Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pidgin pidgin vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2008-2956
Memory leak in Pidgin 2.0.0, and possibly other versions, allows remote malicious users to cause a denial of service (memory consumption) via malformed XML documents. NOTE: this issue has been disputed by the upstream vendor, who states: "I was never able to identify a scena...
Pidgin Pidgin 2.0.0
5
CVSSv2
CVE-2007-5379
Rails prior to 1.2.4, as used for Ruby on Rails, allows remote attackers and ActiveResource servers to determine the existence of arbitrary files and read arbitrary XML files via the Hash.from_xml (Hash#from_xml) method, which uses XmlSimple (XML::Simple) unsafely, as demonstrate...
David Hansson Ruby On Rails
4.3
CVSSv2
CVE-2022-26491
An issue exists in Pidgin prior to 2.14.9. A remote attacker who can spoof DNS responses can redirect a client connection to a malicious server. The client will perform TLS certificate verification of the malicious domain name instead of the original XMPP service domain, allowing...
Pidgin Pidgin
Debian Debian Linux 9.0
4.3
CVSSv2
CVE-2011-3594
The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and previous versions, as used in Pidgin and possibly other products, allows remote malicious users to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid poin...
Pidgin Libpurple 2.7.11
Pidgin Libpurple 2.7.10
Pidgin Libpurple 2.7.2
Pidgin Libpurple 2.7.1
Pidgin Libpurple 2.6.1
Pidgin Libpurple 2.6.0
Pidgin Libpurple 2.5.3
Pidgin Libpurple 2.5.2
Pidgin Libpurple 2.3.0
Pidgin Libpurple 2.2.2
Pidgin Libpurple 2.0.0
Pidgin Libpurple 1.0
Pidgin Libpurple
Pidgin Libpurple 2.7.7
Pidgin Libpurple 2.7.6
Pidgin Libpurple 2.6.5
Pidgin Libpurple 2.6.4
Pidgin Libpurple 2.5.7
Pidgin Libpurple 2.5.6
Pidgin Libpurple 2.4.3
Pidgin Libpurple 2.4.2
Pidgin Libpurple 2.1.1
4.3
CVSSv2
CVE-2011-3184
The msn_httpconn_parse_data function in httpconn.c in the MSN protocol plugin in libpurple in Pidgin prior to 2.10.0 does not properly handle HTTP 100 responses, which allows remote malicious users to cause a denial of service (incorrect memory access and application crash) via v...
Pidgin Pidgin 2.1.0
Pidgin Pidgin 2.4.2
Pidgin Pidgin 2.5.0
Pidgin Pidgin 2.5.1
Pidgin Pidgin 2.6.0
Pidgin Pidgin 2.6.1
Pidgin Pidgin 2.7.3
Pidgin Pidgin 2.7.2
Pidgin Pidgin 2.7.1
Pidgin Pidgin 2.7.0
Pidgin Pidgin 2.1.1
Pidgin Pidgin 2.0.2
Pidgin Pidgin 2.0.1
Pidgin Pidgin 2.3.0
Pidgin Pidgin 2.4.0
Pidgin Pidgin 2.5.7
Pidgin Pidgin 2.5.6
Pidgin Pidgin 2.6.5
Pidgin Pidgin 2.6.6
Pidgin Pidgin 2.7.7
Pidgin Pidgin 2.7.9
Pidgin Pidgin
4.3
CVSSv2
CVE-2011-2943
The irc_msg_who function in msgs.c in the IRC protocol plugin in libpurple 2.8.0 up to and including 2.9.0 in Pidgin prior to 2.10.0 does not properly validate characters in nicknames, which allows user-assisted remote malicious users to cause a denial of service (NULL pointer de...
Pidgin Libpurple 2.8.0
Pidgin Pidgin 2.0.0
Pidgin Pidgin 2.2.2
Pidgin Pidgin 2.3.0
Pidgin Pidgin 2.5.2
Pidgin Pidgin 2.5.3
Pidgin Pidgin 2.6.0
Pidgin Pidgin 2.6.1
Pidgin Pidgin 2.7.10
Pidgin Pidgin 2.7.11
Pidgin Pidgin 2.7.9
Pidgin Pidgin 2.0.1
Pidgin Pidgin 2.0.2
Pidgin Pidgin 2.3.1
Pidgin Pidgin 2.4.0
Pidgin Pidgin 2.5.4
Pidgin Pidgin 2.5.5
Pidgin Pidgin 2.6.2
Pidgin Pidgin 2.6.4
Pidgin Pidgin 2.7.2
Pidgin Pidgin 2.7.3
Pidgin Pidgin
4.3
CVSSv2
CVE-2010-0420
libpurple in Finch in Pidgin prior to 2.6.6, when an XMPP multi-user chat (MUC) room is used, does not properly parse nicknames containing <br> sequences, which allows remote malicious users to cause a denial of service (application crash) via a crafted nickname.
Pidgin Pidgin 2.0.1
Pidgin Pidgin 2.5.4
Pidgin Pidgin 2.5.5
Pidgin Pidgin 2.2.2
Pidgin Pidgin 2.5.8
Pidgin Pidgin 2.6.1
Pidgin Pidgin 2.0.0
Pidgin Pidgin 2.4.0
Pidgin Pidgin 2.5.2
Pidgin Pidgin 2.5.3
Pidgin Pidgin 2.2.0
Pidgin Pidgin 2.5.7
Pidgin Pidgin 2.0.2
Pidgin Pidgin 2.5.6
Pidgin Pidgin 2.4.3
Pidgin Pidgin 2.1.1
Pidgin Pidgin 2.3.1
Pidgin Pidgin 2.3.0
Pidgin Pidgin 2.6.4
Pidgin Pidgin 2.6.0
Pidgin Pidgin
Pidgin Pidgin 2.6.2
4.3
CVSSv2
CVE-2009-3025
Unspecified vulnerability in Pidgin 2.6.0 allows remote malicious users to cause a denial of service (crash) via a link in a Yahoo IM.
Pidgin Pidgin 2.6.0
4.3
CVSSv2
CVE-2008-2955
Pidgin 2.4.1 allows remote malicious users to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplink_process_msg function.
Pidgin Pidgin 2.4.1
1 EDB exploit
4.3
CVSSv2
CVE-2007-4999
libpurple in Pidgin 2.1.0 up to and including 2.2.1, when using HTML logging, allows remote malicious users to cause a denial of service (NULL dereference and application crash) via a message that contains invalid HTML data, a different vector than CVE-2007-4996.
Pidgin Pidgin 2.2.1
Pidgin Pidgin 2.1.0
Pidgin Pidgin 2.2.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »