Vulnerabilities > Pidgin > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-20 | CVE-2012-1257 | Cleartext Transmission of Sensitive Information vulnerability in Pidgin 2.10.0 Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local users to obtain sensitive information via a dbus session monitor. | 2.1 |
| 2017-03-29 | CVE-2016-2379 | Inadequate Encryption Strength vulnerability in Pidgin Mxit The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain login access by eavesdropping on login messages and re-using the hashed passwords. | 3.3 |
| 2017-01-06 | CVE-2016-2367 | Information Exposure vulnerability in multiple products An information leak exists in the handling of the MXIT protocol in Pidgin. | 3.5 |
| 2013-02-16 | CVE-2013-0274 | Unspecified vulnerability in Pidgin upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging access to the local network. | 2.9 |
| 2012-08-08 | CVE-2011-4922 | Information Exposure vulnerability in Pidgin cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or other representation of memory contents. | 2.1 |
| 2012-07-03 | CVE-2012-2214 | Resource Management Errors vulnerability in Pidgin proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection attempts, which allows user-assisted remote authenticated users to cause a denial of service (application crash) via a sequence of XMPP file-transfer requests. | 3.5 |