CRITICAL9.8CVE-2016-1000030Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnut… from 0, < 2.11.0-1
from 0, < 2.10.10-1~deb7u3
CRITICAL9.8pidgin - security update
from 0, < 2.11.0-0+deb8u2
CRITICAL9.8pidgin - security update
from 0, < 2.12.0-1
HIGH8.1A buffer overflow vulnerability exists in the handling of the MXIT protocol Pidgin.
from 0, < 2.11.0-1
HIGH8.1A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin.
from 0, < 2.11.0-1
HIGH8.1A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin.
from 0, < 2.11.0-1
HIGH8.1An exploitable memory corruption vulnerability exists in the handling of the MXIT protocol in Pidgin.
from 0, < 2.11.0-1
HIGH8.1An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin.
from 0, < 2.11.0-1
HIGH8.1Multiple memory corruption vulnerabilities exist in the handling of the MXIT protocol in Pidgin.
from 0, < 2.11.0-1
HIGH7.5Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers…
from 0, < 2.6.5-1
MEDIUM5.9pidgin - security update
from 0
MEDIUM5.9pidgin - security update
from 0, < 2.12.0-1+deb9u1
MEDIUM5.9A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin.
from 0, < 2.11.0-1
MEDIUM5.9An information leak exists in the handling of the MXIT protocol in Pidgin.
from 0, < 2.11.0-1
MEDIUM5.9A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin.
from 0, < 2.11.0-1
MEDIUM5.9A NULL pointer dereference vulnerability exists in the handling of the MXIT protocol in Pidgin.
from 0, < 2.11.0-1
MEDIUM5.9An information leak exists in the handling of the MXIT protocol in Pidgin.
from 0, < 2.11.0-1
MEDIUM5.9A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin.
from 0, < 2.11.0-1
MEDIUM5.9pidgin - security update
from 0, < 2.10.10-1~deb7u2
MEDIUM5.9pidgin - security update
from 0, < 2.11.0-1
MEDIUM5.9pidgin - security update
from 0, < 2.11.0-0+deb8u1
MEDIUM5.5Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local users to obtain sensitive information via a dbus session mo…
from 0
MEDIUM5.3An exploitable out-of-bounds read exists in the handling of the MXIT protocol in Pidgin.
from 0, < 2.11.0-1
LOW3.7A directory traversal exists in the handling of the MXIT protocol in Pidgin.
from 0, < 2.11.0-1
LOW3.1An information leak exists in the handling of the MXIT protocol in Pidgin.
from 0, < 2.11.0-1
—The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows remote attackers to…
from 0, < 2.10.10-1
—nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service…
from 0, < 2.10.10-1
—markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application…
from 0, < 2.10.10-1
—pidgin - security update
from 0, < 2.10.10-1
—pidgin - security update
from 0, < 2.10.10-1~deb7u1
—The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a negative Content-Leng…
from 0, < 2.10.8-1
—Integer signedness error in the MXit functionality in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (segmentati…
from 0, < 2.10.8-1
—libgadu - heap-based buffer overflow
from 0, < 2.10.8-1
—Pidgin before 2.10.8 allows remote MSN servers to cause a denial of service (NULL pointer dereference and crash) via a crafted (1) SOAP res…
from 0, < 2.10.8-1
—libpurple/protocols/yahoo/libymsg.c in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (crash) via a Yahoo! P2P m…
from 0, < 2.10.8-1
—The IRC protocol plugin in libpurple in Pidgin before 2.10.8 does not validate argument counts, which allows remote IRC servers to cause a…
from 0, < 2.10.8-1
—pidgin - security update
from 0, < 2.7.3-1+squeeze4
—pidgin - security update
from 0, < 2.10.8-1
—The STUN protocol implementation in libpurple in Pidgin before 2.10.8 allows remote STUN servers to cause a denial of service (out-of-bound…
from 0, < 2.10.8-1
—The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not properly determine whether the from address in an iq reply is consis…
from 0, < 2.10.8-1
—util.c in libpurple in Pidgin before 2.10.8 does not properly allocate memory for HTTP responses that are inconsistent with the Content-Len…
from 0, < 2.10.8-1
—gtkimhtml.c in Pidgin before 2.10.8 does not properly interact with underlying library support for wide Pango layouts, which allows user-as…
from 0, < 2.10.8-1
—pidgin - several
from 0, < 2.10.8-1
—pidgin - several
from 0, < 2.10.9-1~deb7u1
—The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cau…
from 0, < 2.10.8-1
—upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to ca…
from 0, < 2.10.6-3
—sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which allows rem…
from 0, < 2.10.6-3
—Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.7 allows remote servers to execute arbitrary code…
from 0, < 2.10.6-3
—The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might allow remote attackers to create or overwrite files via a crafted (1) m…
from 0, < 2.10.6-3
—cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local user…
from 0, < 2.7.11-1
—pidgin - remote code execution
from 0, < 2.7.3-1+squeeze3
—pidgin - remote code execution
from 0, < 2.10.6-1
—msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not properly handle crafted characters, which allows remote serv…
from 0, < 2.10.4-1
—proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection attempts, which allows user-assisted remot…
from 0, < 2.10.4-1
—The msn_oim_report_to_user function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers to cause…
from 0, < 2.10.2-1
—The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin before 2.10.2 allows remote attackers to cause a denial of service (NULL p…
from 0, < 2.10.2-1
—family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on messag…
from 0, < 2.10.1-1
—The silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected U…
from 0, < 2.10.1-1
—The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not properly handle missing fields in (1) voice-chat and (2) video-chat…
from 0, < 2.10.1-1
—The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other produc…
from 0, < 2.10.1-1
—The msn_httpconn_parse_data function in httpconn.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.0 does not properly handle…
from 0, < 2.10.0-1
—The irc_msg_who function in msgs.c in the IRC protocol plugin in libpurple 2.8.0 through 2.9.0 in Pidgin before 2.10.0 does not properly va…
from 0, < 2.10.0-1
—libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin 2.6.0 through 2.7.10 allows (1) remote authenticated users to cause a denial…
from 0, < 2.7.11-1
—directconn.c in the MSN protocol plugin in libpurple 2.7.6 through 2.7.8 in Pidgin before 2.7.9 allows remote authenticated users to cause…
from 0, < 2.7.9-1
—libpurple in Pidgin before 2.7.4 does not properly validate the return value of the purple_base64_decode function, which allows remote auth…
from 0, < 2.7.4-1
—The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated u…
from 0, < 2.7.2-1
—The msn_emoticon_msg function in slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.7.0 allows remote authenticated users to…
from 0, < 2.7.0-1
—gtkimhtml.c in Pidgin before 2.6.6 allows remote attackers to cause a denial of service (CPU consumption and application hang) by sending m…
from 0, < 2.6.6-1
—libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user chat (MUC) room is used, does not properly parse nicknames containing <b…
from 0, < 2.6.6-1
—slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a d…
from 0, < 2.6.6-1
—pidgin - arbitrary code execution
from 0, < 2.6.3-1
—pidgin - arbitrary code execution
from 0, < 2.4.3-4lenny5
—The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a cus…
from 0, < 2.6.2-1
—The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in P…
from 0, < 2.6.2-1
—pidgin - denial of service
from 0, < 2.4.3-4lenny6
—pidgin - denial of service
from 0, < 2.6.2-1
—libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial o…
from 0, < 2.6.2
—protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when co…
from 0, < 2.6.1-1
—Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers to cause a denial of service (crash) via a link in a Yahoo IM.
from 0, < 2.6.1-1
—pidgin - insufficient input sanitization
from 0, < 2.5.9-1
—pidgin - insufficient input sanitization
from 0, < 2.4.3-4lenny3
—The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets the ICQWebMessage message type as the ICQSMS message type, which all…
from 0, < 2.5.8-1
—Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c an…
from 0, < 2.5.6-1
—The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2.5.6 does not properly maintain a certain buffer, which allows remote…
from 0, < 2.5.6-1
—Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) before 2.5.6 allows remote attackers to cause a denial of service (ap…
from 0, < 2.5.6-1
—Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute ar…
from 0, < 2.5.6-1
—The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user in…
from 0, < 2.4.3-2
—pidgin - several vulnerabilities
from 0, < 2.4.3-4lenny2
—pidgin - several vulnerabilities
from 0, < 2.4.3-1
—Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstr…
from 0, < 2.4.3-1
—The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and…
from 0, < 2.4.3-4
—Memory leak in Pidgin 2.0.0, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via mal…
from 0
—libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows remote attackers to cause a denial of service (NULL dereference an…
from 0, < 2.2.2-1
—libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver's buddy list, which all…
from 0, < 2.2.1-1