Search
Search Results (89 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-1376 | 2 Pidgin, Redhat | 2 Pidgin, Enterprise Linux | 2025-04-09 | N/A |
| Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927. | ||||
| CVE-2009-2404 | 5 Aol, Gnome, Mozilla and 2 more | 9 Instant Messenger, Evolution, Firefox and 6 more | 2025-04-09 | N/A |
| Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function. | ||||
| CVE-2009-1889 | 2 Pidgin, Redhat | 2 Pidgin, Enterprise Linux | 2025-04-09 | N/A |
| The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets the ICQWebMessage message type as the ICQSMS message type, which allows remote attackers to cause a denial of service (application crash) via a crafted ICQ web message that triggers allocation of a large amount of memory. | ||||
| CVE-2009-3615 | 3 Adium, Pidgin, Redhat | 3 Adium, Pidgin, Enterprise Linux | 2025-04-09 | N/A |
| The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client. | ||||
| CVE-2008-3532 | 2 Pidgin, Redhat | 2 Pidgin, Enterprise Linux | 2025-04-09 | N/A |
| The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service. | ||||
| CVE-2022-26491 | 2 Debian, Pidgin | 2 Debian Linux, Pidgin | 2024-11-21 | 5.9 Medium |
| An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses can redirect a client connection to a malicious server. The client will perform TLS certificate verification of the malicious domain name instead of the original XMPP service domain, allowing the attacker to take over control over the XMPP connection and to obtain user credentials and all communication content. This is similar to CVE-2022-24968. | ||||
| CVE-2017-2640 | 3 Debian, Pidgin, Redhat | 8 Debian Linux, Pidgin, Enterprise Linux and 5 more | 2024-11-21 | N/A |
| An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process. | ||||
| CVE-2016-1000030 | 2 Pidgin, Suse | 2 Pidgin, Linux Enterprise Server | 2024-11-21 | N/A |
| Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutls_x509_crt_init() and gnutls_x509_crt_import() that can result in code execution. This attack appear to be exploitable via custom X.509 certificate from another client. This vulnerability appears to have been fixed in 2.11.0. | ||||
| CVE-2012-1257 | 1 Pidgin | 1 Pidgin | 2024-11-21 | 5.5 Medium |
| Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local users to obtain sensitive information via a dbus session monitor. | ||||