Bitlbee
Sign in to watchby Bitlbee
CVEs (4)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-5668 | Cri | 0.64 | 9.8 | 0.02 | Mar 14, 2017 | bitlbee-libpurple before 3.5.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-10189. | |
| CVE-2012-1187 | 0.00 | — | 0.00 | Oct 29, 2019 | Bitlbee does not drop extra group privileges correctly in unix.c | ||
| CVE-2008-3969 | 0.00 | — | 0.01 | Sep 11, 2008 | Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow remote attackers to "overwrite" and "hijack" existing accounts via unknown vectors related to "inconsistent handling of the USTATUS_IDENTIFIED state." NOTE: this issue exists because of an incomplete fix for CVE-2008-3920. | ||
| CVE-2008-3920 | 0.00 | — | 0.01 | Sep 4, 2008 | Unspecified vulnerability in BitlBee before 1.2.2 allows remote attackers to "recreate" and "hijack" existing accounts via unspecified vectors. |