Lucene search
K

359 matches found

seebug.org
seebug.org
added 2017/10/19 12:0 a.m.29 views

Pidgin MXIT CP_SOCK_REC_TERM Denial of Service Vulnerability(CVE-2016-2369)

DESCRIPTION An NULL pointer dereference vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a denial of service vulnerability. A malicious server can send a packet starting with a NULL byte triggering the...

4.3CVSS7.2AI score0.02251EPSS
Exploits1
seebug.org
seebug.org
added 2017/10/19 12:0 a.m.29 views

Pidgin MXIT File Transfer Length Memory Disclosure Vulnerability(CVE-2016-2372)

DESCRIPTION An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out of bounds read. A malicious user, server, or man-in-the-middle can send an invalid size for a file transfer which will trigger ...

4.9CVSS6.9AI score0.01772EPSS
Exploits1
seebug.org
seebug.org
added 2017/10/19 12:0 a.m.42 views

Pidgin MXIT Contact Mood Denial of Service Vulnerability(CVE-2016-2373)

DESCRIPTION A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or user can send an invalid mood to trigger this vulnerability. CVSSv3 SCORE 5...

4.3CVSS6.9AI score0.023EPSS
Exploits1
seebug.org
seebug.org
added 2017/10/19 12:0 a.m.30 views

Pidgin MXIT Avatar Length Memory Disclosure Vulnerability(CVE-2016-2367)

DESCRIPTION An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out of bounds read. A malicious user, server, or man-in-the-middle can send an invalid size for an avatar which will trigger an...

3.5CVSS6.7AI score0.01947EPSS
Exploits1
seebug.org
seebug.org
added 2017/10/19 12:0 a.m.36 views

Pidgin MXIT Table Command Denial of Service Vulnerability(CVE-2016-2366)

DESCRIPTION A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or an attacker who intercepts the network traffic can send invalid data to...

4.3CVSS6.8AI score0.02483EPSS
Exploits1
seebug.org
seebug.org
added 2017/10/19 12:0 a.m.53 views

Pidgin MXIT Suggested Contacts Memory Disclosure Vulnerability(CVE-2016-2375)

DESCRIPTION An exploitable out-of-bounds ready exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT contact information sent from the server can result in memory disclosure. CVSSv3 SCORE 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N TESTED VERSIONS Pidgin 2.10.11 PRODU...

5CVSS6.6AI score0.02711EPSS
Exploits1
seebug.org
seebug.org
added 2017/10/19 12:0 a.m.44 views

Pidgin MXIT read stage 0x3 Code Execution Vulnerability(CVE-2016-2376)

DESCRIPTION A buffer overflows vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in arbitrary code execution. A malicious server or an attacker who intercepts the network traffic can send an invalid size...

6.8CVSS8.5AI score0.03732EPSS
Exploits1
seebug.org
seebug.org
added 2017/10/19 12:0 a.m.56 views

Pidgin MXIT Splash Image Arbitrary File Overwrite Vulnerability(CVE-2016-4323)

DESCRIPTION A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or someone with access to the network traffic can provide an invalid filename for a splas...

5.8CVSS6.5AI score0.02305EPSS
Exploits2
seebug.org
seebug.org
added 2017/10/19 12:0 a.m.41 views

Pidgin MXIT Extended Profiles Code Execution Vulnerability(CVE-2016-2371)

DESCRIPTION An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could cause memory corruption resulting in code execution. CVSSv3 SCORE 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H TESTED VERSIONS Pidgin...

6.8CVSS8.2AI score0.03174EPSS
Exploits1
seebug.org
seebug.org
added 2017/10/19 12:0 a.m.35 views

Pidgin MXIT MultiMX Message Code Execution Vulnerability(CVE-2016-2374)

DESCRIPTION An exploitable memory corruption vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT MultiMX message sent via the server can result in an out-of-bounds write leading to memory disclosure and code execution. CVSSv3 SCORE 8.1...

6.8CVSS8.3AI score0.03228EPSS
Exploits1
seebug.org
seebug.org
added 2017/10/19 12:0 a.m.52 views

Pidgin MXIT Custom Resource Denial of Service Vulnerability(CVE-2016-2370)

DESCRIPTION A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A malicious server or man-in-the-middle can send invalid data to trigger this vulnerability...

4.3CVSS6.7AI score0.02123EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2017/09/08 12:0 a.m.31 views

EulerOS 2.0 SP2 : pidgin (EulerOS-SA-2017-1166)

According to the versions of the pidgin package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A denial of service flaw was found in the way Pidgin's Mxit plug-in handled emoticons. A malicious remote server or a man-in-the-middle attacker...

9.8CVSS7.4AI score0.06258EPSS
Exploits0References5
Oracle linux
Oracle linux
added 2017/08/07 12:0 a.m.44 views

pidgin security, bug fix, and enhancement update

2.10.11-5 - Drop MXit support in RHEL Resolves: 1439296 2.10.11-4 - Silence -Wsign-compare - Rename the previous patch for consistency Resolves: 1445921, 1446368 2.10.11-3 - Avoid a use-after-free in an error path Resolves: 1445921 2.10.11-2 - Add patch for CVE-2017-2640 Resolves: 1431022 2.10.11...

9.8CVSS1.2AI score0.06258EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2017/08/01 2:23 p.m.39 views

pidgin: crash in Mxit protocol plug-in

A denial of service flaw was found in the way Pidgin's Mxit plug-in handled emoticons. A malicious remote server or a man-in-the-middle attacker could potentially use this flaw to crash Pidgin by sending a specially crafted emoticon...

5CVSS6.1AI score0.02871EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2017/07/14 12:0 a.m.14 views

Vulnerabilities in the Pidgin instant messaging program, which allow a hacker to trigger memory disclosure, as well as the ability to inject arbitrary code

The multiple vulnerabilities related to memory corruption in the Pidgin instant messaging application are linked to the processing of the MXIT protocol. Exploiting these vulnerabilities can allow a remote attacker to trigger memory disclosure and the injection of arbitrary code by sending special...

7.5CVSS7.1AI score0.04554EPSS
Exploits1References8Affected Software3
Tenable Nessus
Tenable Nessus
added 2017/07/10 12:0 a.m.28 views

EulerOS 2.0 SP2 : pidgin (EulerOS-SA-2017-1131)

According to the version of the pidgin package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service application crash via ...

5CVSS7.2AI score0.02871EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/04/12 12:0 a.m.25 views

openSUSE Security Update : pidgin (openSUSE-2017-457)

This update for pidgin to version 2.12.0 fixes the following issues : This security issue was fixed : - CVE-2017-2640: Out of bounds memory read in purplemarkupunescapeentity boo1028835. These non-security issues were fixed : + libpurple : - Fix the use of uninitialised memory if running...

9.8CVSS7AI score0.06258EPSS
Exploits0References4
OPENSUSE Linux
OPENSUSE Linux
added 2017/04/11 3:8 p.m.38 views

Security update for pidgin (important)

This update for pidgin to version 2.12.0 fixes the following issues: This security issue was fixed: - CVE-2017-2640: Out of bounds memory read in purplemarkupunescapeentity boo1028835. These non-security issues were fixed: + libpurple: - Fix the use of uninitialised memory if running...

7.7AI score0.06258EPSS
Exploits0References2
Prion
Prion
added 2017/03/29 8:59 p.m.12 views

Design/Logic Flaw

The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to 1 decrypt hashed passwords by leveraging knowledge of client registration codes or 2 gain login access by eavesdropping on login messages and re-using the hashed passwords...

3.3CVSS7.2AI score0.004EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2017/03/29 8:59 p.m.19 views

CVE-2016-2379

The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to 1 decrypt hashed passwords by leveraging knowledge of client registration codes or 2 gain login access by eavesdropping on login messages and re-using the hashed passwords...

8.8CVSS6.8AI score0.004EPSS
Exploits0References4
Rows per page
Query Builder