Lucene search
K

509 matches found

OSV
OSV
added 2017/03/14 2:59 p.m.9 views

UBUNTU-CVE-2017-5668

bitlbee-libpurple before 3.5.1 allows remote attackers to cause a denial of service NULL pointer dereference and crash and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list. NOTE: this vulnerability exists because of an incomplete fix for...

9.8CVSS7.6AI score0.02983EPSS
Exploits0References4
Cvelist
Cvelist
added 2017/03/14 2:0 p.m.26 views

CVE-2017-5668

bitlbee-libpurple before 3.5.1 allows remote attackers to cause a denial of service NULL pointer dereference and crash and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list. NOTE: this vulnerability exists because of an incomplete fix for...

8.9AI score0.02983EPSS
Exploits0References5
CVE
CVE
added 2017/03/14 2:0 p.m.61 views

CVE-2017-5668

CVE-2017-5668 affects bitlbee-libpurple before 3.5.1. A remote attacker can trigger a denial of service (NULL pointer dereference/crash) and possibly execute arbitrary code via a file transfer request for a contact not in the list, due to an incomplete fix for CVE-2016-10189. Public advisories/de...

9.8CVSS8.9AI score0.02983EPSS
Exploits0References5Affected Software2
Debian CVE
Debian CVE
added 2017/03/14 2:0 p.m.43 views

CVE-2017-5668

bitlbee-libpurple before 3.5.1 allows remote attackers to cause a denial of service NULL pointer dereference and crash and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list. NOTE: this vulnerability exists because of an incomplete fix for...

9.8CVSS9AI score0.02983EPSS
Exploits0
Cvelist
Cvelist
added 2017/03/14 2:0 p.m.21 views

CVE-2016-10188

Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows remote servers to cause a denial of service crash or possibly execute arbitrary code by causing a file transfer connection to expire...

9.8AI score0.02943EPSS
Exploits0References5
CVE
CVE
added 2017/03/14 2:0 p.m.70 views

CVE-2016-10188

The CVE CVE-2016-10188 affects bitlbee-libpurple prior to 3.5. A use-after-free vulnerability allows a remote attacker to cause a denial of service (crash) or potentially execute arbitrary code by causing a file transfer connection to expire. Public advisories and vulnerability records confirm th...

9.8CVSS9.7AI score0.02943EPSS
Exploits0References5Affected Software1
Debian CVE
Debian CVE
added 2017/03/14 2:0 p.m.37 views

CVE-2016-10188

Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows remote servers to cause a denial of service crash or possibly execute arbitrary code by causing a file transfer connection to expire...

9.8CVSS9.1AI score0.02943EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/02/24 12:0 a.m.23 views

Debian DLA-832-1 : bitlbee security update

CVE-2017-5668 Fix for incomplete fix for 'NULL pointer dereference with file transfer request from unknown contacts'. Though this package wasn't in Wheezy with this issue, I mention it here. The fix was done with the second patch for CVE-2016-10189 CVE-2016-10189 NULL pointer dereference with fil...

9.8CVSS8AI score0.04041EPSS
Exploits0References5
Debian
Debian
added 2017/02/20 9:11 p.m.62 views

[SECURITY] [DLA 832-1] bitlbee security update

Package : bitlbee Version : 3.0.5-1.2+deb7u1 CVE ID : CVE-2016-10188 CVE-2016-10189 CVE-2017-5668 CVE-2017-5668 Fix for incomplete fix for "Null pointer dereference with file transfer request from unknown contacts". Though this package wasnt in Wheezy with this issue, I mention it here. The fix w...

9.8CVSS8.8AI score0.04041EPSS
Exploits0
CNVD
CNVD
added 2017/02/10 12:0 a.m.5 views

bitlbee-libpurple Denial of Service Vulnerability

bitlbee is an irc server. libpurple is one of the libraries used to develop IM instant messaging programs. A denial of service vulnerability exists in bitlbee-libpurple. An attacker can exploit this vulnerability to cause a denial of service...

9.8CVSS6.8AI score0.02943EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2016/07/05 12:0 a.m.32 views

The vulnerability of the Pidgin instant messaging system allows a remote attacker to trigger a service denial.

The Pidgin software contains a vulnerability in the sub-component libpurple. Exploiting this vulnerability allows a remote attacker to trigger a denial-of-service attack by manipulating HTTP headers...

5CVSS5.5AI score0.02227EPSS
Exploits0References4Affected Software1
ArchLinux
ArchLinux
added 2016/06/25 12:0 a.m.55 views

libpurple: multiple issues

CVE-2016-2365 denial of service Specially crafted MXIT data sent via the server could potentially result in a null pointer dereference. - CVE-2016-2366 denial of service Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. - CVE-2016-2367 information...

6.4CVSS2.1AI score0.04554EPSS
Exploits17References17
RedhatCVE
RedhatCVE
added 2015/10/30 10:16 a.m.19 views

CVE-2007-4999

libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows remote attackers to cause a denial of service NULL dereference and application crash via a message that contains invalid HTML data, a different vector than CVE-2007-4996...

4.3CVSS7.1AI score0.01809EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2015/10/30 10:10 a.m.28 views

CVE-2009-3084

The msnslpprocessmsg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service application crash via a handwritten aka Ink message, related to an uninitialized variabl...

5CVSS6.9AI score0.02517EPSS
Exploits0References2
Talos
Talos
added 2015/05/11 12:0 a.m.16 views

Pidgin libpurple MSN Message Parsing NULL Dereference Denial of Service Vulnerability

Talos Vulnerability Report VRT-2014-0201 Pidgin libpurple MSN Message Parsing NULL Dereference Denial of Service Vulnerability May 11, 2015 Description A exploitable denial of service vulnerability exists in Pidgin’s implem ntation of the MSN Messenger protocol in the libpurple library. An attack...

7.1AI score
Exploits0
Talos
Talos
added 2015/05/11 12:0 a.m.23 views

Pidgin libpurple STUN Response Length NULL Write Vulnerability

Talos Vulnerability Report VRT-2014-0202 Pidgin libpurple STUN Response Length NULL Write Vulnerability May 11, 2015 Description A exploitable NULL write vulnerability exists in Pidgin’s implementation of the STUN protocol in the libpurple library. An attacker who can control the response to a ST...

7.1AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2015/04/28 12:0 a.m.4 views

Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the libpurple-dev package of the Debian GNU/Linux operating system may lead to breaches of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

10CVSS5.4AI score0.20295EPSS
Exploits8References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2015/04/28 12:0 a.m.9 views

The vulnerability of the Red Hat Enterprise Linux operating system, which allows a remote attacker to compromise the accessibility of protected information

The vulnerability of the libpurple-2.6.3 package in the Red Hat Enterprise Linux operating system can lead to a violation of the accessibility of protected information. This vulnerability can be exploited remotely...

5CVSS5.4AI score0.02661EPSS
Exploits3References2
BDU FSTEC
BDU FSTEC
added 2015/04/28 12:0 a.m.6 views

The vulnerability of the Red Hat Enterprise Linux operating system, which allows a remote attacker to compromise the accessibility of protected information

The vulnerability of the libpurple-devel-2.6.3 package in the Red Hat Enterprise Linux operating system can lead to a violation of the accessibility of protected information. This vulnerability can be exploited remotely...

5CVSS5.4AI score0.02661EPSS
Exploits3References2
BDU FSTEC
BDU FSTEC
added 2015/04/28 12:0 a.m.8 views

The vulnerability of the Red Hat Enterprise Linux operating system, which allows a remote attacker to compromise the accessibility of protected information

The vulnerability of the libpurple-tcl-2.6.3 package on the Red Hat Enterprise Linux operating system can lead to a violation of the accessibility of protected information. This vulnerability can be exploited remotely...

5CVSS5.4AI score0.02661EPSS
Exploits3References2
Rows per page
Query Builder