CVEInsight.

Free vulnerability intelligence for developers, security teams, and researchers. Data sourced from public databases for informational purposes only.

Explore

Legal

CVE data sourced from NVD / NIST & public disclosures.

Search Vulnerabilities

Software

Searching vulnerabilities affecting “pidgin”

4 vulnerabilities found for “pidgin”

CVE-2022-26491

MEDIUM5.9

An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses can redirect a client connection to a malicious server. The client will perform TLS certificate verification of the malicious domain name instead of the original XMPP service domain, allowing the attacker to take over control over the XMPP connection and to obtain user credentials and all communication content. This is similar to CVE-2022-24968.

pidgin / pidgin+1

Network

Published Jun 2, 2022

CVE-2012-1257

MEDIUM5.5

Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local users to obtain sensitive information via a dbus session monitor.

pidgin / pidgin

Local

Published Nov 20, 2019

CVE-2016-1000030

CRITICAL9.8

Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutls_x509_crt_init() and gnutls_x509_crt_import() that can result in code execution. This attack appear to be exploitable via custom X.509 certificate from another client. This vulnerability appears to have been fixed in 2.11.0.

suse / linux_enterprise_server+1

Network

Published Sep 5, 2018

CVE-2017-2640

HIGH7.5

An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process.

pidgin / pidgin+7

Network

Published Jul 27, 2018