Lucene search
K

18 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 6:3 a.m.4 views

SUSE CVE-2009-2694

The msnslplinkprocessmsg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin formerly Gaim before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash by sending multiple...

10CVSS8.1AI score0.20295EPSS
Exploits8References3
Zero Day Initiative
Zero Day Initiative
added 2020/11/25 12:0 a.m.306 views

VMware ESXi SLP Use-After-Free Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of VMware ESXi. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of SLP...

7.8CVSS4AI score0.83015EPSS
Exploits2References1
Zero Day Initiative
Zero Day Initiative
added 2020/11/23 12:0 a.m.133 views

VMware ESXi SLP Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of VMware ESXi. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SLP messages. The issue results from the lack of validating the...

8.8CVSS2.4AI score0.83015EPSS
Exploits2References1
Zero Day Initiative
Zero Day Initiative
added 2020/10/20 12:0 a.m.116 views

VMware ESXi SLP Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware ESXi. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SLP messages. The issue results from the lack of validating the existence ...

9.8CVSS2.4AI score0.83015EPSS
Exploits2References1
Tenable Nessus
Tenable Nessus
added 2011/01/27 12:0 a.m.38 views

SuSE 10 Security Update : pidgin, gaim and finch (ZYPP Patch Number 5573)

specially crafted MSN SLP messages could cause an integer overflow in pidgin. Attackers could potentially exploit that to execute arbitrary code. CVE-2008-2927 - overly long file names in MSN file transfers could crash pidgin. CVE-2008-2955 - SSL certifcates were not verfied. Therefore piding...

6.8CVSS8.6AI score0.07258EPSS
Exploits1References6
OpenVAS
OpenVAS
added 2010/11/16 12:0 a.m.25 views

Ubuntu: Security Advisory (USN-1014-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS7.7AI score0.05586EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2010/11/05 12:0 a.m.28 views

Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : pidgin vulnerabilities (USN-1014-1)

Pierre Nogues discovered that Pidgin incorrectly handled malformed SLP messages in the MSN protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 8.04 LTS, 9.10 and 10.04 LTS...

5CVSS5.5AI score0.05586EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2010/04/30 12:0 a.m.41 views

Mandriva Update for pidgin MDVSA-2010:085 (pidgin)

Check for the Version of pidgin OpenVAS Vulnerability Test Mandriva Update for pidgin MDVSA-2010:085 pidgin Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

5CVSS0.2AI score0.22467EPSS
Exploits9References2
Tenable Nessus
Tenable Nessus
added 2010/04/29 12:0 a.m.24 views

Mandriva Linux Security Advisory : pidgin (MDVSA-2010:085)

Security vulnerabilities has been identified and fixed in pidgin : The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service application crash via crafted contact-list data for 1 ICQ and possibly 2 AIM, as demonstrate...

7.5CVSS8.2AI score0.22467EPSS
Exploits9References6
Tenable Nessus
Tenable Nessus
added 2010/02/19 12:0 a.m.29 views

Mandriva Linux Security Advisory : pidgin (MDVSA-2010:041)

Multiple security vulnerabilities has been identified and fixed in pidgin : Certain malformed SLP messages can trigger a crash because the MSN protocol plugin fails to check that all pieces of the message are set correctly CVE-2010-0277. In a user in a multi-user chat room has a nickname containi...

5CVSS7.9AI score0.02875EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2009/10/23 12:0 a.m.26 views

GLSA-200910-02 : Pidgin: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200910-02 Pidgin: Multiple vulnerabilities Multiple vulnerabilities were found in Pidgin: Yuriy Kaminskiy reported that the OSCAR protocol implementation in Pidgin misinterprets the ICQWebMessage message type as the ICQSMS message...

10CVSS6.1AI score0.20295EPSS
Exploits10References6
Tenable Nessus
Tenable Nessus
added 2009/08/24 12:0 a.m.22 views

FreeBSD : pidgin -- MSN overflow parsing SLP messages (59e7af2d-8db7-11de-883b-001e3300a30d)

Secunia reports : A vulnerability has been reported in Pidgin, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an error in the 'msnslplinkprocessmsg' function when processing MSN SLP messages and can be exploited to corrupt...

10CVSS5.6AI score0.20295EPSS
Exploits8References3
NVD
NVD
added 2009/08/21 11:2 a.m.24 views

CVE-2009-2694

The msnslplinkprocessmsg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin formerly Gaim before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash by sending multiple...

10CVSS7.9AI score0.20295EPSS
Exploits8References19
Prion
Prion
added 2009/08/21 11:2 a.m.17 views

Memory corruption

The msnslplinkprocessmsg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin formerly Gaim before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash by sending multiple...

10CVSS8.1AI score0.20295EPSS
Exploits9References19Affected Software2
securityvulns
securityvulns
added 2009/06/09 12:0 a.m.37 views

libpurple / Pidgin buffer overflow

Buffer overflow on MSN SLP messages parsing...

9.3CVSS4.9AI score0.13294EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2009/05/26 3:30 p.m.8 views

CVE-2009-1376

Multiple integer overflows in the msnslplinkprocessmsg functions in the MSN protocol handler in 1 libpurple/protocols/msn/slplink.c and 2 libpurple/protocols/msnp9/slplink.c in Pidgin formerly Gaim before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed S...

7.7AI score
Exploits0References26
Zero Day Initiative
Zero Day Initiative
added 2008/08/28 12:0 a.m.29 views

Multiple Vendor libpurple MSN Protocol SLP Message Heap Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of messaging applications that make use of the libpurple library. User interaction is not required to exploit this vulnerability. The specific flaw exists in the implementation of the MSN...

6.8CVSS3.2AI score0.04332EPSS
Exploits0References1
Gentoo Linux
Gentoo Linux
added 2004/10/24 12:0 a.m.36 views

Gaim: Multiple vulnerabilities

Background Gaim is a full featured instant messaging client which handls a variety of instant messaging protocols. Description A possible buffer overflow exists in the code processing MSN SLP messages CAN-2004-0891. memcpy was used without validating the size of the buffer, and an incorrect buffe...

10CVSS7.6AI score0.06862EPSS
Exploits0
Rows per page
Query Builder