Vulnerabilities > Bitlbee
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-29 | CVE-2012-1187 | Improper Check for Dropped Privileges vulnerability in Bitlbee 3.0.4 Bitlbee does not drop extra group privileges correctly in unix.c | 7.5 |
| 2017-03-14 | CVE-2017-5668 | NULL Pointer Dereference vulnerability in Bitlbee and Bitlbee-Libpurple bitlbee-libpurple before 3.5.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list. | 7.5 |
| 2017-03-14 | CVE-2016-10189 | NULL Pointer Dereference vulnerability in Bitlbee and Bitlbee-Libpurple BitlBee before 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list. | 5.0 |
| 2017-03-14 | CVE-2016-10188 | Use After Free vulnerability in Bitlbee Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code by causing a file transfer connection to expire. | 7.5 |
| 2008-09-11 | CVE-2008-3969 | Permissions, Privileges, and Access Controls vulnerability in Bitlbee Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow remote attackers to "overwrite" and "hijack" existing accounts via unknown vectors related to "inconsistent handling of the USTATUS_IDENTIFIED state." NOTE: this issue exists because of an incomplete fix for CVE-2008-3920. | 5.0 |
| 2008-09-04 | CVE-2008-3920 | Permissions, Privileges, and Access Controls vulnerability in Bitlbee Unspecified vulnerability in BitlBee before 1.2.2 allows remote attackers to "recreate" and "hijack" existing accounts via unspecified vectors. | 7.5 |