Bitlbee
Products
2- 6 CVEs
- 2 CVEs
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-5668 | Cri | 0.64 | 9.8 | 0.03 | Mar 14, 2017 | bitlbee-libpurple before 3.5.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list. NOTE: this vulnerability exists because of an… | ||
| CVE-2016-10188 | Cri | 0.64 | 9.8 | 0.03 | Mar 14, 2017 | Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code by causing a file transfer connection to expire. | ||
| CVE-2016-10189 | Hig | 0.42 | 7.5 | 0.04 | Mar 14, 2017 | BitlBee before 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list. | ||
| CVE-2012-1187 | 0.00 | — | 0.02 | Oct 29, 2019 | Bitlbee does not drop extra group privileges correctly in unix.c | |||
| CVE-2008-3969 | 0.00 | — | 0.02 | Sep 11, 2008 | Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow remote attackers to "overwrite" and "hijack" existing accounts via unknown vectors related to "inconsistent handling of the USTATUS_IDENTIFIED state." NOTE: this issue exists because of an incomplete fix for… | |||
| CVE-2008-3920 | 0.00 | — | 0.02 | Sep 4, 2008 | Unspecified vulnerability in BitlBee before 1.2.2 allows remote attackers to "recreate" and "hijack" existing accounts via unspecified vectors. |
- risk 0.64cvss 9.8epss 0.03
bitlbee-libpurple before 3.5.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list. NOTE: this vulnerability exists because of an…
- risk 0.64cvss 9.8epss 0.03
Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code by causing a file transfer connection to expire.
- risk 0.42cvss 7.5epss 0.04
BitlBee before 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list.
- CVE-2012-1187Oct 29, 2019risk 0.00cvss —epss 0.02
Bitlbee does not drop extra group privileges correctly in unix.c
- CVE-2008-3969Sep 11, 2008risk 0.00cvss —epss 0.02
Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow remote attackers to "overwrite" and "hijack" existing accounts via unknown vectors related to "inconsistent handling of the USTATUS_IDENTIFIED state." NOTE: this issue exists because of an incomplete fix for…
- CVE-2008-3920Sep 4, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in BitlBee before 1.2.2 allows remote attackers to "recreate" and "hijack" existing accounts via unspecified vectors.