have an unspecified impact. oval:org.secpod.oval:def:16816 The host is installed with Pidgin before 2.10.8 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle message containing a file: URL that is improperly handled during construction of an explorer.exe command. Successful exploitation allo ... oval:org.secpod.oval:def:16815 The host is installed with Pidgin before 2.10.8 and is prone to buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle invalid chunk-size field in chunked transfer-coding data. Successful exploitation allows attackers to cause an application crash. oval:org.secpod.oval:def:16814 The host is installed with Pidgin before 2.10.8 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle sockets. Successful exploitation allows remote STUN servers to cause a denial of service (out-of-bounds write operation and applicatio ... oval:org.secpod.oval:def:16813 The host is installed with Pidgin before 2.10.8 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly determine whether the from address in an iq reply is consistent with the to address in an iq request. Successful exploitation allows attacker ... oval:org.secpod.oval:def:16819 The host is installed with Pidgin before 2.10.8 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted SOAP response, OIM XML response or Content-Length header. Successful exploitation allows attackers to cause a NULL pointer dereferenc ... oval:org.secpod.oval:def:16818 The host is installed with Pidgin before 2.10.8 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle a Yahoo! P2P message with a crafted length field. Successful exploitation allows attackers to cause an application crash. oval:org.secpod.oval:def:16817 The host is installed with Pidgin before 2.10.8 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly validate argument counts. Successful exploitation allows attackers to cause an application crash. oval:org.secpod.oval:def:701195 pidgin: graphical multi-protocol instant messaging client for X Several security issues were fixed in Pidgin. oval:org.secpod.oval:def:7299 The host is installed with Pidgin before 2.10.5 and is prone to buffer overflow vulnerability. A flaw is present in the application, which fails to handle a crafted inline image in a message. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:600846 Ulf Härnhammar found a buffer overflow in Pidgin, a multi protocol instant messaging client. The vulnerability can be exploited by an incoming message in the MXit protocol plugin. A remote attacker may cause a crash, and in some circumstances can lead to remote code execution. oval:org.secpod.oval:def:202642 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A stack-based buffer overflow flaw was found in the Pidgin MXit protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending ... oval:org.secpod.oval:def:202405 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A flaw was found in the way the Pidgin MSN protocol plug-in processed text that was not encoded in UTF-8. A remote attacker could use this flaw to crash Pidgin by sendi ... oval:org.secpod.oval:def:702265 pidgin: graphical multi-protocol instant messaging client for X Several security issues were fixed in Pidgin. oval:org.secpod.oval:def:1500125 Updated pidgin packages that fix three security issues are now availablefor Red Hat Enterprise Linux 5 and 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. Common Vulnerability Scoring System base scores,which give detailed severity ratings, are availabl ... oval:org.secpod.oval:def:701562 pidgin: graphical multi-protocol instant messaging client for X Several security issues were fixed in Pidgin. oval:org.secpod.oval:def:203036 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A heap-based buffer overflow flaw was found in the way Pidgin processed certain HTTP responses. A malicious server could send a specially crafted HTTP response, causing ... oval:org.secpod.oval:def:1500373 Updated pidgin packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ... oval:org.secpod.oval:def:601212 Multiple vulnerabilities have been discovered in Pidgin, a multi-protocol instant messaging client: CVE-2013-6477 Jaime Breva Ribes discovered that a remote XMPP user can trigger a crash by sending a message with a timestamp in the distant future. CVE-2013-6478 Pidgin could be crashed through overly ... oval:org.secpod.oval:def:9323 The host is installed with Pidgin before 2.10.7 and is prone to security bypass vulnerability. A flaw is present in the application, which fails to handle crafted mxit or mxit/imagestrips pathname. Successful exploitation allows attackers to create or overwrite files. oval:org.secpod.oval:def:9320 The host is installed with Pidgin before 2.10.7 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly terminate long strings in UPnP responses. Successful exploitation allows attackers to cause an application crash by leveraging access to the ... oval:org.secpod.oval:def:9321 The host is installed with Pidgin before 2.10.7 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly terminate long user IDs. Successful exploitation allows attackers to cause an application crash via a crafted packet. oval:org.secpod.oval:def:9322 The host is installed with Pidgin before 2.10.7 and is prone to buffer overflow vulnerability. A flaw is present in the application, which fails to handle a long HTTP header. Successful exploitation allows attackers to execute arbitrary code. oval:org.secpod.oval:def:3518 The host is installed with Pidgin before 2.10.1 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle invalid UTF-8 data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:3516 The host is installed with Pidgin before 2.10.1 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle invalid UTF-8 data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:500115 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. Multiple NULL pointer dereference flaws were found in the way the Pidgin Yahoo! Messenger Protocol plug-in handled malformed YMSG packets. A remote attacker could use t ... oval:org.secpod.oval:def:202404 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A flaw was found in the way the Pidgin MSN protocol plug-in processed text that was not encoded in UTF-8. A remote attacker could use this flaw to crash Pidgin by sendi ... oval:org.secpod.oval:def:6232 The host is installed with Pidgin before 2.10.4 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle crafted characters. Successful exploitation allows remote servers to cause application crash by placing these characters in a text/pla ... oval:org.secpod.oval:def:501024 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A stack-based buffer overflow flaw was found in the Pidgin MXit protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending ... oval:org.secpod.oval:def:500211 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way the AOL Open System for Communication in Realtime protocol plug-in in Pidgin, used by the AOL ICQ and AIM instant messa ... oval:org.secpod.oval:def:500058 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way the AOL Open System for Communication in Realtime protocol plug-in in Pidgin, used by the AOL ICQ and AIM instant messa ... oval:org.secpod.oval:def:202641 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A stack-based buffer overflow flaw was found in the Pidgin MXit protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending ... oval:org.secpod.oval:def:3639 The host is installed with Pidgin before 2.10.1 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to perform the expected UTF-8 validation on message data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:3519 The host is installed with Pidgin before 2.10.1 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to ensure that the incoming message contained all required fields. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:3517 The host is installed with Pidgin before 2.10.1 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to ensure that the incoming message contained all required fields. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:3640 The host is installed with Pidgin before 2.10.1 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to perform the expected UTF-8 validation on message data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:202861 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way the AOL Open System for Communication in Realtime protocol plug-in in Pidgin, used by the AOL ICQ and AIM instant messa ... oval:org.secpod.oval:def:501186 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A heap-based buffer overflow flaw was found in the way Pidgin processed certain HTTP responses. A malicious server could send a specially crafted HTTP response, causing ... oval:org.secpod.oval:def:203026 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A heap-based buffer overflow flaw was found in the way Pidgin processed certain HTTP responses. A malicious server could send a specially crafted HTTP response, causing ... oval:org.secpod.oval:def:4898 The host is installed with Pidgin before 2.10.2 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to handle pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin. Successful exploitation could allow remote attackers to cause a denial of service ... oval:org.secpod.oval:def:4900 The host is installed with Pidgin before 2.10.2 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to handle pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin. Successful exploitation could allow remote attackers to cause a denial of service ... oval:org.secpod.oval:def:4899 The host is installed with Pidgin before 2.10.2 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to handle msn_oim_report_to_user function in oim.c in the MSN protocol plugin in libpurple in Pidgin. Successful exploitation could allow remote servers ... oval:org.secpod.oval:def:4901 The host is installed with Pidgin before 2.10.2 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to handle msn_oim_report_to_user function in oim.c in the MSN protocol plugin in libpurple in Pidgin. Successful exploitation could allow remote servers ... oval:org.secpod.oval:def:500853 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A flaw was found in the way the Pidgin MSN protocol plug-in processed text that was not encoded in UTF-8. A remote attacker could use this flaw to crash Pidgin by sendi ... oval:org.secpod.oval:def:7300 The host is installed with Pidgin before 2.10.5 and is prone to buffer overflow vulnerability. A flaw is present in the application, which fails to handle a crafted inline image in a message. Successful exploitation allows remote attackers to execute arbitrary code. |