Vulnerabilities > Pidgin > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-08-08 | CVE-2008-3532 | Cryptographic Issues vulnerability in Pidgin 2.4.3 The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service. | 6.8 |
| 2008-07-01 | CVE-2008-2957 | Improper Input Validation vulnerability in Pidgin 2.0.0 The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL. | 6.4 |
| 2008-07-01 | CVE-2008-2955 | Improper Input Validation vulnerability in Pidgin 2.4.1 Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplink_process_msg function. | 4.3 |
| 2007-10-29 | CVE-2007-4999 | Improper Input Validation vulnerability in Pidgin 2.1.0/2.2.0/2.2.1 libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows remote attackers to cause a denial of service (NULL dereference and application crash) via a message that contains invalid HTML data, a different vector than CVE-2007-4996. | 4.3 |
| 2007-10-01 | CVE-2007-4996 | Remote Denial Of Service vulnerability in Pidgin 2.2.0 libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver's buddy list, which allows remote attackers to cause a denial of service (crash) via a nudge message that triggers an access of "an invalid memory location." network pidgin | 4.3 |