Add all remaining cve advisories from 2016 except for cve-2016-2379
since it doesn't have summary, description, contributor, etc
Testing Done:
Built locally with `dev-server.sh` and verified contents of advisories added
Bugs closed: NEST-43
Reviewed at https://reviews.imfreedom.org/r/507/
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2016-1000030-00.md Sun Feb 14 20:03:31 2021 -0600
@@ -0,0 +1,21 @@
+title: cve-2016-1000030-00 +date: 2016-06-21T00:00:00.000Z +cveNumber: cve-2016-1000030 +summary: X.509 Certificates Improperly Imported +discoveredBy: Yuan Kang and Suman Jana from Columbia University and Baishakhi Ray from the University of Virginia +X.509 certificates may be improperly imported when using GnuTLS. +Check return values from `gnutls_x509_crt_init()` and +`gnutls_x509_crt_import()`. --- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2016-2365-00.md Sun Feb 14 20:03:31 2021 -0600
@@ -0,0 +1,21 @@
+date: 2016-06-21T00:00:00.000Z +cveNumber: cve-2016-2365 +talosReportID: talos-2016-0133 +summary: Pidgin MXIT Markup Command Denial of Service Vulnerability +discoveredBy: Yves Younan of Cisco Talos +A malicious server or man-in-the-middle could trigger a crash. +Escape the provided filename before using it. --- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2016-2366-00.md Sun Feb 14 20:03:31 2021 -0600
@@ -0,0 +1,21 @@
+date: 2016-06-21T00:00:00.000Z +cveNumber: cve-2016-2366 +talosReportID: talos-2016-0134 +summary: Pidgin MXIT Table Command Denial of Service Vulnerability +discoveredBy: Yves Younan of Cisco Talos +A malicious server or man-in-the-middle could trigger a crash. +Validate the data length. Use the correct data types. --- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2016-2367-00.md Sun Feb 14 20:03:31 2021 -0600
@@ -0,0 +1,22 @@
+date: 2016-06-21T00:00:00.000Z +cveNumber: cve-2016-2367 +talosReportID: talos-2016-0135 +summary: Pidgin MXIT Avatar Length Memory Disclosure Vulnerability +discoveredBy: Yves Younan of Cisco Talos +A malicious user, server, or man-in-the-middle could trigger a crash or +unexpected writing of data from memory to file. +Various changes to the chunk decoding. --- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2016-2368-00.md Sun Feb 14 20:03:31 2021 -0600
@@ -0,0 +1,22 @@
+date: 2016-06-21T00:00:00.000Z +cveNumber: cve-2016-2368 +talosReportID: talos-2016-0136 +summary: Pidgin MXIT g_snprintf Multiple Buffer Overflow Vulnerabilities +discoveredBy: Yves Younan of Cisco Talos +Data is copied without verifying that it was copied successfully. +Separate the handling of HTTP headers and body. Check the return value from --- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2016-2369-00.md Sun Feb 14 20:03:31 2021 -0600
@@ -0,0 +1,19 @@
+date: 2016-06-21T00:00:00.000Z +cveNumber: cve-2016-2369 +talosReportID: talos-2016-0137 +summary: Pidgin MXIT CP_SOCK_REC_TERM Denial of Service Vulnerability +discoveredBy: Yves Younan of Cisco Talos +A malicious server or man-in-the-middle could trigger a crash. --- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2016-2370-00.md Sun Feb 14 20:03:31 2021 -0600
@@ -0,0 +1,21 @@
+date: 2016-06-21T00:00:00.000Z +cveNumber: cve-2016-2370 +talosReportID: talos-2016-0138 +summary: Pidgin MXIT Custom Resource Denial of Service Vulnerability +discoveredBy: Yves Younan of Cisco Talos +A malicious server or man-in-the-middle could trigger a crash. +Various changes to the chunk decoding. --- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2016-2371-00.md Sun Feb 14 20:03:31 2021 -0600
@@ -0,0 +1,22 @@
+date: 2016-06-21T00:00:00.000Z +cveNumber: cve-2016-2371 +talosReportID: talos-2016-0139 +summary: Pidgin MXIT Extended Profiles Code Execution Vulnerability +discoveredBy: Yves Younan of Cisco Talos +A malicious server or man-in-the-middle could trigger a crash or potentially +arbitrary code execution. +Check the field count before accessing fields. --- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2016-2372-00.md Sun Feb 14 20:03:31 2021 -0600
@@ -0,0 +1,22 @@
+date: 2016-06-21T00:00:00.000Z +cveNumber: cve-2016-2372 +talosReportID: talos-2016-0140 +summary: Pidgin MXIT File Transfer Length Memory Disclosure Vulnerability +discoveredBy: Yves Younan of Cisco Talos +A malicious user, server, or man-in-the-middle could trigger a crash or +unexpected writing of data from memory to file. +Various changes to the chunk decoding. --- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2016-2373-00.md Sun Feb 14 20:03:31 2021 -0600
@@ -0,0 +1,21 @@
+date: 2016-06-21T00:00:00.000Z +cveNumber: cve-2016-2373 +talosReportID: talos-2016-0141 +summary: Pidgin MXIT Contact Mood Denial of Service Vulnerability +discoveredBy: Yves Younan of Cisco Talos +A malicious user, server, or man-in-the-middle could trigger a crash. +Validate the received value. --- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2016-2374-00.md Sun Feb 14 20:03:31 2021 -0600
@@ -0,0 +1,22 @@
+date: 2016-06-21T00:00:00.000Z +cveNumber: cve-2016-2374 +talosReportID: talos-2016-0142 +summary: Pidgin MXIT MultiMX Message Code Execution Vulnerability +discoveredBy: Yves Younan of Cisco Talos +A malicious server or man-in-the-middle could trigger a crash or potentially +arbitrary code execution. +Validate the incoming message format. --- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2016-2376-00.md Sun Feb 14 20:03:31 2021 -0600
@@ -0,0 +1,22 @@
+date: 2016-06-21T00:00:00.000Z +cveNumber: cve-2016-2376 +talosReportID: talos-2016-0118 +summary: Pidgin MXIT read stage 0x3 Code Execution Vulnerability +discoveredBy: Yves Younan of Cisco Talos +A malicious server or man-in-the-middle could trigger a crash or potentially +arbitrary code execution. +Verify the size from the packet. --- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2016-2377-00.md Sun Feb 14 20:03:31 2021 -0600
@@ -0,0 +1,21 @@
+date: 2016-06-21T00:00:00.000Z +cveNumber: cve-2016-2377 +talosReportID: talos-2016-0119 +summary: Pidgin MXIT HTTP Content-Length Buffer Overflow Vulnerability +discoveredBy: Yves Younan of Cisco Talos +A malicious server or man-in-the-middle could trigger a crash. +Use an unsigned integer. --- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2016-2378-00.md Sun Feb 14 20:03:31 2021 -0600
@@ -0,0 +1,21 @@
+date: 2016-06-21T00:00:00.000Z +cveNumber: cve-2016-2378 +talosReportID: talos-2016-0120 +summary: Pidgin MXIT get_utf8_string Code Execution Vulnerability +discoveredBy: Yves Younan of Cisco Talos +A malicious server or man-in-the-middle could trigger a crash. --- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2016-2380-00.md Sun Feb 14 20:03:31 2021 -0600
@@ -0,0 +1,22 @@
+date: 2016-06-21T00:00:00.000Z +cveNumber: cve-2016-2380 +talosReportID: talos-2016-0123 +summary: Pidgin MXIT mxit_convert_markup_tx Information Leak Vulnerability +discoveredBy: Yves Younan of Cisco Talos +A specially crafted local message (by the user or a plugin) could lead to the +disclosure of 7 bytes to the server. +Check the length of the font tag. --- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2016-4323-00.md Sun Feb 14 20:03:31 2021 -0600
@@ -0,0 +1,20 @@
+date: 2016-06-21T00:00:00.000Z +cveNumber: cve-2016-4323 +talosReportID: talos-2016-0128 +summary: Pidgin MXIT Splash Image Arbitrary File Overwrite Vulnerability +discoveredBy: Yves Younan of Cisco Talos +A malicious server or man-in-the-middle could trigger libpurple to overwrite a +local file with the name and contents specified by the attacker.
