Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 91 results


CVE-2022-33070

Medium priority

Some fixes available 8 of 73

Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.

9 affected packages

argyll, ccextractor, libgadu, libpg-query, libsignal-protocol-c...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
argyll Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ccextractor Needs evaluation Needs evaluation Needs evaluation
libgadu Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libpg-query Needs evaluation Needs evaluation
libsignal-protocol-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ocserv Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
pidgin Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
protobuf-c Fixed Fixed Fixed Needs evaluation Needs evaluation
sudo Not affected Fixed Not affected Not affected Not affected
Show all 9 packages Show less packages

CVE-2022-26491

Medium priority
Needs evaluation

An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses can redirect a client connection to a malicious server. The client will perform TLS certificate verification of the malicious domain...

1 affected packages

pidgin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pidgin Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2012-1257

Low priority
Ignored

Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local users to obtain sensitive information via a dbus session monitor.

1 affected packages

pidgin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pidgin
Show less packages

CVE-2016-1000030

Medium priority
Not affected

Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutls_x509_crt_init() and gnutls_x509_crt_import() that can result in code execution. This...

1 affected packages

pidgin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pidgin Not affected
Show less packages

CVE-2016-2379

Low priority
Vulnerable

The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain login access by eavesdropping on...

1 affected packages

pidgin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pidgin Not affected Not affected Not affected Not affected Vulnerable
Show less packages

CVE-2017-2640

Medium priority
Fixed

An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process.

1 affected packages

pidgin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pidgin Fixed
Show less packages

CVE-2016-4323

Medium priority
Fixed

A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or someone with access to the...

1 affected packages

pidgin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pidgin Fixed
Show less packages

CVE-2016-2380

Medium priority
Fixed

An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent to the server could potentially result in an out-of-bounds read. A user could be convinced to enter a particular string...

1 affected packages

pidgin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pidgin Fixed
Show less packages

CVE-2016-2378

Medium priority
Fixed

A buffer overflow vulnerability exists in the handling of the MXIT protocol Pidgin. Specially crafted data sent via the server could potentially result in a buffer overflow, potentially resulting in memory corruption. A malicious...

1 affected packages

pidgin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pidgin Fixed
Show less packages

CVE-2016-2377

Medium priority
Fixed

A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent by the server could potentially result in an out-of-bounds write of one byte. A malicious server can send...

1 affected packages

pidgin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pidgin Fixed
Show less packages